Jump to content

Undetectable virus - 100% disk space.


Recommended Posts

  • Root Admin

Hello @Slowpomegranate

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-01-2021
Ran by Lmalo (administrator) on DESKTOP-SQ7MEH0 (18-01-2021 17:37:54)
Running from C:\Users\Lmalo\Downloads
Loaded Profiles: Lmalo
Platform: Windows 10 Home Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Chan Software Solutions) C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.WPF.Core.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxCUIService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\Lmalo\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe <21>
(Opera Software AS -> Opera Software) C:\Users\Lmalo\AppData\Local\Programs\Opera\73.0.3856.344\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\Lmalo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Sony) [File not signed] C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Lmalo\AppData\Local\Temp\Twitch\Twitch.exe
(Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Lmalo\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe <7>
(Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Lmalo\AppData\Roaming\Twitch\Bin\TwitchAgent.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268168 2018-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [465120 2020-08-20] (Express Vpn LLC -> ExpressVPN)
HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Run: [Opera Browser Assistant] => C:\Users\Lmalo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-sess (the data entry has 165 more characters).
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\Software\...\AppCompatFlags\Custom\Myst.exe: [{a2a608e4-05f8-466b-a53f-f0f07515143a}.sdb] -> GOG.com Myst
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a2a608e4-05f8-466b-a53f-f0f07515143a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a2a608e4-05f8-466b-a53f-f0f07515143a}.sdb [2017-06-27]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-14] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-12-29]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\Users\Lmalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-01-20]
ShortcutTarget: Twitch.lnk -> C:\Users\Lmalo\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1CB0AD70-14BC-46D2-B337-B9E897907654} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2FBA7EFB-7396-47EF-9BBF-5671D86FD200} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-01] (Google Inc -> Google Inc.)
Task: {4767079C-6932-4C73-B025-904E6A1C151F} - System32\Tasks\Opera scheduled Autoupdate 1568669370 => C:\Users\Lmalo\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {829C556D-DA82-42BA-A600-DA5F9380731F} - System32\Tasks\Opera scheduled assistant Autoupdate 1569409016 => C:\Users\Lmalo\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Lmalo\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {B0F66D45-2CD5-4209-A55C-C538D1FDF873} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAC2E99C-3C57-406F-B5CB-C5BB646ACA0F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF9756D9-9A91-404A-856A-9C14A239FE3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-01] (Google Inc -> Google Inc.)
Task: {CCD6E3B9-9C13-4E60-9EE8-EF706399A6C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{0bdd6c04-ef05-43cf-9f94-b94c1e03aaa2}: [DhcpNameServer] 172.16.144.1
Tcpip\..\Interfaces\{21e1c6e0-af58-4b60-ba19-52c74fcc3a58}: [DhcpNameServer] 10.130.0.1
Tcpip\..\Interfaces\{5f6fa8ab-404c-45c9-a6f3-6536d9730f5a}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge: 
=======
Edge HomeButtonPage: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> hxxp://www.app-surf.com/
Edge Notifications: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> hxxps://tinder.com; hxxps://www.facebook.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lmalo\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-14]
Edge HomePage: Default -> hxxp://www.app-surf.com/
Edge StartupUrls: Default -> "hxxp://www.app-surf.com/"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Lmalo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-14]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 87n4qgzr.default
FF ProfilePath: C:\Users\Lmalo\AppData\Roaming\Mozilla\Firefox\Profiles\87n4qgzr.default [2020-11-30]
FF Homepage: Mozilla\Firefox\Profiles\87n4qgzr.default -> hxxp://www.app-surf.com/
FF Notifications: Mozilla\Firefox\Profiles\87n4qgzr.default -> hxxps://tinder.com; hxxps://www.facebook.com
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2020-12-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2020-12-11] (Oracle America, Inc. -> Oracle Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default [2021-01-16]
CHR Extension: (Slides) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-09]
CHR Extension: (Docs) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-09]
CHR Extension: (Google Drive) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-09]
CHR Extension: (YouTube) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-09]
CHR Extension: (uBlock Origin) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-01-09]
CHR Extension: (Sheets) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-09]
CHR Extension: (Google Docs Offline) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-09]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2021-01-09]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-09]
CHR Extension: (Gmail) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-09]
CHR Extension: (Chrome Media Router) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera: 
=======
OPR Profile: C:\Users\Lmalo\AppData\Roaming\Opera Software\Opera Stable [2021-01-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Lmalo\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-11-11]
OPR Extension: (Install Chrome Extensions) - C:\Users\Lmalo\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2020-11-23]
OPR Extension: (Amazon Assistant for Opera) - C:\Users\Lmalo\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2020-12-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-01-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-08-20] (Express Vpn LLC -> ExpressVPN)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-10-20] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6841416 2019-10-20] (GOG Sp. z o.o. -> GOG.com)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2156864 2018-02-28] (Electronic Arts, Inc. -> Electronic Arts)
S3 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3026760 2018-02-28] (Electronic Arts, Inc. -> Electronic Arts)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2198016 2018-11-20] (Sony) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CtClsFlt; C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [188408 2015-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [43392 2018-05-14] (Elgato Systems LLC -> UB658)
S3 ElgatoVAD; C:\WINDOWS\System32\drivers\ElgatoVAD.sys [39208 2017-07-11] (Elgato Systems LLC -> Elgato Systems GmbH)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2020-08-20] (ExprsVPN LLC -> ExpressVPN)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [32384 2018-03-14] (Sony Mobile Communications AB -> Sony Mobile Communications)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-05-08] (Martin Malik - REALiX -> REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslfb657f6a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6ADCFC31-2884-4AB0-9FA5-2148E09A3E31}\MpKslDrv.sys [91376 2021-01-18] (Microsoft Windows -> Microsoft Corporation)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-09-10] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-05-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2020-08-20] (ExprsVPN LLC -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-18 17:37 - 2021-01-18 17:37 - 002295296 _____ (Farbar) C:\Users\Lmalo\Downloads\FRST64 (1).exe
