Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021 Ran by 48607 (18-11-2021 20:15:23) Running from C:\Users\48607\Desktop Microsoft Windows 10 Home Version 20H2 19042.1165 (X64) (2021-03-19 21:22:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) 48607 (S-1-5-21-1138517282-2312738049-3737462855-1001 - Administrator - Enabled) => C:\Users\48607 Administrator (S-1-5-21-1138517282-2312738049-3737462855-500 - Administrator - Enabled) Gość (S-1-5-21-1138517282-2312738049-3737462855-501 - Limited - Disabled) Konto domyślne (S-1-5-21-1138517282-2312738049-3737462855-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1138517282-2312738049-3737462855-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0) (Version: 22.0.0.35 - Adobe Inc.) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.9.2494 - Avast Software) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.250.0.1070 - BlueStack Systems, Inc.) Calculator (HKLM-x32\...\Calculator) (Version: 1.1.0S - Calculator) Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 7.50 - NCH Software) Enlisted Launcher 1.0.3.76 (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\{5fcad5a5-d0d8-4edf-a5ba-040b397eac31}}_is1) (Version: - Gaijin Network) Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC) HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.) HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) K-Lite Codec Pack 16.0.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.5 - KLCP) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Medal (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Medal) (Version: 4.1000.0 - Medal B.V.) MEmu (HKLM-x32\...\MEmu) (Version: 7.3.3.0 - Microvirt Software Technology Co. Ltd.) menageudrivers (HKLM-x32\...\{3D02CD4C-367D-48D1-87A3-16384FD92B0A}) (Version: 1.00.0000 - Telegram) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation) Microsoft 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 16.0.14527.20276 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Teams) (Version: 1.4.00.26376 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 3.1.11 (x86) (HKLM-x32\...\{1dd5d240-f2b6-4007-b1c5-20678f1e9f70}) (Version: 3.1.11.29516 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) NewProduct 1.00 (HKLM-x32\...\NewProduct 1.00) (Version: 1.00 - Company) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden Opera GX Stable 80.0.4170.91 (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Opera GX 80.0.4170.91) (Version: 80.0.4170.91 - Opera Software) Roblox Player for 48607 (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\roblox-player) (Version: - Roblox Corporation) Roblox Studio for 48607 (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\roblox-studio) (Version: - Roblox Corporation) SGP Baltie 3.0.71.121 (HKLM-x32\...\SGP Baltie 3_is1) (Version: - SGP Systems, s.r.o.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Środowisko uruchomieniowe Microsoft Edge WebView2 (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation) Taskbar system version 1.0.0.2 (HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.60 - NCH Software) WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH) Wondershare Filmora X(Build 10.2.0.32) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare) Wondershare Recoverit(Build 10.0.3.14) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 10.0.3.14 - Wondershare Software Co.,Ltd.) Packages: ========= Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-11-11] (Amazon.com) Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2021-11-18] (Priceline Partner Network) Centrum sterowania grafiką Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-11] (INTEL CORP) [Startup Task] Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-11] (Microsoft Corporation) Dropbox – promocja -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2021-11-11] (Dropbox Inc.) Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.) HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.7.197.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.) HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.) HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.7.0.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.) HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.8.27.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.) HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.11.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.) Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1020.0_x64__8j3eq9eme6ctt [2021-11-11] (INTEL CORP) McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-11-11] (McAfee LLC.) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-11-11] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-11-11] (Netflix, Inc.) Pasjans -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.9.0_x64__kx24dqmazqk8j [2021-11-11] (Random Salad Games LLC) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.14.159.0_x64__43tkc6nmykmb6 [2021-11-11] (Ookla) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0 [2021-11-11] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1138517282-2312738049-3737462855-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-1138517282-2312738049-3737462855-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\48607\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1138517282-2312738049-3737462855-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\48607\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-11-07] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-11-07] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-11-07] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-11-07] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-11-07] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\48607\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Unobx\Krkwit\2C403928" ShortcutWithArgument: C:\Users\48607\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\unsub and dislike my bad stuff - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============= 2021-08-22 09:38 - 2021-08-22 09:39 - 103773184 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6\HP.Smart.dll 2021-04-04 19:54 - 2021-04-04 19:54 - 007068672 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll 2021-07-21 18:36 - 2021-07-21 18:37 - 042803200 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\48607:.repos [1042] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10240] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE SearchScopes: HKLM -> {86648E3F-46EA-4DEC-8C10-0421D51EF92A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> {86648E3F-46EA-4DEC-8C10-0421D51EF92A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1138517282-2312738049-3737462855-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE SearchScopes: HKU\S-1-5-21-1138517282-2312738049-3737462855-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE SearchScopes: HKU\S-1-5-21-1138517282-2312738049-3737462855-1001 -> {86648E3F-46EA-4DEC-8C10-0421D51EF92A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2021-02-24] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2021-02-24] (Oracle America, Inc. -> Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2020-09-18] (HP Inc. -> HP Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2020-09-18] (HP Inc. -> HP Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\ HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "OnrymSpeedup" HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\StartupApproved\Run: => "HPSEU_Host_Launcher" HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\StartupApproved\Run: => "Taskbar system" HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\StartupApproved\Run: => "Web Companion" HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\StartupApproved\Run: => "Medal" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{16FBEA13-DAA9-4487-B1EF-F3067842B2CE}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.415\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No File FirewallRules: [TCP Query User{72A92B6D-BA3D-48BC-81D8-A9CF6689601B}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.415\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No File FirewallRules: [{02DE79E4-27BD-454C-95D4-E0F73DD174E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> ) FirewallRules: [{26110492-1243-4242-A64A-8A921EB73D5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> ) FirewallRules: [UDP Query User{8BEF5CE4-5336-47AE-AA22-5A7B0AA3B166}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.408\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.408\opera.exe => No File FirewallRules: [TCP Query User{474C1862-DFF6-4E19-AA16-72BF5EA747DB}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.408\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.408\opera.exe => No File FirewallRules: [UDP Query User{D176C27E-F4DF-4DED-826A-B99C13766B0D}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe FirewallRules: [TCP