Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-11-2021 Ran by kenzi (07-11-2021 18:11:53) Running from C:\Users\kenzi\Desktop Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2021-10-16 18:50:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1266628079-2253192551-1405753121-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1266628079-2253192551-1405753121-503 - Limited - Disabled) Guest (S-1-5-21-1266628079-2253192551-1405753121-501 - Limited - Disabled) kenzi (S-1-5-21-1266628079-2253192551-1405753121-1001 - Administrator - Enabled) => C:\Users\kenzi WDAGUtilityAccount (S-1-5-21-1266628079-2253192551-1405753121-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_2) (Version: 22.4.2.242 - Adobe Inc.) BitTorrent (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\BitTorrent) (Version: 7.10.5.46097 - BitTorrent Inc.) Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.29.1 - Bitwarden Inc.) BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.3.145.1003 - BlueStack Systems, Inc.) BlueStacks X (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\BlueStacks X) (Version: 0.11.1.9 - BlueStack Systems, Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 95.1.31.88 - Brave Software Inc) CrystalDiskInfo 8.12.10 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.10 - Crystal Dew World) CrystalDiskMark 8.0.4 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4 - Crystal Dew World) Discord (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.) DriversCloud.com (HKLM\...\{0337BFA9-63C1-41A6-BB12-85690990C119}) (Version: 11.0.3.0 - Cybelsoft) EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.0.157.5037 - Electronic Arts) Hidden EA app (HKLM-x32\...\{d3ae0bdb-bfa2-4b09-9c5a-ec955ad35b7c}) (Version: 12.0.157.5037 - Electronic Arts) Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) FIFA 21 (HKLM-x32\...\{A918ACE7-A83B-41F4-8746-AEF8DC821879}) (Version: 1.0.72.32477 - Electronic Arts) FileBot (HKLM\...\{9A045E8D-DA4E-476B-A51F-55A0D3146FC1}) (Version: 4.9.4 - Point Planck Limited) Intel Driver && Support Assistant (HKLM-x32\...\{5C00DA99-5159-4D09-A629-018EF8A66825}) (Version: 21.6.39.5 - Intel) Hidden Intel(R) Computing Improvement Program (HKLM\...\{88B98508-2D8F-46F1-90AD-557BE40C7067}) (Version: 2.4.07642 - Intel Corporation) Intel(R) Graphics Driver Software (HKLM-x32\...\{a3052cfa-e19e-4092-a8e5-264f6d84442c}) (Version: 3.11.1.0 - Intel) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2117.15.0.2272 - Intel Corporation) Intel(R) Network Connections 24.3.0.6 (HKLM\...\PROSetDX) (Version: 24.3.0.6 - Intel) Intel® Driver & Support Assistant (HKLM-x32\...\{481781ea-4aa2-4f86-83f6-6800c40421fe}) (Version: 21.6.39.5 - Intel) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc) Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.11.8744 - Logitech) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation) Microsoft Office Professionnel Plus 2019 - fr-fr (HKLM\...\ProPlus2019Volume - fr-fr) (Version: 16.0.14332.20033 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20033 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20033 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.14332.20011 - Microsoft Corporation) Hidden OP.GG 1.0.7 (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\35c3f6f2-9851-552e-9b8e-cd08ef2d1674) (Version: 1.0.7 - OP.GG) Opera GX Stable 80.0.4170.61 (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Opera GX 80.0.4170.61) (Version: 80.0.4170.61 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.106.49298 - Electronic Arts, Inc.) Plex (HKLM-x32\...\Plex) (Version: 1.35.1 - Plex, Inc.) Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 3.1.0+06756 - Private Internet Access, Inc.) Private Internet Access WinTUN Driver (HKLM\...\{0419A0C0-4CC8-459E-9BAE-F3BF5D2E2CCB}) (Version: 1.0 - Private Internet Access, Inc.) Hidden Spotify (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Spotify) (Version: 1.1.71.560.gc21c3367 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software) Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) WinSCP 5.19.3 (HKLM-x32\...\winscp3_is1) (Version: 5.19.3 - Martin Prikryl) Packages: ========= Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.20.2.0_x64__6rarf9sa4v8jt [2021-10-28] (Disney) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.1.257.0_x64__v10z8vjag6ke6 [2021-11-03] (HP Inc.) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-16] (INTEL CORP) [Startup Task] iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-11-03] (Apple Inc.) [Startup Task] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-03] (Microsoft Studios) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-26] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-10-16] (Realtek Semiconductor Corp) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2021-11-03] (Ookla) Ubuntu 20.04 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu20.04onWindows_2004.2021.825.0_x64__79rhkp1fndgsc [2021-10-28] (Canonical Group Limited) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1266628079-2253192551-1405753121-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\kenzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps\YouTube Music.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod ShortcutWithArgument: C:\Users\kenzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brave.