Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024 Ran by Administrator (26-10-2024 18:27:35) Running from C:\Users\Administrator\Desktop Microsoft Windows 11 Home Version 23H2 22631.4317 (X64) (2023-02-24 05:55:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3252700674-1244316876-1502611229-500 - Administrator - Enabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3252700674-1244316876-1502611229-503 - Limited - Disabled) Guest (S-1-5-21-3252700674-1244316876-1502611229-501 - Limited - Disabled) tehke (S-1-5-21-3252700674-1244316876-1502611229-1001 - Administrator - Enabled) => C:\Users\tehke terry (S-1-5-21-3252700674-1244316876-1502611229-1004 - Administrator - Enabled) => C:\Users\terry Terryc (S-1-5-21-3252700674-1244316876-1502611229-1006 - Administrator - Enabled) => C:\Users\Terryc terry_w2lrri1 (S-1-5-21-3252700674-1244316876-1502611229-1005 - Administrator - Enabled) WDAGUtilityAccount (S-1-5-21-3252700674-1244316876-1502611229-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov) Adobe Photoshop (Beta) (HKLM\...\{KCF078A9-BA3F-458D-A4A0-3DBB7B169E6S}) (Version: 25.2.0 m.2357 - Adobe) Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_3) (Version: 14.0.3 - Adobe Inc.) AnyTrans (HKLM-x32\...\AnyTrans) (Version: 8.8.4.0 - iMobie Inc.) Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BeamNG.drive v0.23 (HKLM-x32\...\BeamNG.drive_is1) (Version: 0.23 - BeamNG) BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.13.0.1076 - now.gg, Inc.) BlueStacks Services (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.) BlueStacks X (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\BlueStacks X) (Version: 10.3.20.1003 - now.gg, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.) Cheat Engine 7.4 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine) Core Temp 1.18.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU) CPUID HWMonitor 1.45 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.45 - CPUID, Inc.) CrystalDiskInfo 9.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.2 - Crystal Dew World) Discord (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.) DM1 Pro S Mouse Driver (HKLM-x32\...\{F71F2BA4-3CC5-4B76-8019-3421855296E2}) (Version: 1.0 - Dream Machines) ELDEN RING (HKLM-x32\...\ELDEN RING_is1) (Version: - ) Epic Games Launcher (HKLM-x32\...\{FAC47927-1A6A-4C6E-AD7D-E9756794A4BC}) (Version: 1.3.23.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - ) Final Fantasy VII Remake Intergrade (HKLM-x32\...\Final Fantasy VII Remake Intergrade_is1) (Version: - ) GetDataBack Pro version 5.57 (HKLM\...\GetDataBack Pro Install_is1) (Version: 5.57 - Runtime Software, LLC) Ghostwire Tokyo (HKLM-x32\...\Ghostwire Tokyo_is1) (Version: 0.0.0 - DODI-Repacks) Glorious Model O Software (HKLM-x32\...\{0969D386-B5B4-41BD-98E3-4A1A7D32CB97}_is1) (Version: 1.0.9 - Glorious PC Gaming Race LLC.) GoldWave v6.80 (HKLM\...\GoldWave v6.80) (Version: 6.80 - GoldWave Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 130.0.6723.70 - Google LLC) GSmartControl (HKLM\...\GSmartControl) (Version: 1.1.4 - Alexander Shaduri) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HidHide (HKLM\...\{48DD38C8-443E-4474-A249-AB32389E08F6}) (Version: 1.2.128 - Nefarius Software Solutions e.U.) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) KelVPN 7.6-1 (HKLM\...\KelVPN) (Version: 7.6-1 - KelVPN) K-Lite Mega Codec Pack 17.9.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.9.4 - KLCP) LatencyMon 7.31 (HKLM\...\LatencyMon_is1) (Version: 7.31 - Resplendence Software Projects Sp.) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Legion Arena (HKLM-x32\...\Legion Arena_is1) (Version: 1.3.1.1 - Lenovo Group Ltd.) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.2.24.0 - Lenovo Group Ltd.) Malwarebytes version 5.1.11.139 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.11.139 - Malwarebytes) MetaTrader 4 Axi Terminal (HKLM-x32\...\MetaTrader 4 Axi Terminal) (Version: 4.00 - MetaQuotes Ltd.) Microsoft .NET Host - 5.0.16 (x64) (HKLM\...\{DAA471F4-54A9-4820-A1C5-266B5153C144}) (Version: 40.64.31117 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.7 (x64) (HKLM\...\{8F51A211-71F1-4858-8198-8A5A66818D16}) (Version: 48.31.44002 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.16 (x64) (HKLM\...\{29CBA832-8D09-42D0-82F4-3583EE247A5E}) (Version: 40.64.31117 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.7 (x64) (HKLM\...