2021-01-14 14:37 - 2021-01-14 14:37 - 000107313 _____ C:\Users\Lmalo\Downloads\Goodbye_Mother_Nature.pdf
2021-01-14 14:19 - 2021-01-14 14:19 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-14 14:19 - 2021-01-14 14:19 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-14 14:19 - 2021-01-14 14:19 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-14 14:19 - 2021-01-14 14:19 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-14 14:19 - 2021-01-14 14:19 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-14 14:19 - 2021-01-14 14:19 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-14 14:19 - 2021-01-14 14:19 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-14 14:19 - 2021-01-14 14:19 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-14 14:19 - 2021-01-14 14:19 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-14 14:19 - 2021-01-14 14:19 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-14 14:18 - 2021-01-14 14:18 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-14 14:18 - 2021-01-14 14:18 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-14 14:18 - 2021-01-14 14:18 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-14 14:18 - 2021-01-14 14:18 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-14 14:17 - 2021-01-14 14:17 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-14 14:17 - 2021-01-14 14:17 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-14 14:17 - 2021-01-14 14:17 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-14 14:17 - 2021-01-14 14:17 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-14 14:17 - 2021-01-14 14:17 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-14 14:17 - 2021-01-14 14:17 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-14 14:16 - 2021-01-14 14:16 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-14 14:16 - 2021-01-14 14:16 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-14 14:16 - 2021-01-14 14:16 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-14 14:16 - 2021-01-14 14:16 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-14 14:16 - 2021-01-14 14:16 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-14 14:16 - 2021-01-14 14:16 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-14 14:16 - 2021-01-14 14:16 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-14 14:15 - 2021-01-14 14:15 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-14 14:15 - 2021-01-14 14:15 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-14 14:14 - 2021-01-14 14:14 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-14 14:14 - 2021-01-14 14:14 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-14 14:14 - 2021-01-14 14:14 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-14 14:14 - 2021-01-14 14:14 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-14 14:14 - 2021-01-14 14:14 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-14 14:14 - 2021-01-14 14:14 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-14 14:13 - 2021-01-14 14:13 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-14 14:12 - 2021-01-14 14:12 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-14 14:12 - 2021-01-14 14:12 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-14 14:12 - 2021-01-14 14:12 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-14 14:12 - 2021-01-14 14:12 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-06 20:08 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-06 20:08 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-06 20:08 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-06 20:08 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 000351128 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000673520 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000555248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-06 20:08 - 2020-10-05 14:00 - 005972824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-04 20:42 - 2021-01-04 20:42 - 000238572 _____ C:\Users\Lmalo\Downloads\correspondence.pdf
2021-01-03 21:28 - 2021-01-04 08:55 - 000000000 ____D C:\Users\Lmalo\OneDrive\Documents\My Kindle Content
2021-01-03 21:28 - 2021-01-03 21:28 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2021-01-03 21:28 - 2021-01-03 21:28 - 000000000 ____D C:\Users\Lmalo\AppData\Local\Amazon
2021-01-03 21:27 - 2021-01-03 21:27 - 058106720 _____ (Amazon.com) C:\Users\Lmalo\Downloads\KindleForPC-installer-1.30.59056.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-18 17:39 - 2020-11-26 11:01 - 000019574 _____ C:\Users\Lmalo\Downloads\FRST.txt
2021-01-18 17:38 - 2020-11-24 11:05 - 000000000 ____D C:\FRST
2021-01-18 17:35 - 2020-09-05 13:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-18 17:35 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-18 17:03 - 2017-06-25 13:56 - 000000000 ____D C:\Users\Lmalo\AppData\Local\ElevatedDiagnostics
2021-01-18 16:16 - 2020-03-15 15:03 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-18 16:15 - 2018-09-13 21:42 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\Twitch
2021-01-18 16:12 - 2020-09-05 14:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-18 16:12 - 2020-09-03 23:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-18 16:12 - 2017-06-25 14:26 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-18 13:00 - 2020-09-05 14:00 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-18 13:00 - 2020-09-05 14:00 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-18 12:58 - 2020-09-05 14:00 - 000004206 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1568669370
2021-01-18 12:58 - 2019-09-16 21:29 - 000001405 _____ C:\Users\Lmalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-01-16 14:05 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-16 14:05 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-15 10:14 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-14 19:18 - 2017-09-04 19:31 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\discord
2021-01-14 16:39 - 2020-09-05 13:46 - 000868930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-14 16:33 - 2020-09-05 13:24 - 000508272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-14 16:32 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-14 16:29 - 2020-09-05 21:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-14 16:28 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-14 16:28 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-14 14:25 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-14 14:12 - 2020-09-05 13:29 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-14 13:41 - 2017-05-09 18:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-14 13:39 - 2017-05-09 18:49 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-14 10:35 - 2020-12-09 14:09 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-14 10:35 - 2020-12-09 14:09 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-14 10:35 - 2020-12-09 14:09 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-09 15:55 - 2020-08-29 11:26 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-09 15:55 - 2020-08-29 11:26 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-09 15:55 - 2020-08-29 11:26 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-06 20:11 - 2017-05-13 22:12 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-01-06 20:10 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Help
2021-01-06 20:10 - 2017-05-13 22:12 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-12-31 19:33 - 2020-12-11 14:01 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\.minecraft
2020-12-31 19:32 - 2020-12-11 14:40 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\.tlauncher