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --load-extension="C:\ProgramData\Klzz\Wnfwnv\5AF80890" ==================== Loaded Modules (Whitelisted) ============= 0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () [Access Denied] C:\ProgramData\NotifyTrace\YtyyesHack\ayrseft_Brared.dll 2021-11-03 21:53 - 2021-11-03 21:12 - 000635904 _____ () [File not signed] \\?\C:\Program Files\LGHUB\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node 2021-11-03 20:45 - 2021-11-03 07:41 - 000508416 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\resources\app.asar.unpacked\node_modules\node-ovhook\build\Release\node_ovhook.node 2021-11-03 20:45 - 2021-11-03 07:41 - 000159744 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\resources\app.asar.unpacked\node_modules\rust-process\native\index.node 2021-11-07 17:54 - 2021-11-07 17:54 - 000795136 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\6931f163-2769-41ec-80a8-a634c61a12d3.tmp.node 2021-11-07 17:54 - 2021-11-07 17:54 - 000152064 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\6be758a5-6156-4368-82c8-a03ff6d68b7e.tmp.node 2021-11-07 17:54 - 2021-11-07 17:54 - 000161280 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\c062901b-2720-4a45-a199-fb83093a460e.tmp.node 2021-04-13 13:36 - 2021-04-13 13:36 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll 2021-10-16 20:25 - 2021-10-16 20:25 - 000967168 _____ () [File not signed] C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll 2021-10-30 15:26 - 2021-10-30 15:26 - 002699264 _____ () [File not signed] C:\Program Files\Bitwarden\ffmpeg.dll 2021-10-30 15:26 - 2021-10-30 15:26 - 000442368 _____ () [File not signed] C:\Program Files\Bitwarden\libegl.dll 2021-10-30 15:26 - 2021-10-30 15:26 - 008143872 _____ () [File not signed] C:\Program Files\Bitwarden\libglesv2.dll 2021-11-03 20:45 - 2021-11-03 07:41 - 002823680 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\ffmpeg.dll 2021-11-03 20:45 - 2021-11-03 07:41 - 000449024 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\libegl.dll 2021-11-03 20:45 - 2021-11-03 07:41 - 007620096 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\libglesv2.dll 2019-10-11 15:45 - 2019-10-11 15:45 - 000374784 _____ (Intel(R) Corporation) [File not signed] C:\WINDOWS\system32\NCS2Setp.dll 2021-10-21 16:26 - 2021-10-21 16:26 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2021-10-21 16:26 - 2021-10-21 16:26 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2021-05-21 15:04 - 2021-05-21 15:04 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll 2021-07-23 10:36 - 2021-07-23 10:36 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll 2021-10-20 14:57 - 2021-10-20 14:56 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll 2021-10-20 14:57 - 2021-10-20 14:57 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll 2021-11-04 15:07 - 2021-11-04 15:07 - 002815488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll 2021-11-04 15:07 - 2021-11-04 15:07 - 000678400 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll 2021-10-20 14:57 - 2021-10-20 14:56 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2021-10-21 11:11 - 2021-10-20 14:57 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll 2021-10-21 11:11 - 2021-10-20 14:57 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll 2021-10-21 11:11 - 2021-10-20 14:57 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll 2021-10-21 11:11 - 2021-10-20 14:57 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2021-10-21 11:11 - 2021-10-20 14:57 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2021-10-21 11:11 - 2021-10-20 14:57 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll 2021-11-04 15:07 - 2021-11-04 15:07 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll 2021-11-04 15:07 - 2021-11-04 15:07 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll 2021-11-04 15:07 - 2021-11-04 15:07 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll 2021-11-04 15:07 - 2021-11-04 15:07 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll 2021-11-04 15:07 - 2021-11-04 15:07 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3998] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 10:14 - 2021-10-30 15:07 - 000000891 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 license.piriform.com 127.0.0.1 http://www.piriform.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kenzi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaperbetter.com_1920x1080.jpg DNS Servers: 89.2.0.1 - 89.2.0.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Calculator" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\StartupFolder: => "RUNDLL32.EXE.lnk" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\StartupFolder: => "IntelRapid.lnk" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_51468CC7A89CF6F2E72B3A5E67F0C488" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "Speech Recognition" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "WinHost" HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "EpicGamesLauncher" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{4204F1CA-7E16-4942-8D09-FFE392B1B2EF}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [UDP Query User{9AE599C2-A6E8-4E3C-B4BB-22D2D7E7AF1C}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{96E12AB2-B242-4126-8494-6D1163826D5E}] => (Allow) C:\Program