Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2022 Ran by Leo (16-03-2022 22:23:34) Running from E:\Downloads Microsoft Windows 10 Home Version 21H2 19044.1288 (X64) (2022-03-16 18:35:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3832259144-3547445895-3466673875-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3832259144-3547445895-3466673875-503 - Limited - Disabled) Guest (S-1-5-21-3832259144-3547445895-3466673875-501 - Limited - Disabled) Leo (S-1-5-21-3832259144-3547445895-3466673875-1001 - Administrator - Enabled) => C:\Users\Leo WDAGUtilityAccount (S-1-5-21-3832259144-3547445895-3466673875-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov) Audacity 3.0.3 (HKLM\...\Audacity_is1) (Version: 3.0.3 - Audacity Team) CCleaner (HKLM\...\CCleaner) (Version: 5.90 - Piriform) CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 98.1.14514.105 - Piriform Software) CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden Cisco Webex Meetings (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\ActiveTouchMeetingClient) (Version: - Cisco Webex LLC) Discord (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Divinity: Original Sin 2 - Companion: Sir Lora the Squirrel (HKLM-x32\...\1326441817_is1) (Version: 3.6.69.4648(a) - GOG.com) Divinity: Original Sin 2 (HKLM-x32\...\1584823040_is1) (Version: 3.6.69.4648(a) - GOG.com) Divinity: Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.0.119.430 KO update - GOG.com) Documentation Manager (HKLM\...\{E6D708BA-9130-4926-AA3E-AEBB5DE1E60B}) (Version: 22.110.1.1 - Intel Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.1.29511 - Foxit Software Inc.) Free PDF Compressor (HKLM-x32\...\{BFA49A14-EC18-4071-BC13-B43043B09222}_is1) (Version: - freepdfcompressor.com) GIMP 2.10.30 (HKLM\...\GIMP-2_is1) (Version: 2.10.30 - The GIMP Team) Git version 2.20.0 (HKLM\...\Git_is1) (Version: 2.20.0 - The Git Development Community) GitHub Desktop (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\GitHubDesktop) (Version: 1.5.0 - GitHub, Inc.) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC) Guild Wars (HKLM-x32\...\Guild Wars) (Version: - ) Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.176 - Riot Games, Inc.) Intel GFX Driver (HKLM-x32\...\{ca0ebadf-f7bd-4e32-9fec-e19a5d68c724}) (Version: 1.0.0.0 - Intel) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{bb524cb9-b65f-4f06-97f4-48c851e87a57}) (Version: 20.80.0 - Intel Corporation) Intel® Software Installer (HKLM-x32\...\{094650cc-6461-47bb-96c0-4ec910a08b94}) (Version: 22.110.1.1 - Intel Corporation) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc) Magic The Gathering Online (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\0f5c6e93bfc3614a) (Version: 3.4.114.4042 - Wizards of the Coast, LLC) Messenger (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 142.0.353127249 - Facebook, Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.39 - Microsoft Corporation) Microsoft Office Professionnel Plus 2019 - fr-fr (HKLM\...\ProPlus2019Retail - fr-fr) (Version: 16.0.14931.20132 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MiKTeX 2.9 (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mozilla Firefox (x64 fr) (HKLM\...\Mozilla Firefox 98.0.1 (x64 fr)) (Version: 98.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla) MSI Remind Manager Service (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1802.0501 - Micro-Star International Co., Ltd.) MTG Arena (HKLM-x32\...\{D7716436-E0F4-4B18-BC41-AE3A8E52516B}) (Version: 0.1.2239 - Wizards of the Coast) NetLimiter 4 (HKLM\...\{3C05BD04-DE70-4141-8FB6-191654269DEF}) (Version: 4.0.53.0 - Locktime Software) Hidden Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.1 - Notepad++ Team) NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation) NVIDIA GeForce Experience 3.25.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.0.84 - NVIDIA Corporation) NVIDIA Graphics Driver 511.79 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.79 - NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.14931.20072 - Microsoft Corporation) Hidden Opera Stable 84.0.4316.31 (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\Opera 84.0.4316.31) (Version: 84.0.4316.31 - Opera Software) Ori and The Blind Forest: Definitive Edition (HKLM-x32\...