\{E18A98D1-DF73-4E11-AC20-FD0190628270}) (Version: 48.31.44002 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.16 (x64) (HKLM\...\{16E242C4-24A9-4381-8023-0F246750CA47}) (Version: 40.64.31117 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.16 (x64) (HKLM-x32\...\{68696b91-f423-4e8e-a58f-631366d0f77a}) (Version: 5.0.16.31117 - Microsoft Corporation) Microsoft .NET Runtime - 6.0.7 (x64) (HKLM\...\{882F32A5-8330-4366-844A-2F3B73C3F021}) (Version: 48.31.44002 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 130.0.2849.56 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 129.0.2792.89 - Microsoft Corporation) Microsoft Flight Simulator (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Microsoft Flight Simulator) (Version: - HOODLUM) Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14026.20302 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.192.0923.0006 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM\...\{90B8150E-08C5-4225-9F94-9BBB39D82601}) (Version: 40.64.31121 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM-x32\...\{c34fb08d-bd27-4d0b-a7bc-f7d5359f9518}) (Version: 5.0.16.31121 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.7 (x64) (HKLM\...\{30702F00-F514-4094-BA4A-A05B42FD1CAC}) (Version: 48.31.44003 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.7 (x64) (HKLM-x32\...\{a7dab025-ec7a-4e8a-add3-6d872f1d8aca}) (Version: 6.0.7.31422 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox (x64 en-CA) (HKLM\...\Mozilla Firefox 131.0.3 (x64 en-CA)) (Version: 131.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 130.0.1 - Mozilla) NBA 2K19 (HKLM-x32\...\NBA 2K19_is1) (Version: - ) NBA 2K22 (HKLM-x32\...\NBA 2K22_is1) (Version: - ) Neural Filters (HKLM\...\{70F9BD38-D373-4CC8-BF4A-414DE0D0C42F}) (Version: 1.15.0.100 - Adobe) NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.4.821 - Nord Security) NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.29.4.0 - Nord Security) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation) NVIDIA Graphics Driver 552.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 552.22 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.2.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden Opera GX Stable 113.0.5230.135 (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Opera GX 113.0.5230.135) (Version: 113.0.5230.135 - Opera Software) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Peace (HKLM\...\Peace) (Version: 1.6.7.10 - P.E. Verbeek) Python 3.12.6 (64-bit) (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\{316e3b12-1191-47df-b9d4-dcf0bf2f6cc4}) (Version: 3.12.6150.0 - Python Software Foundation) Python 3.12.6 Add to Path (64-bit) (HKLM\...\{3C524136-E47A-45C7-BB2C-242EAC3F4C32}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python 3.12.6 Core Interpreter (64-bit) (HKLM\...\{901B913C-FA63-48D2-9842-7D7676739378}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python 3.12.6 Development Libraries (64-bit) (HKLM\...\{2F4E9933-7587-4D85-9BA1-F2903AFB36D8}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python 3.12.6 Documentation (64-bit) (HKLM\...\{46673E63-1CA8-43EA-B73B-AC20DDD77C5A}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python 3.12.6 Executables (64-bit) (HKLM\...\{537B2AF5-504B-4303-99CB-FDE56F47AA51}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python 3.12.6 pip Bootstrap (64-bit) (HKLM\...\{1D520CE1-F09A-4A26-B110-52081FEA0AB9}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python 3.12.6 Standard Library (64-bit) (HKLM\...\{1DAEF824-881A-49C6-B91E-1D28877FF18D}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python 3.12.6 Tcl/Tk Support (64-bit) (HKLM\...\{08A1963D-07D1-4620-929C-385F6A307772}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python 3.12.6 Test Suite (64-bit) (HKLM\...\{3334B843-864F-4F04-A635-5D2FD5840AD5}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{FE223D83-99B9-41D5-99FC-FA3995D8F82D}) (Version: 3.12.6150.0 - Python Software Foundation) Raise Data Recovery (HKLM\...\rdr) (Version: 9.14 - LLC SysDev Laboratories) Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.) SeaTools (HKLM-x32\...\SeaTools 5.1.182) (Version: 5.1.182 - Seagate) Session 1.11.5 (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\f1339da8-b3f2-5116-b780-aafa611bc7f7) (Version: 1.11.5 - Oxen Labs) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 16.0.1 - ShareX Team) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) StepMania 5 (HKLM-x32\...