Files\EA Games\FIFA 21\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{F6F2E580-48EB-4A5B-B35E-D9177130FC31}] => (Allow) C:\Program Files\EA Games\FIFA 21\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [TCP Query User{C43171B6-DC6D-453E-8267-6BC7F7211C88}C:\program files\ea games\fifa 21\fifa21.exe] => (Block) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{7C6D89E6-B2A4-43B8-9318-E934714A7909}C:\program files\ea games\fifa 21\fifa21.exe] => (Block) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{7226709D-32F8-464C-A4BF-CBB03C6A838E}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> ) FirewallRules: [{2B9D697F-0A8D-4949-BA8A-7663ED6DEC29}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> ) FirewallRules: [{168B3DAD-4212-45A1-B157-6568336A3226}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> ) FirewallRules: [{92744CCC-B063-4A9B-AC6C-940B64B40120}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> ) FirewallRules: [{521D0683-83FE-4DB1-A6B7-E0A63FABFCC4}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft) FirewallRules: [{04A48DE7-A855-41D0-A6E1-C14BBF25BC46}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft) FirewallRules: [TCP Query User{B94878C2-9940-4156-BCAD-D430BB957D10}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{9007D433-2C4E-4526-BC84-EC95F86B9B11}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EC133F88-C33C-456A-ACB5-D5924BB63D48}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AF801B73-8171-41E5-980E-BCCA4042DE42}] => (Allow) LPort=1688 FirewallRules: [{C37EA684-6577-4D99-8ECF-FE5833F96E09}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{9118E300-E903-4063-9F3E-BE3CCB71B955}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BF4E113A-91A6-4162-B339-3B2A6F30548D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{C51AC590-96F6-4A2D-85BB-564B1E0C51EB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{7AE0E6E4-EAD0-4025-879D-E13CAE618CA7}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{2305B234-A4A4-46C1-9175-D0D724F35277}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{E5876589-4958-4A26-9271-A4F356D2C7FD}] => (Allow) C:\Users\kenzi\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{11F7830F-A9D5-4EC1-8B1D-92BF9879E7BA}] => (Allow) C:\Users\kenzi\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{30E43E66-6848-4F03-B706-EE43D31F5D3F}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [TCP Query User{6D4AAB1D-3865-4A03-86C7-81895F7147F1}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{C9C55AAC-1298-4C14-A36E-58BB42DBEAD6}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{D70BBA64-A882-4EC6-9024-D19254A0ED17}C:\program files\ea games\fifa 21\fifa21.exe] => (Allow) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{81803BBF-349E-4EE3-B02C-91C29EACBF9D}C:\program files\ea games\fifa 21\fifa21.exe] => (Allow) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [TCP Query User{40AF6FD7-E9E4-4E4E-9B02-81E08AECBA4F}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{B1558BA5-FCDA-4C39-82D1-44828FC0E827}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{133BA207-DEFD-494B-9208-A67628DE018B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F9602E36-DFEC-4B81-9E26-5A16F9B29E6A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2C9DBD9C-FE66-4CB4-BFF9-BD17DCA2BF20}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F1328A75-05E1-4A57-88F7-F1221C2F0087}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5001ED0B-43AE-432D-96AC-6A777A582D0A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{14E8FFD0-A85A-4E3D-9D7E-A2448EF0FC57}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{766E0587-E0E0-4A19-AED1-5F816ED5BC3C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{289AA53E-11D7-4274-88DE-785EC181AC54}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{A6AB2E6A-B188-45CF-B856-32753DA8024C}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{08497133-2929-405B-A505-DED5ED5D349E}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{0CF013F4-D743-4401-AA87-A470DEA2B09D}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems) FirewallRules: [TCP Query User{4EFE18A7-0587-45B5-8827-8DD08BBED740}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe () [File not signed] FirewallRules: [UDP Query User{88F4261F-40F8-4DEE-8E27-5A43946F0708}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe () [File not signed] FirewallRules: [{1577702D-A5EF-49DF-94E2-B1632B9D2346}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{0E79F4F8-D8D1-449E-BD8E-859D6631A421}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{84978316-EFC8-4561-A280-C6B11BE2CE16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{76800882-6347-4B79-9625-F7103BE7CD53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Restore Points ========================= 04-11-2021 21:59:18 Intel® Driver & Support Assistant 04-11-2021 23:52:57 Windows Modules Installer 07-11-2021 11:43:12 Installed Intel(R) Network Connections. 