Query User{E0E0384A-8A57-44C2-8B5D-AD6AD92EF281}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe FirewallRules: [UDP Query User{7E4B3CEB-54D1-4F4D-B2D8-E81944514EA3}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.400\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.400\opera.exe => No File FirewallRules: [TCP Query User{ABBAEFAF-FA27-46F7-AE96-2AD99CF5D96D}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.400\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.400\opera.exe => No File FirewallRules: [UDP Query User{FB106A9C-CD4A-49E5-A192-3769501A765A}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.396\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.396\opera.exe => No File FirewallRules: [TCP Query User{7BA24855-DAE5-423C-BEF9-CDBA2B1A1383}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.396\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.396\opera.exe => No File FirewallRules: [UDP Query User{9BA48839-26D8-489D-9EE5-3BC0C8ED2B69}C:\users\48607\appdata\local\programs\opera gx\72.0.3815.487\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\72.0.3815.487\opera.exe => No File FirewallRules: [TCP Query User{8BF9F774-58B0-484C-9690-5BC753AD3E7A}C:\users\48607\appdata\local\programs\opera gx\72.0.3815.487\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\72.0.3815.487\opera.exe => No File FirewallRules: [UDP Query User{64058966-D554-4F10-B520-A2F2F4C27A31}C:\users\48607\crystal-launcher\runtime\64\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\users\48607\crystal-launcher\runtime\64\jre1.8.0_271\bin\javaw.exe => No File FirewallRules: [TCP Query User{A4DB86F3-8912-4284-B4E8-F4B05FDFB78F}C:\users\48607\crystal-launcher\runtime\64\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\users\48607\crystal-launcher\runtime\64\jre1.8.0_271\bin\javaw.exe => No File FirewallRules: [{FBE9C68F-C2E4-4275-B222-ADEC2A7DDA9E}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [UDP Query User{4F5E4D8F-04C6-4B8F-B656-470B48A23A26}C:\users\48607\appdata\local\programs\opera gx\72.0.3815.459\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\72.0.3815.459\opera.exe => No File FirewallRules: [TCP Query User{6D625775-F509-4DB4-8FA4-A22E2B379A4B}C:\users\48607\appdata\local\programs\opera gx\72.0.3815.459\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\72.0.3815.459\opera.exe => No File FirewallRules: [UDP Query User{F894B415-BAF2-409B-9DA3-7778E9F362CF}C:\users\48607\appdata\local\programs\opera gx\72.0.3815.454\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\72.0.3815.454\opera.exe => No File FirewallRules: [TCP Query User{25B9E23A-4C91-4AC1-B348-8867502BB012}C:\users\48607\appdata\local\programs\opera gx\72.0.3815.454\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\72.0.3815.454\opera.exe => No File FirewallRules: [{3DD1E0B5-1DF5-46CB-A915-FBB8514D852F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe (Stichting Blender Foundation -> Blender Foundation) FirewallRules: [{393C9CD7-30DD-46AA-A614-69CEC01D2361}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe (Stichting Blender Foundation -> Blender Foundation) FirewallRules: [UDP Query User{F974F37B-EFF7-4DB3-AFBA-F40C6FCEB4E4}C:\users\48607\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\48607\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{443F5E54-E907-46E2-BA40-7AE49BB19371}C:\users\48607\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\48607\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{2138AA71-C74B-448E-9BCD-EA70DE99F0E6}C:\users\48607\crystal-launcher\runtime\64\jre1.8.0_211\bin\javaw.exe] => (Block) C:\users\48607\crystal-launcher\runtime\64\jre1.8.0_211\bin\javaw.exe => No File FirewallRules: [TCP Query User{1168FB60-5550-4C51-9B7B-98747027AC9E}C:\users\48607\crystal-launcher\runtime\64\jre1.8.0_211\bin\javaw.exe] => (Block) C:\users\48607\crystal-launcher\runtime\64\jre1.8.0_211\bin\javaw.exe => No File FirewallRules: [UDP Query User{21564C70-5206-47FE-8803-3902D680B36F}C:\users\48607\appdata\local\programs\opera gx\71.0.3770.323\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\71.0.3770.323\opera.exe => No File FirewallRules: [TCP Query User{E98D19CE-3463-40B1-B890-39A221AF1CC0}C:\users\48607\appdata\local\programs\opera gx\71.0.3770.323\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\71.0.3770.323\opera.exe => No File FirewallRules: [{D451D16D-DDFB-486B-8E10-FFEA74593000}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) FirewallRules: [{83D598BF-E753-4957-9ED5-559E2F98B731}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) FirewallRules: [{AE1A3356-43F9-47F5-B113-6663EB30D528}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{97B89384-3729-442E-96C4-BC0D4B7DB7DC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{D1B72F2C-FD3A-4972-967C-553750771AE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed] FirewallRules: [{C53158D1-4C27-447E-9C38-2CA4DEEAC965}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed] FirewallRules: [{1657D05E-CD96-47A6-926C-BA547E2C597A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{541C7BDD-46DD-48EC-BAD5-731ED77FC1B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{E50D0785-BD7E-4502-9959-131869FC9334}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{9FAA978D-F331-42F1-BDBB-05632EA05C5A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{2127E8AB-F65E-481A-95CA-44DBA47FC7FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{B88C45FF-A760-481F-B536-E335E8C52E5E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{FCFA32EA-D3AA-49A6-9C9E-FFF7ACB535BC}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.421\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.421\opera.exe => No File FirewallRules: [UDP Query User{22DE64F7-2AF3-4A3F-BFA3-0DE56EF6625F}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.421\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.421\opera.exe => No File FirewallRules: [TCP Query User{3EB8715D-AA26-41A9-A746-F861287BA5BD}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.424\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No File FirewallRules: [UDP Query User{06F04074-1B14-4E8A-9A09-83100AD18AF6}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.424\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No File FirewallRules: [{89876068-F1A4-41D1-B939-451C8EEDC58E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed] FirewallRules: [{F79C4CA3-B11B-4028-B4FB-6AB2EC18BD42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed] FirewallRules: [TCP Query User{C0576E17-3812-4D55-85B1-D89EAB2D383A}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.427\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.427\opera.exe => No File FirewallRules: [UDP Query User{22CE08DC-56C0-4462-BE21-1615081D5CE9}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.427\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.427\opera.exe => No File FirewallRules: [TCP Query User{AEDD71C5-49F1-4EEB-BD3E-7E818362C4BD}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.434\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.434\opera.exe => No File FirewallRules: [UDP Query User{17C571D3-6B92-4306-8E87-2D8CE2749237}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.434\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.434\opera.exe => No File FirewallRules: [TCP Query User{43913269-D9F0-426A-AD8B-704966768E60}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.438\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.438\opera.exe => No File FirewallRules: [UDP Query User{2508A678-FB95-4F01-8C36-BCB9C2BDA886}C:\users\48607\appdata\local\programs\opera gx\73.0.3856.438\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\73.0.3856.438\opera.exe => No File FirewallRules: [{0647ACB4-62EF-4240-BC6D-B34DAD14F7BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zardy's Maze\Zardy's Maze.exe () [File not signed] FirewallRules: [{C74447F6-9AF9-4D85-9009-30676A82F48A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zardy's Maze\Zardy's Maze.exe () [File not signed] FirewallRules: [TCP Query User{2D848A7E-9A82-4EDD-88BF-05A0DA0C2029}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.259\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No File FirewallRules: [UDP Query User{05D59CA5-2451-43C3-A4B0-694A680DA780}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.259\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No File FirewallRules: [TCP Query User{9FF6B060-A130-451D-9385-190F8DF77C9E}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.267\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No File FirewallRules: [UDP Query User{66796E97-08F2-43BF-9C15-A57607173399}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.267\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No File FirewallRules: [TCP Query User{7A50EF53-FB7B-4DF1-918B-5C38AF876D8B}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.279\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.279\opera.exe => No