Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022 Ran by Michal (06-09-2022 20:41:28) Running from C:\Users\Michal\Downloads Microsoft Windows 10 Home Version 21H2 19044.1949 (X64) (2021-04-22 10:16:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-535994172-2959193490-1660769210-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-535994172-2959193490-1660769210-503 - Limited - Disabled) Guest (S-1-5-21-535994172-2959193490-1660769210-501 - Limited - Disabled) Michal (S-1-5-21-535994172-2959193490-1660769210-1002 - Administrator - Enabled) => C:\Users\Michal test (S-1-5-21-535994172-2959193490-1660769210-1003 - Administrator - Enabled) => C:\Users\test WDAGUtilityAccount (S-1-5-21-535994172-2959193490-1660769210-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov) Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1045-1033-7760-BC15014EA700}) (Version: 22.002.20191 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 105.1.43.89 - Brave Software Inc) Documentation Manager (HKLM\...\{0203C24C-452D-4344-871F-DE3C7B49C328}) (Version: 22.40.0.7 - Intel Corporation) Hidden ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.3.9 - Ene Tech.) Hidden ENE_DRAM_RGB_AIO (HKLM-x32\...\{bee27b2f-e41b-4dd1-9c1d-fddb3c155727}) (Version: 1.0.3.9 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{d6c7bfc9-8ecb-45a5-967b-f1c3c04cc972}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden Epic Games Launcher (HKLM-x32\...\{668E3630-108A-4F07-9C73-BCFD63E8912E}) (Version: 1.2.11.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.102 - Google LLC) Intel(R) Chipset Device Software (HKLM\...\{44C34709-F068-4CBC-8A71-515EDBC3B2A6}) (Version: 10.1.18383.8213 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{afad3740-3061-4b48-a9ab-6f1435cb3dd6}) (Version: 10.1.18383.8213 - Intel(R) Corporation) Intel(R) Computing Improvement Program (HKLM\...\{50883721-017E-40C5-9B65-F11F20DE8B45}) (Version: 2.4.07630 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{0940A8E6-DBBC-4554-B07D-EBFB10627716}) (Version: 30.100.2020.7 - Intel Corporation) Hidden Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000040-0220-1045-84C8-B8D95FA3C8C3}) (Version: 22.40.0.2 - Intel Corporation) Intel® Software Installer (HKLM-x32\...\{3933e30f-0de2-4fee-8a5e-28c71ea7f121}) (Version: 22.40.0.7 - Intel Corporation) Hidden IrfanView 4.60 (64-bit) (HKLM\...\IrfanView64) (Version: 4.60 - Irfan Skiljan) Killer Ethernet Performance Driver Suite UWD (HKLM\...\{8D5D1E91-BBB5-4035-A8BD-90590833ACED}) (Version: 2.3.1513 - Rivet Networks) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden MakeMKV v1.16.4 (HKLM-x32\...\MakeMKV) (Version: v1.16.4 - GuinpinSoft inc) Microsoft .NET Host - 5.0.10 (x64) (HKLM\...\{D1368E0E-D6FB-4C42-9132-885E5C23DB05}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.2 (x64) (HKLM\...\{8368577E-2F61-42AC-AF23-46AFAB4217DC}) (Version: 48.11.35878 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.10 (x64) (HKLM\...\{0FFA44C0-CFC0-4C1B-AACC-2C4BE1CDDB37}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.2 (x64) (HKLM\...\{B221F0E1-F6F1-41EC-8197-847829949A54}) (Version: 48.11.35878 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.10 (x64) (HKLM\...\{607A9135-1477-43AB-A8B0-7690DC1C58D3}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.2 (x64) (HKLM\...\{065DC311-BF3D-4DCD-94CA-D903C6DD4C0A}) (Version: 48.11.35878 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.27 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation) Microsoft Office Home and Business 2019 - en-us (HKLM\...\HomeBusiness2019Retail - en-us) (Version: 16.0.15427.20210 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-535994172-2959193490-1660769210-1003\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.10 (x64) (HKLM\...\{008667B9-294F-45C3-BB03-E6FBC58B26AF}) (Version: 40.40.30418 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.10 (x64) (HKLM-x32\...\{422d8da1-2e1a-4704-b462-db5439c6d1b9}) (Version: 5.0.10.30418 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.2 (x64) (HKLM\...\{CB054A0F-B342-4BFA-8E1C-1C1277DE89CA}) (Version: 48.11.35878 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.2 (x64) (HKLM-x32\...\{f443bbdb-acaa-4eab-9d5d-098b722891ed}) (Version: 6.0.2.30914 - Microsoft Corporation) MSI Afterburner 4.6.4 (HKLM-x32\...\Afterburner) (Version: 4.6.4 - MSI Co., LTD) MSI App Player (HKLM\...\BlueStacks_msi2) (Version: 4.200.0.6306 - BlueStack Systems, Inc.) MSI NBFoundation Service (HKLM-x32\...\{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2111.1501 - MSI) Hidden MSI NBFoundation Service (HKLM-x32\...\InstallShield_{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2111.1501 - MSI) MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 2.2021.1110.01 - MSI) MSI Sound Tune (HKLM\...