\StepMania 5) (Version: 5.0.12 - StepMania) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation) Telegram Desktop (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.6.2 - Telegram FZ-LLC) Tobii Experience Software For Windows (LenovoY760) (HKLM\...\{7F9E80DA-CBD7-49F5-A756-294D0FA745F4}) (Version: 4.110.0.13215 - Tobii AB) VALORANT (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc) ViGEm Bus Driver (HKLM\...\{9C581C76-2D68-40F8-AA6F-94D3C5215C05}) (Version: 1.21.442 - Nefarius Software Solutions e.U.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN) VPN Unlimited 9.2.0 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 9.2.0 - KeepSolid Inc.) Wale (HKLM\...\{2C88370E-794C-482F-B9D5-CB770E48ACF6}) (Version: 0.7.5.0 - Jongtae Park (catright)) WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司) Windows Driver Package - Razer Inc. (WinUSB) USB (05/04/2016 6.2.9200.16385) (HKLM\...\874D6B1A2BD2AE8FF3594AB704F2A4A3F8342FB5) (Version: 05/04/2016 6.2.9200.16385 - Razer Inc.) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) X-Rite Color Assistant 2.12.0.0 (HKLM-x32\...\{6DCFB107-4604-4AA8-BEA6-CC80BCF0B3E4}_is1) (Version: 2.12.0.0 - X-Rite, Inc) Zoom Workplace (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\ZoomUMX) (Version: 6.1.12 (46889) - Zoom Video Communications, Inc.) Packages: ========= Copilot -> C:\Program Files\WindowsApps\Microsoft.Copilot_0.4.2.0_neutral__8wekyb3d8bbwe [2024-10-20] (Microsoft Corporation) Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24257.205.3165.2029_x64__8wekyb3d8bbwe [2024-10-26] (Microsoft) [Startup Task] MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24092.24.0_x64__cw5n1h2txyewy [2024-10-22] (Microsoft Windows) [Startup Task] Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm [2024-10-20] (A-Volute) Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-10-25] (Microsoft Corporation) [Startup Task] Widgets Platform Runtime -> C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe [2024-10-20] (Microsoft Corporation) Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.AccountsService_cw5n1h2txyewy [2024-10-10] (Microsoft Windows) Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-10-10] (Microsoft Windows) Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.IrisService_cw5n1h2txyewy [2024-10-10] (Microsoft Windows) Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.TwinSxS_cw5n1h2txyewy [2024-10-10] (Microsoft Windows) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\tehke\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{2db59e37-0d0f-9458-c133-85e699bb3bdd}\localserver32 -> "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.) CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\tehke\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{995f8d89-8ab5-dd20-098d-b9419e93fd76}\localserver32 -> "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{BEA218D2-6950-497B-9434-61683EC065FE}\InprocServer32 -> C:\Users\tehke\AppData\Local\Programs\Python\Launcher\pyshellext.amd64.dll (Python Software Foundation -> Python Software Foundation) CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-500_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Administrator\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Downloads\MB\mbshlext.dll [2023-03-01] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.192.0923.0006\FileSyncShell64.dll [2024-10-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvltsi.inf_amd64_4b4a49a5122b87e1\nvshext.dll [2024-04-12] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Downloads\MB\mbshlext.dll [2023-03-01] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [55296 2005-01-21] () [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/) [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2024-10-01 22:00 - 2014-04-16 09:19 - 000049152 _____ () [File not signed] C:\Program Files (x86)\DM1 Pro S\hiddriver.dll 2024-10-01 22:00 - 2017-07-04 11:44 - 000057344 _____ () [File not signed] C:\Program Files (x86)\DM1 Pro S\lan.dll 2019-11-06 18:44 - 2019-11-06 18:44 - 008955904 _____ () [File not signed] C:\Program Files\Adobe\Adobe Photoshop 2020\inference_engine.dll 2019-11-22 17:09 - 2019-11-22 17:09 - 005396992 _____ () [File not signed] C:\Program Files\Adobe\Adobe Photoshop 2020\Required\Plug-ins\Automate\TextAutomate.8li 2022-05-22 11:57 - 2022-05-22 11:57 - 000613376 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll 2016-07-30 14:42 - 2016-07-30 14:42 - 002772692 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll 2017-04-02 10:01 - 2017-04-02 