07-11-2021 17:35:11 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/07/2021 05:58:18 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (11/07/2021 05:40:51 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (11/07/2021 11:44:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.1202, time stamp: 0x4aa1ce82 Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39 Exception code: 0x40000015 Fault offset: 0x000000000000ae22 Faulting process ID: 0x32c0 Faulting application start time: 0x01d7d3c354aeef54 Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Faulting module path: C:\WINDOWS\System32\msvcrt.dll Report ID: 43f05eee-6e48-4b88-a958-76e062f204af Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (11/06/2021 12:45:12 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (11/06/2021 12:40:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process ID: 0x2580 Faulting application start time: 0x01d7d3031c4467e9 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: unknown Report ID: 92550c97-e54e-47ea-a860-6fe85fa8c97c Faulting package full name: Faulting package-relative application ID: Error: (11/06/2021 12:40:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process ID: 0x1b30 Faulting application start time: 0x01d7d3031c403335 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: unknown Report ID: dae3dac3-676a-4539-9e0b-c3157367eb95 Faulting package full name: Faulting package-relative application ID: Error: (11/06/2021 12:40:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process ID: 0x18e8 Faulting application start time: 0x01d7d3031c4467f6 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: unknown Report ID: 7d958998-5d5a-458a-bab0-821c6b992fa6 Faulting package full name: Faulting package-relative application ID: Error: (11/06/2021 12:40:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process ID: 0x1410 Faulting application start time: 0x01d7d3031c44f8d5 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: unknown Report ID: aa636743-d2ff-4e0c-83bd-19c8c71f0deb Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (11/07/2021 05:54:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicea service to connect. Error: (11/07/2021 05:54:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the AppServiceb service to connect. Error: (11/07/2021 05:36:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicex service to connect. Error: (11/07/2021 05:36:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicev service to connect. Error: (11/07/2021 05:36:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the AppServices service to connect. Error: (11/07/2021 05:36:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the AppServiceu service to connect. Error: (11/07/2021 05:36:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicep service to connect. Error: (11/07/2021 05:36:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the AppServiceo service to connect. Windows Defender: ================ Date: 2021-11-06 12:42:15 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0 Name: Trojan:MSIL/RedLine.RPS!MTB Severity: Severe Category: Trojan Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.353.524.0, AS: 1.353.524.0, NIS: 1.353.524.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-03 21:53:49 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0 Name: Trojan:MSIL/RedLine.RPS!MTB Severity: Severe Category: Trojan Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-03 21:12:04 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0 Name: Trojan:MSIL/RedLine.RPS!MTB Severity: Severe Category: Trojan Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-03 20:45:42 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0 Name: Trojan:MSIL/RedLine.RPS!MTB Severity: Severe Category: Trojan Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-10-30 16:26:29 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0 Name: Trojan:Win32/Sabsik.FL.B!ml Severity: Severe Category: Trojan Path: file:_C:\Users\kenzi\AppData\Local\Temp\drukpa\maraudvp.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.353.91.0, AS: 1.353.91.0, NIS: 1.353.91.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Event[0]: Date: 2021-11-01 11:51:26 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.91.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-11-01 11:51:26 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.91.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-11-01 11:51:26 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.91.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-11-01 11:51:26 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.91.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-11-01 11:51:26 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.91.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved ==================== Memory info =========================== BIOS: LENOVO M1UKT65A 03/03/2021 Motherboard: LENOVO 312A Processor: Intel(R) Pentium(R) Gold G5400 CPU @ 3.70GHz Percentage of memory in use: 56% Total physical RAM: 16256.09 MB Available physical RAM: 7064.13 MB Total Virtual: 19184.09 MB Available Virtual: 9044.72 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:234.91 GB) (Free:72.21 GB) NTFS \\?\Volume{41ac28d2-a90a-47e5-b5ad-dfad4cd0ca19}\ () (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS \\?\Volume{726ce9c5-b92d-4598-8798-a754ae5aff6c}\ (Recovery) (Fixed) (Total:2.38 GB) (Free:2 GB) NTFS \\?\Volume{04d347e8-cfd2-4b7d-bdc5-f6337d401af7}\ (BOOT) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32 ==================== MBR & Partition Table ==================== ==================== End of Addition.txt =======================