\IGO_VAC) (Version: 2.0.1.7 - Micro-Star INT'L CO., LTD.) MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 4.2.10.0 - Portrait Displays, Inc.) Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: - ) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.4 - Notepad++ Team) NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation) NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation) NVIDIA Graphics Driver 516.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.94 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.39.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20148 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.112.50486 - Electronic Arts, Inc.) PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9079.1 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 7.3.3 (HKLM-x32\...\RTSS) (Version: 7.3.3 - Unwinder) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.46.448 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.3 - Rockstar Games) RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden SMPlayer 22.2.0 (x64) (HKLM\...\SMPlayer) (Version: 22.2.0 - Ricardo Villalba) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SteelSeries Engine 3.20.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.20.0 - SteelSeries ApS) Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.00 - Ghisler Software GmbH) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 120.0.10418 - Ubisoft) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Zoom (HKU\S-1-5-21-535994172-2959193490-1660769210-1002\...\ZoomUMX) (Version: 5.6.4 (799) - Zoom Video Communications, Inc.) Packages: ========= AudioDirector for MSI -> C:\Program Files\WindowsApps\CyberLink.AudioDirectorforMSI_7.0.9105.0_x64__jtmmp2jxy9gb6 [2021-04-22] (CyberLink) ColorDirector for MSI -> C:\Program Files\WindowsApps\CyberLink.ColorDirectorforMSI_5.0.8107.0_x64__jtmmp2jxy9gb6 [2021-04-22] (CyberLink) CrystalDiskMark -> C:\Program Files\WindowsApps\45313CrystalDewWorld.CrystalDiskMark5_8.0.11.0_x64__kfjz01bcdaj9c [2022-07-28] (Crystal Dew World) Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.36.4.0_x64__6rarf9sa4v8jt [2022-09-03] (Disney) DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.121.0_x64__kzh8wxbdkxb8p [2022-04-16] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task] foobar2000 -> C:\Program Files\WindowsApps\Resolute.foobar2000_1.6.110.0_x86__cg7j1awqsza28 [2022-05-07] (Resolute) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-22] (INTEL CORP) [Startup Task] Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1122.329.0_x64__rh07ty8m5nkag [2022-06-21] (Rivet Networks LLC) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-22] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-22] (Microsoft Corporation) [MS Ad] Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3000.0_x64__8wekyb3d8bbwe [2022-09-03] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-28] (Microsoft Studios) [MS Ad] Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-04-22] (MAGIX) Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.10.0_x64__w2gh52qy24etm [2022-09-06] (A-Volute) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-15] (Netflix, Inc.) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-08-09] (NVIDIA Corp.) PhotoDirector 10 Essential for MSI -> C:\Program Files\WindowsApps\CyberLink.PhotoDirector10EssentialforMSI_10.0.2326.0_x64__jtmmp2jxy9gb6 [2021-04-22] (CyberLink) PowerDirector 17 Essential for MSI -> C:\Program Files\WindowsApps\CyberLink.PowerDirector17EssentialforMSI_17.0.2712.0_x64__jtmmp2jxy9gb6 [2021-04-22] (CyberLink) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.36.273.0_x64__dt26b99r8h8gj [2022-08-11] (Realtek Semiconductor Corp) Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.34.0_x64__8j3eq9eme6ctt [2021-08-06] (INTEL CORP) Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2022-04-16] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-535994172-2959193490-1660769210-1002_Classes\CLSID\{5972393c-cd02-c182-74ee-9d9bbeb5a8c3}\localserver32 -> C:\Users\Michal\Downloads\!soft\HandBrake\HandBrake.exe (HandBrake Team) [File not signed] CustomCLSID: HKU\S-1-5-21-535994172-2959193490-1660769210-1002_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Michal\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b840211aa1b1b9ff\OptaneShellExt.dll [2020-04-30] (Intel(R) Rapid Storage Technology -> ) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-09-26] (Notepad++ -> ) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b840211aa1b1b9ff\OptaneShellExt.dll [2020-04-30] (Intel(R) Rapid Storage Technology -> ) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_417542b70c8bb20a\nvshext.dll [2022-07-28] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-04-22 16:08 - 2021-03-26 16:51 - 