Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02 Ran by sztos (07-11-2023 19:09:50) Running from C:\Users\sztos\Downloads Microsoft Windows 10 Education Version 22H2 19045.3570 (X64) (2023-09-06 19:42:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1113700261-1597838685-1862523002-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1113700261-1597838685-1862523002-503 - Limited - Disabled) defaultuser100001 (S-1-5-21-1113700261-1597838685-1862523002-1003 - Limited - Enabled) Guest (S-1-5-21-1113700261-1597838685-1862523002-501 - Limited - Disabled) sztos (S-1-5-21-1113700261-1597838685-1862523002-1001 - Administrator - Enabled) => C:\Users\sztos WDAGUtilityAccount (S-1-5-21-1113700261-1597838685-1862523002-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov) Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 22.001.20085 - Adobe) Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_5) (Version: 23.5.0.669 - Adobe Inc.) Bitwarden (HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2023.10.0 - Bitwarden Inc.) Discord (HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\Discord) (Version: 1.0.9017 - Discord Inc.) IrfanView 4.62 (64-bit) (HKLM\...\IrfanView64) (Version: 4.62 - Irfan Skiljan) Messenger (HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 197.0.525091618 - Facebook, Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.44 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.44 - Microsoft Corporation) Microsoft Office LTSC Standard 2021 - de-de.proof (HKLM\...\Standard2021Volume - de-de.proof) (Version: 16.0.14332.20546 - Microsoft Corporation) Microsoft Office LTSC Standard 2021 - en-gb (HKLM\...\Standard2021Volume - en-gb) (Version: 16.0.14332.20546 - Microsoft Corporation) Microsoft Office LTSC Standard 2021 - pl-pl.proof (HKLM\...\Standard2021Volume - pl-pl.proof) (Version: 16.0.14332.20546 - Microsoft Corporation) Microsoft Teams classic (HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\Teams) (Version: 1.6.00.30666 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 117.0.1 - Mozilla) Mozilla Thunderbird (x64 pl) (HKLM\...\Mozilla Thunderbird 115.4.1 (x64 pl)) (Version: 115.4.1 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20546 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20546 - Microsoft Corporation) Hidden Polish (Programmers) + German (HKLM\...\{C8E80C9B-7A64-4ABC-9DD3-A5104019B84C}) (Version: 1.0.3.40 - Kamil Stańczyk) qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.5 - The qBittorrent project) Signal 6.37.0 (HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.37.0 - Signal Messenger, LLC) simplewall (HKLM\...\simplewall) (Version: 3.7.3 - Henry++) Spotify (HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\Spotify) (Version: 1.2.22.982.g794acc0a - Spotify AB) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.18681 - Microsoft Corporation) UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) WinSCP 6.1.2 (HKLM-x32\...\winscp3_is1) (Version: 6.1.2 - Martin Prikryl) Packages: ========= Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23100.116.0_x64__8wekyb3d8bbwe [2023-11-05] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1113700261-1597838685-1862523002-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\sztos\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23285.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1113700261-1597838685-1862523002-1001_Classes\CLSID\{3a391345-aae8-4941-a788-491283d9537d}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => No File CustomCLSID: HKU\S-1-5-21-1113700261-1597838685-1862523002-1001_Classes\CLSID\{a44d7aac-aa22-4122-aa54-fb030bfe1f94}\InprocServer32 -> C:\Users\sztos\Downloads\core\notificationserver.dll => No File CustomCLSID: HKU\S-1-5-21-1113700261-1597838685-1862523002-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\sztos\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-06-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-06-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-06-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-06-28] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-06-28] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2023-10-04 20:44 - 2023-10-04 20:44 - 000007168 _____ (Kamil Stańczyk) [File not signed] C:\Windows\system32\PLDE.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\sharepoint.com -> hxxps://uam-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2023-09-07 02:22 - 2023-09-07 02:22 - 000001602 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 cc-api-data.adobe.io 127.0.0.1 ic.adobe.io 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm-prd-da1.licenses.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 practivate-da1.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 uds.licenses.adobe.com 127.0.0.1 licenses.adobe.com 127.0.0.1 license.adobe.com 127.0.0.1 helpexamples.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sztos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_75330334F1F7BB3B891329147CD2C773" HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\StartupApproved\Run: => "com.messenger" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{19CA0039-0BCC-41AA-BB0E-55931E61EE09}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CA9F5968-4512-4A02-ADEF-1F27D0AB9889}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{2FC64D49-8DF1-4C8F-BCAE-8ABDBF3FC4E0}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [TCP Query