\1384944984_is1) (Version: 1.0 - GOG.com) Popcorn-Time (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\Popcorn-Time) (Version: 0.4.4 - Popcorn Time) Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation) Spelunky (HKLM-x32\...\1207659257_is1) (Version: 2.1.0.9 - GOG.com) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) Texmaker 5.0.3 (64-bit) (HKLM-x32\...\{7209FF10-D27D-432F-A705-84F02D136C7E}) (Version: 5.0.3.0 - Texmaker) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1555 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) Zoom (HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.) Zotero (HKLM-x32\...\Zotero 5.0.93 (x86 en-US)) (Version: 5.0.93 - Corporation for Digital Scholarship) Packages: ========= Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_5.30.180.0_x86__q7m17pa7q8kj0 [2022-03-02] (Deezer SA) Friture -> C:\Program Files\WindowsApps\53504SilentGain.Friture_0.48.0.0_x86__xkk28cz8e24m6 [2022-03-10] (Silent Gain) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-08] (INTEL CORP) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-03-16] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-03-16] (Microsoft Corporation) [MS Ad] Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.5.0_x64__w2gh52qy24etm [2022-03-15] (A-Volute) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-03-16] (NVIDIA Corp.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-14] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.32.261.0_x64__dt26b99r8h8gj [2022-03-10] (Realtek Semiconductor Corp) SynMsiDApp -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynMsiDApp_19005.31005.0.0_x64__807d65c4rvak2 [2019-09-21] (Synaptics Incorporated) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3832259144-3547445895-3466673875-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Leo\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3832259144-3547445895-3466673875-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Leo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3832259144-3547445895-3466673875-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Leo\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> ) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => E:\Program Files\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_1cacf25fc4e8a006\nvshext.dll [2022-02-10] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => E:\Program Files\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2018-12-13 11:21 - 2018-04-30 13:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2018-04-12 00:33 - 2022-03-10 16:30 - 007014912 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSRES.DLL 2018-04-12 00:33 - 2022-03-10 16:30 - 000415744 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSTIFF.dll 2018-04-12 00:33 - 2022-03-10 16:30 - 000151040 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSUI.DLL 2018-04-12 00:33 - 2022-03-10 16:30 - 000142848 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSWZRD.dll 2020-04-18 20:27 - 2020-04-18 20:27 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2020-04-18 20:27 - 2020-04-18 20:27 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2021-04-13 20:57 - 2021-04-13 21:02 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\Control Panel\Desktop\\Wallpaper -> E:\Pictures\Wallpapers\Kekai_Kotaki_Art_n04.