000051200 _____ () [File not signed] C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\_frozenlist.cp37-win32.pyd 2021-04-22 16:08 - 2021-03-26 16:51 - 000037888 _____ () [File not signed] C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\_helpers.cp37-win32.pyd 2021-04-22 16:08 - 2021-03-26 16:51 - 000204800 _____ () [File not signed] C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\_http_parser.cp37-win32.pyd 2021-04-22 16:08 - 2021-03-26 16:51 - 000034304 _____ () [File not signed] C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\_http_writer.cp37-win32.pyd 2021-04-22 16:08 - 2021-03-26 16:51 - 000022528 _____ () [File not signed] C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\_websocket.cp37-win32.pyd 2021-04-22 16:08 - 2021-12-09 18:14 - 000034816 _____ () [File not signed] C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\multidict\_multidict.cp37-win32.pyd 2021-04-22 16:08 - 2021-03-26 16:51 - 000061952 _____ () [File not signed] C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\psutil\_psutil_windows.cp37-win32.pyd 2021-04-22 16:08 - 2021-03-26 16:51 - 000073216 _____ () [File not signed] C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\yarl\_quoting.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000037888 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\aiohttp\_helpers.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000213504 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\aiohttp\_http_parser.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000035328 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\aiohttp\_http_writer.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000022528 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\aiohttp\_websocket.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000053248 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\frozenlist\_frozenlist.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000081920 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\google\protobuf\internal\_api_implementation.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 001282048 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\google\protobuf\pyext\_message.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000119296 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\lxml\_elementpath.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 003288064 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\lxml\etree.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000164352 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\lxml\html\clean.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000034816 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\multidict\_multidict.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000009728 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\websockets\speedups.cp37-win32.pyd 2021-11-05 17:43 - 2021-11-05 17:43 - 000066048 _____ () [File not signed] C:\Users\Michal\AppData\Local\GOG.com\Galaxy\plugins\installed\steam_ca27391f-2675-49b1-92c0-896d43afa4f8\yarl\_quoting_c.cp37-win32.pyd 2022-08-14 10:17 - 2022-07-15 16:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-04-22 21:15 - 2021-03-17 15:13 - 046184448 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\MSI\One Dragon Center\Sound Tune\dnnl.dll 2019-07-02 16:07 - 2019-07-02 16:07 - 000014632 _____ (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\MSI NBFoundation Service\UEFIVaribleDll.dll 2021-05-12 20:07 - 2021-05-12 20:07 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-535994172-2959193490-1660769210-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg HKU\S-1-5-21-535994172-2959193490-1660769210-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "MsiTrueColor" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "Duet Display" HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant" HKU\S-1-5-21-535994172-2959193490-1660769210-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7999338B87431E4923015A2D4B0F7CC3" HKU\S-1-5-21-535994172-2959193490-1660769210-1002\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{54B5563F-A89A-4D7E-846B-F4F4E4432E6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FD92B037-FF9D-4A06-B904-D9E671FE3E0C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C1719A90-547B-4E35-94FB-C4124DB7CCB5}] => (Allow) C:\Program