10:01 - 001748992 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll 2022-04-19 02:09 - 2022-04-19 02:09 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2022-04-19 02:09 - 2022-04-19 02:09 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll 2022-04-07 23:35 - 2021-07-22 13:11 - 000076288 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] D:\Program Files (x86)\VPN Unlimited\cares.dll 2022-04-07 23:35 - 2023-07-04 09:25 - 000498688 _____ (The curl library, hxxps://curl.se/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libcurl.dll 2023-10-18 19:20 - 2023-07-19 09:19 - 005149696 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libcrypto-3-x64.dll 2023-10-18 19:20 - 2023-07-19 09:19 - 000777728 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libssl-3-x64.dll 2022-04-07 23:35 - 2023-10-22 08:00 - 006066176 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files (x86)\VPN Unlimited\Qt5Core.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3306] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3306] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation) Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation) Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2024-07-22 21:29 - 2024-10-25 18:49 - 000000078 _____ C:\WINDOWS\system32\drivers\etc\hosts 100.98.23.125 terryc250-everest.nord ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\;C:\Users\terry\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tehke\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\1070956.jpg HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\terry\Downloads\th.jfif HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg HKU\S-1-5-21-3252700674-1244316876-1502611229-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 103.86.96.100 - 103.86.99.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0) Windows Firewall is enabled. Network Binding: ============= NordLynx: NordLynx Tunnel -> wireguard.sys OpenVPN Data Channel Offload for NordVPN: OpenVPN Data Channel Offload -> ovpn-dco.sys Local Area Connection: TAP-Windows Adapter V9 -> tap0901.sys Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys Wi-Fi: MediaTek Wi-Fi 6 MT7921 Wireless LAN Card -> mtkwl6ex.sys Local Area Connection 2: TAP-NordVPN Windows Adapter V9 -> tapnordvpn.sys Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys NordLwf: NordVPN LightWeight Firewall ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "CORSAIR iCUE 4 Software" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "Riot Vanguard" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKLM\...\StartupApproved\Run32: => "AirBackupHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5336C2924B55FD107B3D46AF0B1AC178" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "LenovoVantageToolbar" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Opera GX Stable" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "AirBackupHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "AnyTransToolHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "electron.app.BlueStacks Services" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "AirBackupHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "AnyTransToolHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "LenovoVantageToolbar" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{02BF276A-A2B4-472A-A1B9-045136E3548D}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.) FirewallRules: [TCP Query User{3279C445-3008-4325-8EB4-1790CD109A12}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.) FirewallRules: [{1FFE03ED-1DA7-4538-826D-A46A56FA0480}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{813A5889-4353-4820-B4A0-DC91B3C01A5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{201609B0-1BDD-4744-9FB0-53FC62154D95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DBF99A41-C40A-4297-BE29-AC005E20D0A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [UDP Query User{3461D076-3186-40A0-919C-159EA3A77B5D}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.) FirewallRules: [TCP Query User{7B7D956B-DAB0-4DB5-B406-962CACACC163}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.) FirewallRules: [{8ADE8427-B91F-4415-B1AF-910FE044734F}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{796EE9EB-2F72-481A-82CA-B1C330F5B8CF}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [UDP Query User{DF07C02D-411D-46F6-A64F-20000D982D6D}D:\program