User{749EFD43-2248-4091-A3A2-47E1DA87849C}C:\users\sztos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sztos\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{856D46D3-D332-4229-8C15-F963D3C0A846}C:\users\sztos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sztos\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{3F94841B-173D-4104-BD6C-B88F9E8EA729}C:\users\sztos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sztos\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{19716C49-8617-4C09-886B-C29D844D8060}C:\users\sztos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sztos\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0F2043B2-A5D9-4EE1-A072-256E7FD9E674}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:237.45 GB) (Free:108.88 GB) (46%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/07/2023 06:28:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Signal.exe, version: 6.37.0.0, time stamp: 0x65156144 Faulting module name: Signal.exe, version: 6.37.0.0, time stamp: 0x65156144 Exception code: 0xc000041d Fault offset: 0x00000000037af877 Faulting process ID: 0x456c Faulting application start time: 0x01da119ce7b8a20b Faulting application path: C:\Users\sztos\AppData\Local\Programs\signal-desktop\Signal.exe Faulting module path: C:\Users\sztos\AppData\Local\Programs\signal-desktop\Signal.exe Report ID: 0684e79c-8a84-4ca3-b079-c4933fef2f4d Faulting package full name: Faulting package-relative application ID: Error: (11/07/2023 06:28:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Signal.exe, version: 6.37.0.0, time stamp: 0x65156144 Faulting module name: Signal.exe, version: 6.37.0.0, time stamp: 0x65156144 Exception code: 0x80000003 Fault offset: 0x00000000037af877 Faulting process ID: 0x456c Faulting application start time: 0x01da119ce7b8a20b Faulting application path: C:\Users\sztos\AppData\Local\Programs\signal-desktop\Signal.exe Faulting module path: C:\Users\sztos\AppData\Local\Programs\signal-desktop\Signal.exe Report ID: 0ebabe82-d882-4d56-a735-5a4b0a3d0339 Faulting package full name: Faulting package-relative application ID: Error: (11/07/2023 06:05:39 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (11/07/2023 06:05:38 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (11/07/2023 04:28:22 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (11/07/2023 04:28:21 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (11/07/2023 04:28:21 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (11/07/2023 04:28:21 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 System errors: ============= Error: (11/07/2023 06:05:38 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {22be3e99-8858-404c-a6df-ee01c981b0aa}, had event 74 Error: (11/07/2023 04:28:22 PM) (Source: SurfaceTconDriver) (EventID: 13) (User: ) Description: Surface Tcon Driver TP Read fails, Status = 0xc0000186 Error: (11/07/2023 04:28:22 PM) (Source: SurfaceTconDriver) (EventID: 12) (User: ) Description: Surface Tcon Driver TP Write fails, Status = 0xc0000186 Error: (11/07/2023 04:28:22 PM) (Source: SurfaceTconDriver) (EventID: 13) (User: ) Description: Surface Tcon Driver TP Read fails, Status = 0xc0000186 Error: (11/07/2023 04:28:21 PM) (Source: SurfaceTconDriver) (EventID: 13) (User: ) Description: Surface Tcon Driver TP Read fails, Status = 0xc0000186 Error: (11/07/2023 04:28:21 PM) (Source: SurfaceTconDriver) (EventID: 12) (User: ) Description: Surface Tcon Driver TP Write fails, Status = 0xc0000186 Error: (11/07/2023 04:28:21 PM) (Source: SurfaceTconDriver) (EventID: 13) (User: ) Description: Surface Tcon Driver TP Read fails, Status = 0xc0000186 Error: (11/07/2023 04:28:21 PM) (Source: SurfaceTconDriver) (EventID: 13) (User: ) Description: Surface Tcon Driver TP Read fails, Status = 0xc0000186 Windows Defender: ================ Date: 2023-11-05 18:51:52 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-11-04 21:12:58 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-11-02 22:27:08 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-11-02 18:51:17 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen!MTB&threatid=2147751727&enterprise=0 Name: HackTool:Win32/Keygen!MTB Severity: High Category: Tool Path: file:_C:\Users\sztos\Downloads\XLN.Audio.XO.Complete.v1.4.5.9.Incl.Patched.and.Keygen-R2R\R2R\XLN_KeyGen.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\qBittorrent\qbittorrent.exe Security intelligence Version: AV: 1.399.1733.0, AS: 1.399.1733.0, NIS: 1.399.1733.0 Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007 Date: 2023-11-02 18:10:38 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Name: PUA:Win32/Keygen Severity: Low Category: Potentially Unwanted Software Path: file:_C:\Users\sztos\AppData\Local\Temp\keygen.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\sztos\Downloads\Heckmann Audio - u-he Diva v1.4.7\R2R\Uhe_KeyGen.exe Security intelligence Version: AV: 1.399.1733.0, AS: 1.399.1733.0, NIS: 1.399.1733.0 Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007 Event[0]: Date: 2023-10-21 14:15:38 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version. Security intelligence Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Security intelligence Version: 0.0.0.0;0.0.0.0 Engine Version: 0.0.0.0 CodeIntegrity: =============== Date: 2023-10-30 18:22:54 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-09-30 15:59:12 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Microsoft Corporation 17.101.140 08/24/2023 Motherboard: Microsoft Corporation Surface Laptop 3 Processor: Intel(R) Core(TM) i5-1035G7 CPU @ 1.20GHz Percentage of memory in use: 56% Total physical RAM: 7778.13 MB Available physical RAM: 3415.58 MB Total Virtual: 15796.57 MB Available Virtual: 10996.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.45 GB) (Free:108.88 GB) (Model: HFM256GDGTNG-87A0A) NTFS \\?\Volume{8e27b58f-a2ed-44bf-8ae2-d31bc06d3df9}\ () (Fixed) (Total:0.91 GB) (Free:0.45 GB) NTFS \\?\Volume{049a9e70-073d-4334-bcf7-a8a7dc6e1573}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 0CC30235) Partition: GPT. ==================== End of Addition.txt =======================