Files\BlueStacks_msi2\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [{C103B1A1-6F7B-4045-B8C1-1A6A56057C24}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{EE51B715-462A-4E35-A170-E0FE0E75D209}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{9DB48BA4-911A-4AE3-83C2-DDE8C87AABD6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{57E20463-408D-4840-BECD-5C588A81A023}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{516027F9-D502-4B95-8D9B-E39AF192B65F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{89A2B944-A144-45F2-A755-A4A285810E0C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{0BE0644E-3081-4281-B0C5-9CFC1E245BDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F5B43726-27E1-44E3-AD0C-54BA19CF8B2D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{AF1662E8-5BD6-46F4-AB92-42EF48025173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed] FirewallRules: [{4F16B36C-FF01-407E-8244-B82D86353599}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed] FirewallRules: [{00CBB914-7365-47A9-B0B6-0A46F6F2D09B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [File not signed] FirewallRules: [{5EB27097-F29E-416D-A1D1-7F2FB66A06A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [File not signed] FirewallRules: [{6613C4F1-1839-43EE-9434-02447A3FE6EA}] => (Allow) C:\Users\Michal\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{EDB7F0ED-DA36-44C9-9F69-88CB4555C4DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{67F80942-DD10-4795-A3AC-DC2FA6496121}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{0F0D8837-48AD-4F3E-A0AB-BB4D68B9C606}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{3EC3C99F-4299-45A1-AC86-E6BEE25B9B53}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{2919CE8F-44B5-446E-9430-08E47DF7F7DD}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{59C15365-4A98-4452-81D6-1585B419EF5B}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [TCP Query User{83B07A6B-2BB3-420F-9B7C-9DC7EC572280}C:\users\michal\downloads\!soft\utorrent_2.2.1.exe] => (Allow) C:\users\michal\downloads\!soft\utorrent_2.2.1.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [UDP Query User{FA14E4FA-379C-4EC5-B658-29B12BA454F9}C:\users\michal\downloads\!soft\utorrent_2.2.1.exe] => (Allow) C:\users\michal\downloads\!soft\utorrent_2.2.1.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [TCP Query User{F51ED319-C2BE-4D52-8C2B-E036E98C7BB1}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{4C0C4A34-854B-4651-B256-4645FCF16784}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{F5E1F676-FE94-420B-AD92-CD592D65FC04}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4384AC4A-3F77-41BA-8FA4-1A2847BEF429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe (Luca Galante) [File not signed] FirewallRules: [{574B60CE-9095-4014-A3CD-DF77BA49ECFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe (Luca Galante) [File not signed] FirewallRules: [TCP Query User{A841DE25-B0C4-4FC2-A90B-50C72F0E68BF}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{F0209A99-E152-4BAC-8C2E-81F40AC16D06}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{B5B7BC9E-D368-4695-9D7C-579FF3F52DED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{3D2A21D1-6FEE-402C-8BDA-6AAA5ADCF306}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{A1077386-95AF-4117-8140-E8BCE155B2D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{6A0F3558-5FF0-4E5B-8F38-ABE419FEA06C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{AB813DEF-7DA2-450C-A455-5AA81A1B9612}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Time at Sandrock\Sandrock.exe () [File not signed] FirewallRules: [{67D62E1E-D447-434D-8258-4A8655A09153}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Time at Sandrock\Sandrock.exe () [File not signed] FirewallRules: [TCP Query User{046D55F8-F008-4E75-9047-8829A5A024CD}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed] FirewallRules: [UDP Query User{59E49532-70C9-4ABE-B7D3-CA3B2A7B1CFF}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed] FirewallRules: [TCP Query User{1970323D-EB10-48B9-BE00-C667CD507DF6}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{985D417B-5170-404A-8365-6AF9A994F55D}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{4AC76450-B408-4A72-96CA-FDE6EAFEA762}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel's Spider-Man Remastered\Spider-Man.exe (Sony Interactive Entertainment LLC -> Insomniac Games, Inc.) FirewallRules: [{8AE43EAA-416D-47CE-8E78-465E9224C9B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel's Spider-Man Remastered\Spider-Man.exe (Sony Interactive Entertainment LLC -> Insomniac Games, Inc.) FirewallRules: [{2C890FD2-235C-4C98-8446-5542C195E99D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{15DB06D5-2F71-4932-BB8B-88075D5853B9}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{7DD4F245-5667-41D1-A60B-E0E37A6DAD34}] => (Allow) LPort=32682 ==================== Restore Points ========================= 05-09-2022 17:18:15 Windows Modules Installer 05-09-2022 17:21:39 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (09/06/2022 08:33:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: msedge.exe, version: 105.0.1343.27, time stamp: 0x6311ec84 Faulting