files\videolan\vlc\vlc.exe] => (Allow) D:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{E2EEC09E-4D60-4FC1-83A6-9835633838D5}D:\program files\videolan\vlc\vlc.exe] => (Allow) D:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{4C548F2E-FD68-4203-8FC6-293A763F8752}D:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) D:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed] FirewallRules: [TCP Query User{A9EDF648-C636-4527-ACB6-73B312DC5235}D:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) D:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed] FirewallRules: [UDP Query User{3370FAAD-4BE6-43F6-829B-0319816A03C2}C:\users\tehke\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\tehke\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [TCP Query User{8C6C4E34-C687-4748-9AB7-A326FBACB2C3}C:\users\tehke\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\tehke\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{CEF0907C-E653-45FF-9A7C-F89E8E7EACDF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{624CF589-180A-43C9-B739-EB0C0B9662D2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1F2EC377-D610-423C-8A3B-973BC2D4E4E8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FA6F9461-B445-4597-A0E6-0F4DD671E277}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{236B3DCD-C294-4D82-9BCD-77F2CA833AE0}] => (Allow) D:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe (2K Sports) [File not signed] FirewallRules: [{F5E41059-B84D-4F44-A9BF-68E829B4AB31}] => (Allow) D:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe (2K Sports) [File not signed] FirewallRules: [{C67C87BF-74BC-47ED-A5CE-84C1702A5D6B}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{FF6BC194-8D39-4399-B239-2F8900AC24BC}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{97C13D7B-B8BB-4284-9E33-B31644C942D3}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{42EB94E4-B8BD-487D-A206-EB0E8FCC74E6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{5F74870A-5761-4B7A-97BD-071DD0D291AA}] => (Allow) D:\BlueStacks\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.) FirewallRules: [{1ADF556A-F147-4C41-9C48-81D9AC960A87}] => (Allow) D:\BlueStacks\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME) FirewallRules: [{6F873598-011D-40FD-96B1-6DADE091832F}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems) FirewallRules: [{C613D8F6-32F2-4704-9FCC-5FF5BF80B89F}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.) FirewallRules: [TCP Query User{272ECFCC-1162-4CE2-8D23-C9E2959516F8}D:\games\stepmania 5\program\stepmania.exe] => (Allow) D:\games\stepmania 5\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed] FirewallRules: [UDP Query User{6411800B-B934-45EA-9AEE-C0C68596FC2C}D:\games\stepmania 5\program\stepmania.exe] => (Allow) D:\games\stepmania 5\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed] FirewallRules: [{719125C9-5CFB-44B9-88F7-8E6FC13396ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{7F60E2F1-FE81-414E-9CF8-CCFC3021A5F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{31F663E5-5590-47D3-A567-40464A26D1FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{193BD387-2D15-4578-B053-A3FE382E7291}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{AD41EAA1-6766-4E8B-A5D2-FC06274E31B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E959104C-3D53-4942-9207-F85BE2E6802F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{DB3B8EB3-AF05-494D-931C-E900B289B2C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{03D7D46D-22AF-4DEF-BDA4-6F8536F0C898}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{157D526E-0F7F-4EF6-A756-8DAEA2F7FA71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{5D9983D9-78A7-467C-8D90-11B4C0662E05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{8A377BE0-E3B8-4690-A377-56AD4BD76C52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2018D383-7C8F-4636-B37E-54AF1562FE5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F49DB459-5D96-449C-A5D8-985B5D702C61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F47EA20A-AC82-4105-A922-A38B2A2C7DF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D17521CF-9DC5-49F4-9A4B-21F08899FCEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2BC6901D-492D-49CB-95A9-E943139B8891}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D35281FE-8F6F-4A01-902C-CD595D7B9D0A}] => (Allow) D:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe (KeepSolid Inc. -> KeepSolid Inc.) FirewallRules: [{28E1F351-3BEA-44DE-BB7A-E04F4DFEC13C}] => (Allow) D:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe (KeepSolid Inc. -> KeepSolid Inc.) FirewallRules: [{060B49C4-1531-4305-AEB8-EAE55F6106F8}] => (Allow) D:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed] FirewallRules: [{2C6653BA-A60E-4E5D-BAE0-4A80D048E0AC}] => (Allow) D:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed] FirewallRules: [TCP Query User{22827E7B-9454-4D33-AF8F-71DC756D7DA5}D:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [UDP Query User{32126533-BACF-4461-99C4-D3F0041C9FEE}D:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [TCP Query User{B942BEB7-A895-452C-880F-6712B92E4E3B}D:\program files (x86)\starcraft ii\versions\base92440\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base92440\sc2.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [UDP Query User{B73C4562-9BD3-426D-BD4F-2A0D138FF361}D:\program files (x86)\starcraft ii\versions\base92440\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base92440\sc2.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [{76000C94-0FC0-4125-AC02-699BF4CE16B9}] => (Block) D:\Program Files (x86)\StarCraft II\Support64\SC2Switcher_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [{C8EDB7A1-89E3-4CBF-AF01-E46D83FFE1B2}] => (Allow) C:\Users\tehke\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{D04765C1-0A6C-4A88-9315-7956C95435F6}] => (Allow) C:\Users\tehke\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{CB93AD3E-AECD-410A-A6CC-DB9EDFC3017C}] => (Allow) C:\Users\tehke\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{16005D13-2AA9-458C-8BA3-0C31C15D58CC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AE2C88A3-AD64-418A-BEF7-332C7E55AF5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C2AE1C71-C509-4590-B794-1B1B288038ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8D879C26-71C3-466B-AF52-96BDAD76BC97}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.89\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{114DF2F4-83A1-43C7-928B-5EAEA826C897}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{5CD50A93-6F29-4C64-9ED7-1B621E1956E0}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.) FirewallRules: [{B37B0DA9-8D2B-487F-8655-E940EDB26276}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.) FirewallRules: [{A037A5FB-691A-4BD0-9059-6018AFCA1080}] => (Allow) C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.) FirewallRules: [{A8136960-573D-46F7-ABD3-81C964CA2AE6}] => (Allow) C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.) FirewallRules: [{DAF69502-2145-4578-AC18-AAE98E922C7F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24256.2503.3176.1759_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C9F15522-15AD-49AD-860E-134F52C3CF42}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24256.2503.3176.1759_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F220E086-2A60-4B2B-9D68-D10AB0D2CDEB}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24257.205.3165.2029_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DD6579B2-929B-4D34-9154-6DDDFD548CB1}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24257.205.3165.2029_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 22-10-2024 17:55:04 Restore Point Created by FRST 24-10-2024 16:40:42 AdwCleaner_BeforeCleaning_24/10/2024_16:40:42 ==================== Faulty Device Manager Devices ============ Name: DCP-L2540DW Description: DCP-L2540DW Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Universal Device Client Device Description: Universal Device Client Device Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Lenovo Service: WUDFRd Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: DAEMON Tools Lite Virtual SCSI Bus Description: DAEMON Tools Lite Virtual SCSI Bus Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318} Manufacturer: Disc Soft Ltd Service: dtlitescsibus Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ======================== Application errors: ================== Error: (10/26/2024 02:06:02 AM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-D982FIHM) Description: Faulting application name: ESETOnlineScanner.exe, version: 10.34.8.0, time stamp: 0x65f09154 Faulting module name: WININET.dll, version: 11.0.22621.4249, time stamp: 0x0f568ddc Exception code: 0xc0000005 Fault offset: 0x002a0a14 Faulting process id: 0x0xb080 Faulting application start time: 0x0x1db27864608f653 Faulting application path: C:\Users\Administrator\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll Report Id: 5ab21d4b-c64e-42cf-ae35-4bd80829b75e Faulting package full name: Faulting package-relative application ID: Error: (10/25/2024 08:09:24 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program mpc-hc64.exe version 2.1.