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: NahimicService => 2 HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "GalaxyClient" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "Franz" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "NetLimiter" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "CUCore Agent" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "Opera Browser Assistant" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-3832259144-3547445895-3466673875-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{37103A22-85C3-4CD0-9F2F-9F1C37D8E791}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software) FirewallRules: [{F0566EE8-9386-4131-8551-31E41DE778A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{86ED9A77-1043-437B-B306-24D3615DAB1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{62CA3DDF-B952-4178-AE3A-953E15F772C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{B79CCC66-54AB-4C42-AFB8-9AC5926D98B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{A3C16E80-662E-42DC-B49F-4A0D08362A73}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{61CAC914-B045-4972-9097-C0F922740310}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D2D2D2B3-5C0F-4B65-9E45-7B931D68D328}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B41E5BE1-427D-4C59-8DD1-6E4EBEE1A852}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{29B13A5B-0721-4DAB-B2F5-18390527A0A3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [UDP Query User{BEC0DA30-625C-432D-A08D-5FF0BC71D18D}C:\program files\riot games\riot client\riotclientservices.exe] => (Allow) C:\program files\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{A9E6DC9B-12AC-4AE6-9792-C3C3A9A59684}C:\program files\riot games\riot client\riotclientservices.exe] => (Allow) C:\program files\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{0B931ABA-C277-4080-B53A-1A07E97D8D7F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F0545EE6-F444-4872-A315-869B0478497C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6EEF3862-F7F2-4AD9-A073-80677CA36BB6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C3DB2884-50D4-4524-846E-49D306988A16}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed] FirewallRules: [{0D87F63E-D47D-44BE-A66C-14F14C4F006A}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed] FirewallRules: [{BFE60150-731C-4970-AD0B-0B2715427884}] => (Allow) E:\Program Files\Steam\steamapps\common\Black Desert Online\BlackDesertLauncher.exe (Pearl abyss Corp -> Pearlabyss) FirewallRules: [{5C86E22C-505F-441F-B820-FD79FDAF3B40}] => (Allow) E:\Program Files\Steam\steamapps\common\Black Desert Online\BlackDesertLauncher.exe (Pearl abyss Corp -> Pearlabyss) FirewallRules: [{B359F211-A4D8-4427-9866-5950FE93FCD0}] => (Allow) E:\Program Files\Steam\steamapps\common\Outer Wilds\OuterWilds.exe () [File not signed] FirewallRules: [{120E8772-9626-41D5-A5E4-F3E64618BD46}] => (Allow) E:\Program Files\Steam\steamapps\common\Outer Wilds\OuterWilds.exe () [File not signed] FirewallRules: [UDP Query User{12B36490-E798-4810-B594-0E065C8F9178}C:\users\leo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\leo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{0D86B402-DBFD-4579-A9DC-9A5C416C1F08}C:\users\leo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\leo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{42F66AB4-FD24-4C0F-964A-4279907A2E49}E:\program files\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) E:\program files\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed] FirewallRules: [TCP Query User{79A2464C-F4BB-48E9-853E-36906DE7DCF5}E:\program files\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) E:\program files\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed] FirewallRules: [{288F5D70-83EC-472F-9099-2D88EC027284}] => (Allow) C:\Users\Leo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{3766D0CD-2368-4AE8-9A71-CAC77D218F93}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K) FirewallRules: [{7F2D776A-C380-4E60-B5B9-8A9A262D860C}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K) FirewallRules: [UDP Query User{4B62344F-2A17-4889-9EDF-209C7CE1703C}E:\program files\popcorntime\popcorn-time\popcorn-time.exe] => (Allow) E:\program files\popcorntime\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed] FirewallRules: [TCP Query User{E2B04C49-C426-410A-8639-47214BB47183}E:\program files\popcorntime\popcorn-time\popcorn-time.exe] => (Allow) E:\program files\popcorntime\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed] FirewallRules: [{D7364B44-6409-44C1-895B-4AB0C2B12FC8}] => (Allow) E:\Program Files\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [File not signed] FirewallRules: [{E1A6BC18-1DAA-46A6-BEE7-CDE0918F84B9}] => (Allow) E:\Program