module name: msedge.dll, version: 105.0.1343.27, time stamp: 0x6311ec84 Exception code: 0xc0000005 Fault offset: 0x0000000002c17a8a Faulting process id: 0x10bc Faulting application start time: 0x01d8c21f2efdacca Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Faulting module path: C:\Program Files (x86)\Microsoft\Edge\Application\105.0.1343.27\msedge.dll Report Id: 24fd0b51-2b44-4f92-a26a-a424629eb119 Faulting package full name: Faulting package-relative application ID: Error: (09/06/2022 07:50:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: msedge.exe, version: 105.0.1343.27, time stamp: 0x6311ec84 Faulting module name: msedge.dll, version: 105.0.1343.27, time stamp: 0x6311ec84 Exception code: 0xc0000005 Fault offset: 0x0000000002c17a8a Faulting process id: 0x4cd4 Faulting application start time: 0x01d8c2193833211a Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Faulting module path: C:\Program Files (x86)\Microsoft\Edge\Application\105.0.1343.27\msedge.dll Report Id: ba5a3c32-6e79-4db9-a61b-4794e533fbeb Faulting package full name: Faulting package-relative application ID: Error: (09/06/2022 06:18:05 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (09/06/2022 06:18:05 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/06/2022 06:13:34 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/06/2022 06:13:34 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (09/06/2022 06:13:34 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/06/2022 06:10:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . System errors: ============= Error: (09/06/2022 08:29:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The RstMwService service terminated with the following error: %%2684420176 Error: (09/06/2022 06:18:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The RstMwService service terminated with the following error: %%2684420176 Error: (09/06/2022 06:14:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The RstMwService service terminated with the following error: %%2684420176 Error: (09/06/2022 06:10:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The RstMwService service terminated with the following error: %%2684420176 Error: (09/06/2022 05:12:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The RstMwService service terminated with the following error: %%2684420176 Error: (09/05/2022 05:23:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The xTendSoftAPService service terminated unexpectedly. It has done this 1 time(s). Error: (09/05/2022 05:22:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The RstMwService service terminated with the following error: %%2684420176 Error: (09/05/2022 05:19:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The RstMwService service terminated with the following error: %%2684420176 Windows Defender: ================ Date: 2022-09-06 17:35:31 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {AAEC9D9C-411A-48C8-8B3D-A1E727DBB9BE} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM Date: 2022-09-05 19:25:16 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {2935CE7F-CD70-4891-8A53-4FE4080181FD} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM Date: 2022-09-04 17:47:08 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {A8BFE576-C4D7-43C9-8AC0-3969B62B60E7} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM Date: 2022-09-01 23:15:17 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {08AFC36A-6A19-443A-8F13-2056F49E7575} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM Date: 2022-08-24 18:37:44 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {955E49FB-4B19-4B62-98DF-070985F72C8C} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM  CodeIntegrity: =============== Date: 2022-09-06 20:39:57 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8fd80d4662ee466f\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2022-09-06 20:39:52 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. E16V3IMS.10A 01/29/2021 Motherboard: Micro-Star International Co., Ltd. MS-16V3 Processor: Intel(R) Core(TM) i7-10870H CPU @ 2.20GHz Percentage of memory in use: 50% Total physical RAM: 16201.74 MB Available physical RAM: 8058.41 MB Total Virtual: 18633.74 MB Available Virtual: 7823.82 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:929.36 GB) (Free:115.39 GB) (Model: WDC PC SN730 SDBPNTY-1T00-1032) NTFS \\?\Volume{b9d3c9d9-d576-41c4-ac7c-6064a5eecea0}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.42 GB) NTFS \\?\Volume{2bf14f86-d378-4be7-ab49-d84b3745cd25}\ (BIOS_RVY) (Fixed) (Total:23.22 GB) (Free:0.68 GB) NTFS \\?\Volume{39ab6009-bfe1-4bcd-8835-7f10d9b65b0e}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 953.9 GB) (Disk ID: FAE6096C) Partition: GPT. ==================== End of Addition.txt =======================