File FirewallRules: [UDP Query User{4E1DFD95-FEBD-4743-9EA7-22DAE504D490}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.279\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.279\opera.exe => No File FirewallRules: [{87128814-2956-4D8A-BD01-55789D8D2E59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Muck\Muck.exe () [File not signed] FirewallRules: [{2DE0A7CA-AB6C-40D9-BD02-08198D5EE986}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Muck\Muck.exe () [File not signed] FirewallRules: [TCP Query User{659D769B-5E19-4F0B-807D-63AC3F9CC376}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.282\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.282\opera.exe => No File FirewallRules: [UDP Query User{6AC79186-8B28-480A-A735-D7E657E58A1E}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.282\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.282\opera.exe => No File FirewallRules: [TCP Query User{B34CAA18-8B3A-4FFB-AC6C-22BE90AC9B47}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{DDC6DFBE-E430-4800-9EE4-EAD9E3E11C69}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{B3B452E7-1E9E-44B9-A16B-ED5DBF6687DF}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.285\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.285\opera.exe => No File FirewallRules: [UDP Query User{E57A09A6-EEBA-4BC0-BBD3-E9D51CCE389E}C:\users\48607\appdata\local\programs\opera gx\75.0.3969.285\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\75.0.3969.285\opera.exe => No File FirewallRules: [{5E87E5F5-DF59-4222-97E6-8B6121CD789D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{F4A8CB3E-62BD-4C3C-8F98-4086D94A3BD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [TCP Query User{8640B5CD-4F4E-461F-8C61-D54FC2C62E8D}C:\users\48607\appdata\local\programs\opera gx\76.0.4017.208\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No File FirewallRules: [UDP Query User{16ABD877-9A36-417F-9D73-F4CB9BD42008}C:\users\48607\appdata\local\programs\opera gx\76.0.4017.208\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No File FirewallRules: [TCP Query User{D9FE54A0-BACB-4E18-AF83-1C39E8F74E52}C:\users\48607\appdata\local\programs\opera gx\76.0.4017.227\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\76.0.4017.227\opera.exe => No File FirewallRules: [UDP Query User{07FFBEAD-9E82-4473-8734-B575A3A76730}C:\users\48607\appdata\local\programs\opera gx\76.0.4017.227\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\76.0.4017.227\opera.exe => No File FirewallRules: [TCP Query User{8043C4E0-BF8A-4FC3-9E31-1F4F2F334F91}C:\users\48607\appdata\local\programs\opera gx\77.0.4054.257\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\77.0.4054.257\opera.exe => No File FirewallRules: [UDP Query User{F80B1D9E-93ED-4927-8C31-9CC538E9D9CF}C:\users\48607\appdata\local\programs\opera gx\77.0.4054.257\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\77.0.4054.257\opera.exe => No File FirewallRules: [{17A82461-0756-4D06-9140-57ABC5C4A926}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [{F1F18796-0417-4DE7-AF02-C26266623FD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [{DD7E8694-23A8-4BA3-B61F-20FE496E56CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed] FirewallRules: [{C1A1CF51-14EC-4F26-B704-3C6A6198E0FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed] FirewallRules: [TCP Query User{C7107914-BC5D-4DDB-A64C-DFEA57BCA39A}C:\users\48607\appdata\local\programs\opera gx\77.0.4054.275\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\77.0.4054.275\opera.exe => No File FirewallRules: [UDP Query User{C58C4297-56BB-4A32-9B01-923C778ADFE2}C:\users\48607\appdata\local\programs\opera gx\77.0.4054.275\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\77.0.4054.275\opera.exe => No File FirewallRules: [TCP Query User{F429D8F9-AAFC-4BD7-984C-02868E8DA522}C:\users\48607\appdata\local\programs\opera gx\77.0.4054.298\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\77.0.4054.298\opera.exe => No File FirewallRules: [UDP Query User{B1479D0E-82AD-485A-8B28-1815437D3CE7}C:\users\48607\appdata\local\programs\opera gx\77.0.4054.298\opera.exe] => (Block) C:\users\48607\appdata\local\programs\opera gx\77.0.4054.298\opera.exe => No File FirewallRules: [{359E3677-A159-4487-8A6F-5301265DCAF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8D806D1D-8ADF-4EBB-9C05-B6210416CBB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{6ACE642B-AF15-45D4-AC64-67FA34F343AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{68CBD6F8-38AE-4491-95CF-83813CF4B073}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{1FFA5AE2-18FA-426C-8201-34EF6DB5D808}C:\users\48607\appdata\local\programs\opera