Files\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [File not signed] FirewallRules: [{0E1B882D-4C11-46D3-810B-8AE831856B67}] => (Allow) E:\Program Files\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [File not signed] FirewallRules: [{6414D3EB-8D68-40FF-8C96-D792AD697CF0}] => (Allow) E:\Program Files\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [File not signed] FirewallRules: [{1FBC2817-89DD-433C-81F0-AAF7398CDA11}] => (Allow) E:\Program Files\Steam\steamapps\common\Armello\armello.exe () [File not signed] FirewallRules: [{CEF05C6B-1173-4042-A593-FBD60DC7081B}] => (Allow) E:\Program Files\Steam\steamapps\common\Armello\armello.exe () [File not signed] FirewallRules: [UDP Query User{95488C54-8C8D-4445-999A-E79C428D037A}E:\program files\imagej\imagej.exe] => (Allow) E:\program files\imagej\imagej.exe () [File not signed] FirewallRules: [TCP Query User{83D17FEB-AE4D-4C37-BD5C-3FCB8351B7CF}E:\program files\imagej\imagej.exe] => (Allow) E:\program files\imagej\imagej.exe () [File not signed] FirewallRules: [UDP Query User{1D3A4FDA-CAA4-4BA8-B94D-D4908F19E1B5}E:\program files\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) E:\program files\divinity - original sin enhanced edition\shipping\eocapp.exe () [File not signed] FirewallRules: [TCP Query User{D1A194C8-3127-426B-80CB-D07E25A449D4}E:\program files\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) E:\program files\divinity - original sin enhanced edition\shipping\eocapp.exe () [File not signed] FirewallRules: [{EE299F40-D26F-4A88-AACF-78280BCF4578}] => (Allow) E:\Program Files\Steam\steamapps\common\The Witness\witness_d3d11.exe () [File not signed] FirewallRules: [{1A8976C8-D759-4AA0-9BD6-C523367F0D94}] => (Allow) E:\Program Files\Steam\steamapps\common\The Witness\witness_d3d11.exe () [File not signed] FirewallRules: [UDP Query User{20E74911-DEFB-414D-9EDB-DCCBF7C36F26}C:\users\leo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\leo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{9C61EF9E-D4F8-4581-BC3B-BA0BDB1003EE}C:\users\leo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\leo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D53319B1-0EC1-483F-A616-7C8AE949E2A7}] => (Allow) E:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) FirewallRules: [{80BA0775-B7D9-4147-A2BD-E254F8E5DA41}] => (Allow) E:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) FirewallRules: [{F2D3423A-1807-47C8-A531-283D2A13E277}] => (Allow) E:\Program Files\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe (Take-Two Interactive Software, Inc. -> Gearbox Software) FirewallRules: [{A5168DF1-B822-4BBC-A18A-B5E13D0E1D9F}] => (Allow) E:\Program Files\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe (Take-Two Interactive Software, Inc. -> Gearbox Software) FirewallRules: [{400C22C5-8289-4E07-AB58-21694C2739AD}] => (Allow) E:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Take-Two Interactive Software, Inc. -> Gearbox Software) FirewallRules: [{EEE2C04C-F77F-4B15-B3A0-AC09ABB60273}] => (Allow) E:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Take-Two Interactive Software, Inc. -> Gearbox Software) FirewallRules: [UDP Query User{2E75644B-A0E8-4DEC-8805-A7CC93326BDF}C:\users\leo\popcorn-time\popcorn-time.exe] => (Allow) C:\users\leo\popcorn-time\popcorn-time.exe (The NWJS Community) [File not signed] FirewallRules: [TCP Query User{71F66844-D0A1-46D5-A868-F8C441D0002B}C:\users\leo\popcorn-time\popcorn-time.exe] => (Allow) C:\users\leo\popcorn-time\popcorn-time.exe (The NWJS Community) [File not signed] FirewallRules: [UDP Query User{D8FE58E8-18C8-4894-A230-6F7F10B3B619}C:\users\leo\popcorn-time\popcorn-time.exe] => (Allow) C:\users\leo\popcorn-time\popcorn-time.exe (The NWJS Community) [File not signed] FirewallRules: [TCP Query User{E0E5B2B5-8B90-46F2-BF4B-387F72C46661}C:\users\leo\popcorn-time\popcorn-time.exe] => (Allow) C:\users\leo\popcorn-time\popcorn-time.exe (The NWJS Community) [File not signed] FirewallRules: [UDP Query User{EE3728DA-CBE2-4C4A-97BD-887659FBE72A}C:\users\leo\anaconda3\pythonw.exe] => (Allow) C:\users\leo\anaconda3\pythonw.exe (Python Software Foundation) [File not signed] FirewallRules: [TCP Query User{97C1474E-07F5-460C-9654-CFCFF21340ED}C:\users\leo\anaconda3\pythonw.exe] => (Allow) C:\users\leo\anaconda3\pythonw.exe (Python Software Foundation) [File not signed] FirewallRules: [{AC67BFB1-150A-4589-A606-33E7AB2C0C4D}] => (Allow) E:\Program Files\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: ) [File not signed] FirewallRules: [{C17CA24A-16E3-4373-BDBF-5E5C6C699F58}] => (Allow) E:\Program Files\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: ) [File not signed] FirewallRules: [{F4430F31-34C0-40D6-89D4-AF46F2DB07E3}] => (Allow) E:\Program Files\Steam\steamapps\common\Duck Game\DuckGame.exe (CORPTRON) [File not signed] FirewallRules: [{DE00184B-B6EE-4837-9796-2B00BE0D08D0}] => (Allow) E:\Program Files\Steam\steamapps\common\Duck Game\DuckGame.exe (CORPTRON) [File not signed] FirewallRules: [{4711AB0B-F507-483B-8E05-8ED5DDE5F078}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed] FirewallRules: [{C8E6A542-4FEC-4213-A0F6-DCB13130B4B5}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed] FirewallRules: [{4230D433-E793-408E-BF5C-3AE43D23E5A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EAEC332A-BAA1-4845-A04F-734D168AE919}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{8C36071F-EC38-4042-98D7-943EAEB013A3}C:\users\leo\anaconda3\pythonw.exe] => (Allow) C:\users\leo\anaconda3\pythonw.exe (Python Software Foundation) [File not signed] FirewallRules: [TCP Query User{2F244EC7-5316-470A-8354-64FAF095007D}C:\users\leo\anaconda3\pythonw.exe] => (Allow) C:\users\leo\anaconda3\pythonw.exe (Python Software Foundation) [File not signed] FirewallRules: [{F7A9BA3D-91A1-46C4-9AE2-812FF3B65CB0}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed] FirewallRules: [{F097F9E0-65D2-49C9-811A-EA155F449E40}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed] FirewallRules: [{ABDAC194-D0E5-41F4-99CD-BDBD98C77869}] => (Allow) E:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{41A68225-EA22-4AB5-B4C5-BBF5534F3E8B}] => (Allow) E:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{33CCD3B0-6388-4BC0-8CF7-7A331257F560}] => (Allow) E:\Program Files\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{EF24F057-1EFA-4BC5-AEB8-C8A01B1BA8DD}] => (Allow) E:\Program Files\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A88D1BA6-C394-4A27-8F01-1302659C0450}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [UDP Query User{D3F9C376-5776-4E15-9A2F-F3EC48237E07}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{3340ECA6-7F37-448B-996A-7F721A4759F5}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{3A8658CD-EDF4-42BE-9887-FAE2E161DE12}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{95315F55-FFAE-41DD-ACC2-1E16D163CDD0}E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{6375B4D3-08AC-4850-B580-6FBABC19EC95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{53C28432-7ADB-4596-9A6B-618F6482E73D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [UDP Query User{D1A19771-1756-4D74-A5FC-A12278BC433D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{ECE22AD4-3883-4BA0-87B2-E856180B4479}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{A47A5830-7BAD-4EAA-9587-43D1F8486444}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{F499B3BB-3105-4EB1-B2B5-5C6E6703895C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{DC10AB4C-CE35-47CB-8CC0-437A8F97CDD0}] => (Allow) E:\Program Files\Steam\steamapps\common\Lara Croft and the Temple of Osiris\LC2.exe (Square Enix Ltd.) [File not signed] FirewallRules: [{8B69A10F-94F2-4B50-82D2-CF92582FC208}] => (Allow) E:\Program Files\Steam\steamapps\common\Lara Croft and the Temple of Osiris\LC2.exe (Square Enix Ltd.) [File not signed] FirewallRules: [TCP Query User{663EE315-DEDB-4BB0-A984-59EB6C34BF8B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{6679BE8B-F31C-4FBF-81D2-25CC2098A6F9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{EAE055C5-0E51-48CA-A340-82971AA5644C}] => (Allow) C:\Users\Leo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{B099527A-78AB-49AD-9087-7DCCB3EB39E1}E:\program