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (10/25/2024 06:52:09 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program photoshop.exe version 21.0.2.57 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (10/25/2024 06:48:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-D982FIHM$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 26 Oct 2024 01:48:40 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 20d2f6e2-a813-4591-918d-de5c0c5a7e1e Method: GET(297ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (10/25/2024 06:48:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 26 Oct 2024 01:48:40 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 14fbc91c-d04b-426f-b27b-f5a7ccc96cb1 Method: GET(313ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (10/25/2024 06:28:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-D982FIHM$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 26 Oct 2024 01:28:18 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 7f4ff470-0a2b-43b8-9a40-26d086d687f5 Method: GET(313ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (10/25/2024 06:28:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 26 Oct 2024 01:28:17 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 0a8355c7-cc13-4643-abcc-262909b2a29e Method: GET(312ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (10/24/2024 06:33:05 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-D982FIHM$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 25 Oct 2024 01:33:05 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: e15cb3e1-c178-44a1-8ccc-8e348925a6b9 Method: GET(281ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) System errors: ============= Error: (10/26/2024 06:25:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/26/2024 06:25:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/26/2024 06:24:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/26/2024 02:20:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/26/2024 02:06:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/26/2024 02:05:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/26/2024 02:05:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/25/2024 07:03:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Windows Defender: ================ Date: 2024-10-23 21:08:01 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-22 22:05:56 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-21 22:45:59 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-20 19:33:04 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-18 21:54:33 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0] Date: 2024-10-18 21:32:48 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version. Security intelligence Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Security intelligence Version: 0.0.0.0;0.0.0.0 Engine Version: 0.0.0.0 CodeIntegrity: =============== Date: 2024-10-25 18:54:30 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Users\tehke\AppData\Local\Discord\app-1.0.9168\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements. Date: 2024-10-25 18:48:27 Description: Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\dtlitescsibus.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x20. Status 0xC00000BB. Date: 2024-10-25 18:32:39 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.89\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO GKCN65WW 01/16/2024 Motherboard: LENOVO LNVNB161216 Processor: AMD Ryzen 9 5900HX with Radeon Graphics Percentage of memory in use: 83% Total physical RAM: 32620.06 MB Available physical RAM: 5539.82 MB Total Virtual: 65388.06 MB Available Virtual: 18714.04 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:952.62 GB) (Free:385.59 GB) (Model: SKHynix_HFS001TDE9X084N) NTFS Drive d: (Data) (Fixed) (Total:953.85 GB) (Free:517.3 GB) (Model: SKHynix_HFS001TDE9X084N) NTFS \\?\Volume{0af6318f-5335-4cce-bcf1-c37154c74faa}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.29 GB) NTFS \\?\Volume{fe006d31-1f1e-4cea-b168-9297dd4deeac}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 953.9 GB) (Disk ID: 43FF248E) Partition: GPT. ========================================================== Disk: 1 (Size: 953.9 GB) (Disk ID: 1B25E18B) Partition: GPT. ==================== End of Addition.txt =======================