gx\78.0.4093.153\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => No File FirewallRules: [UDP Query User{EBE4F26A-C043-49FB-A3E7-6AD7D5B6F90F}C:\users\48607\appdata\local\programs\opera gx\78.0.4093.153\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => No File FirewallRules: [{A4A12675-F2EF-4218-B0DD-BF64DADFAB17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C38F156E-4D95-4E3B-B63B-AC69B992FDC7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{BDA703CF-3031-46C2-93D3-DB910E495157}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{126373F1-8645-4353-AFFA-745FCA342F48}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B2069476-C2AD-42E2-BF54-011365403EA6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{DFD2EA6E-DDAC-4927-80E0-5D7B606D33E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F13F3DA8-6CF7-43AE-AB98-8E76AE1AFAF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{07736C5F-95F5-4F30-8324-6685B0325A92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{D160BD2F-8C2E-47C1-A062-5BFB3F13ED8D}C:\users\48607\appdata\local\programs\opera gx\78.0.4093.186\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => No File FirewallRules: [UDP Query User{C7D41FF0-0C7C-4225-9A30-38010D2105A6}C:\users\48607\appdata\local\programs\opera gx\78.0.4093.186\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => No File FirewallRules: [{267C45FF-588C-4926-B8B0-7072CEA7AF97}] => (Allow) C:\Users\48607\AppData\Local\Programs\Opera\78.0.4093.184\opera.exe => No File FirewallRules: [TCP Query User{79D7CFAC-1CAE-4F3D-A047-62346B5B7B15}C:\users\48607\appdata\local\programs\opera gx\78.0.4093.214\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\78.0.4093.214\opera.exe => No File FirewallRules: [UDP Query User{3126435C-FA30-4B04-A8C1-72D81BBE469A}C:\users\48607\appdata\local\programs\opera gx\78.0.4093.214\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\78.0.4093.214\opera.exe => No File FirewallRules: [{BBC7EED6-9BDF-4858-B123-1A10AE2B2CA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DELTARUNEdemo\DELTARUNE.exe () [File not signed] FirewallRules: [{F8D0A90D-8E17-44F8-8B16-8EEF7EB2BDED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DELTARUNEdemo\DELTARUNE.exe () [File not signed] FirewallRules: [{200C0EC9-3FE8-429D-9838-F949B8F5E04E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BE133C89-72A0-4C4F-847C-C8D115D7C301}C:\users\48607\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{B8F928C8-904D-46DB-884B-75C8730160B0}C:\users\48607\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\48607\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{92EE6157-979E-437B-9005-385EF01848EC}C:\users\48607\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\48607\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe FirewallRules: [UDP Query User{86DA05B2-F695-4F09-9DFF-895B61138CBD}C:\users\48607\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\48607\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe FirewallRules: [TCP Query User{7784A610-1026-4174-AF06-51909ACA7317}C:\users\48607\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\48607\appdata\local\enlisted\launcher.exe (Gaijin Network LTD -> Gaijin) FirewallRules: [UDP Query User{5332013A-C5D7-4918-9C35-0DE06EDA0ADE}C:\users\48607\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\48607\appdata\local\enlisted\launcher.exe (Gaijin Network LTD -> Gaijin) FirewallRules: [{EC55BB1C-F85F-4259-B583-90955020A935}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed] FirewallRules: [{C811E38F-675B-4A1B-9069-0FB2C66CADED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed] FirewallRules: [TCP Query User{2B735339-FD47-4A7E-9DB1-8107A571045E}C:\users\48607\desktop\gmodzs\srcds.exe] => (Block) C:\users\48607\desktop\gmodzs\srcds.exe => No File FirewallRules: [UDP Query User{4D3246BB-D141-4ACD-B717-DEEC70929E53}C:\users\48607\desktop\gmodzs\srcds.exe] => (Block) C:\users\48607\desktop\gmodzs\srcds.exe => No File FirewallRules: [{D52DA396-1A91-4FEF-854C-CE70E8A7410B}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{0510F687-FA1C-4787-9682-BEC0C041C256}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{08F0C9E8-32D9-48D0-AC0A-9792A80E20C9}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{C15F792B-22C4-4031-85EB-217A1DC3256E}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{5CE91919-9E5E-4ECB-BAF1-70F7DB51A1DA}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{9ACDFF1D-E005-45B8-B589-DBE8CADA6556}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{7BD44FF4-07E2-4EBF-B931-49E74507ECB8}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{C35ACD1D-123A-4ED6-83F9-E1E2E143AE0B}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{15D69EDB-5025-4711-B582-5E4257175082}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{828212C1-EA58-42C5-A998-E9805CD6E917}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{36A4F02D-8025-47EE-9DF4-749D056335D5}] => (Allow) LPort=57209 FirewallRules: [{C8B4C888-53CE-4E3D-A24D-04310800596D}] => (Allow) LPort=57210 FirewallRules: [{30CFA3B0-513F-45D2-ABE0-F22B93AF52A5}] => (Allow) LPort=57211 FirewallRules: [{ADC0892A-218D-4DF2-B88D-F6762CAC8EBE}] => (Allow) LPort=57212 FirewallRules: [{CD7225F0-E6F9-406D-9589-760E84248E89}] => (Allow) LPort=57213 FirewallRules: [{2B8E0180-8AA6-4AF3-B675-CAC83DFCA29F}] => (Allow) LPort=57214 FirewallRules: [{F80955CF-CC2E-4C31-B187-673B2EFD5898}] => (Allow) LPort=57215 FirewallRules: [{92041C3D-1DC9-4E61-9790-A491D02BE00D}] => (Allow) LPort=57217 FirewallRules: [{5FE62441-532C-46A0-B417-EC555684BD0B}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{91256B6C-B77E-45EF-B45E-7996EFEBED95}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{CE114093-6613-4520-B009-5B0597B4F226}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{EFE3BEFF-DA42-4F97-BC19-014AD0E870C5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== System errors: ============= Error: (11/18/2021 08:15:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The wuauserv service terminated with the following error: The system cannot find the file specified. Error: (11/18/2021 08:15:25 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-O6F29K5C) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (11/18/2021 08:13:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: ZARZĄDZANIE NT) Description: There was an error while attempting to read the local hosts file. Error: (11/18/2021 08:13:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: ZARZĄDZANIE NT) Description: There was an error while attempting to read the local hosts file. Error: (11/18/2021 08:13:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The wuauserv service terminated with the following error: The system cannot find the file specified. Error: (11/18/2021 08:13:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: ZARZĄDZANIE NT) Description: There was an error while attempting to read the local hosts file. Error: (11/18/2021 08:13:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: ZARZĄDZANIE NT) Description: There was an error while attempting to read the local hosts file. Error: (11/18/2021 08:11:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The wuauserv service terminated with the following error: The system cannot find the file specified. Windows Defender: ================ Date: 2021-11-18 20:13:35 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Powessere.O&threatid=2147772335&enterprise=0 Nazwa: Trojan:Win32/Powessere.O Identyfikator: 2147772335 Ważność: Poważny Kategoria: Koń trojański Ścieżka: CmdLine:_C:\Windows\System32\mshta.exe javascript:x=newZARZĄDZANIE NT\SYSTEMActiveXObject(wscript.shell);v=x.RegRead(HKCU\\Software\\Microsoft\\SMSvcHost\\ComponentID);eval(v); Pochodzenie wykrycia: Nieznane Typ wykrycia: Konkretne Źródło wykrycia: System Użytkownik: ZARZĄDZANIE NT\SYSTEM Nazwa procesu: Unknown Wersja analizy zabezpieczeń: AV: 1.353.1163.0, AS: 1.353.1163.0, NIS: 1.353.1163.0 Wersja aparatu: AM: 1.1.18700.4, NIS: 1.1.18700.4  CodeIntegrity: =============== Date: 2021-11-18 20:14:10 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2021-11-18 20:14:01 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: AMI F.18 04/16/2021 Motherboard: HP 86C9 Processor: Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz Percentage of memory in use: 48% Total physical RAM: 7880.82 MB Available physical RAM: 4059.64 MB Total Virtual: 10568.82 MB Available Virtual: 6863.97 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:476.15 GB) (Free:306.32 GB) NTFS \\?\Volume{f8803157-2ed4-4678-9eb4-385f811ee082}\ () (Fixed) (Total:0.51 GB) (Free:0.04 GB) NTFS \\?\Volume{56aa273a-1839-476f-832c-4b564e227792}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 647D9FFB) Partition: GPT. ==================== End of Addition.txt =======================