files\popcorntime\popcorn-time\popcorn-time.exe] => (Allow) E:\program files\popcorntime\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed] FirewallRules: [UDP Query User{309FB89F-2A21-4B51-AA0B-8E725480C6AE}E:\program files\popcorntime\popcorn-time\popcorn-time.exe] => (Allow) E:\program files\popcorntime\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed] FirewallRules: [{F4A0CC37-B51A-4856-A1CE-015EF2472326}] => (Allow) E:\Program Files\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{937CDE1D-67A9-4AB8-94A0-A4B5BA7654B8}] => (Allow) E:\Program Files\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{E141FEF1-B042-4CFD-8B1A-C8B5FCEBEB66}] => (Allow) E:\Program Files\Steam\steamapps\common\The Stanley Parable\stanley.exe () [File not signed] FirewallRules: [{9E65CE64-2C77-44E1-BE4D-F93E8261AC97}] => (Allow) E:\Program Files\Steam\steamapps\common\The Stanley Parable\stanley.exe () [File not signed] FirewallRules: [TCP Query User{48EF9833-450A-4575-AA6E-59EF3AAF612A}E:\epic games\torchlight2\torchlight2.exe] => (Allow) E:\epic games\torchlight2\torchlight2.exe (Runic Games, Inc. -> Runic Games, Inc.) FirewallRules: [UDP Query User{3B052874-A760-4E4B-846D-58704FE17F30}E:\epic games\torchlight2\torchlight2.exe] => (Allow) E:\epic games\torchlight2\torchlight2.exe (Runic Games, Inc. -> Runic Games, Inc.) FirewallRules: [{2BC8D900-9B30-4421-A1D4-BD968F94BC8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{F18CD0B3-46EA-40A2-8836-63571ED4EC34}] => (Allow) E:\Program Files\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed] FirewallRules: [{AE468292-D970-4DC4-BE90-9494B2A525B9}] => (Allow) E:\Program Files\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed] ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:118.19 GB) (Free:29.33 GB) (25%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/16/2022 07:30:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored. Error: (03/16/2022 07:30:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored. Error: (03/16/2022 07:30:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored. Error: (03/16/2022 07:30:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored. Error: (03/16/2022 07:30:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored. Error: (03/16/2022 07:30:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored. Error: (03/16/2022 07:30:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409. System errors: ============= Error: (03/16/2022 07:34:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (03/16/2022 07:30:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service depends on the IP Helper service which failed to start because of the following error: The operation completed successfully. Error: (03/16/2022 07:30:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Network List Service service terminated with the following error: The device is not ready. CodeIntegrity: =============== Date: 2022-03-16 21:47:42 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_233e086e960c2400\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. E16P6IMS.105 05/08/2018 Motherboard: Micro-Star International Co., Ltd. MS-16P6 Processor: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz Percentage of memory in use: 90% Total physical RAM: 8037.36 MB Available physical RAM: 733.32 MB Total Virtual: 16963.04 MB Available Virtual: 6548.29 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:118.19 GB) (Free:29.33 GB) NTFS Drive d: (EFI) (Fixed) (Total:0.34 GB) (Free:0.34 GB) FAT32 Drive e: (HDD) (Fixed) (Total:921.17 GB) (Free:417.09 GB) NTFS Drive f: (DriverCD) (Fixed) (Total:10 GB) (Free:5.51 GB) NTFS \\?\Volume{e6c9dd66-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS \\?\Volume{e6c9dd66-0000-0000-0000-80ae1d000000}\ () (Fixed) (Total:0.51 GB) (Free:0.05 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: E6C9DD66) Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=526 MB) - (Type=27) ========================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 6C3AA21E) Partition: GPT. ==================== End of Addition.txt =======================