==================== Files in the root of some directories ========

2017-06-12 11:34 - 2018-07-05 11:34 - 000000422 _____ () C:\Users\Lmalo\AppData\Roaming\WB.CFG
2017-06-21 21:26 - 2017-06-21 21:26 - 001065984 _____ () C:\Users\Lmalo\AppData\Local\file__0.localstorage
2019-01-08 15:44 - 2019-01-08 15:44 - 000000218 _____ () C:\Users\Lmalo\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2021
Ran by Lmalo (18-01-2021 17:42:14)
Running from C:\Users\Lmalo\Downloads
Windows 10 Home Version 20H2 19042.746 (X64) (2020-09-05 14:02:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1796348420-728246846-562771544-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1796348420-728246846-562771544-503 - Limited - Disabled)
Guest (S-1-5-21-1796348420-728246846-562771544-501 - Limited - Disabled)
Lmalo (S-1-5-21-1796348420-728246846-562771544-1001 - Administrator - Enabled) => C:\Users\Lmalo
WDAGUtilityAccount (S-1-5-21-1796348420-728246846-562771544-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon Kindle (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
Antichamber (HKLM\...\UDK-395a7117-f457-4eab-b093-db255d0f3310) (Version:  - Epic Games, Inc.)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{57350A74-1CA4-48F2-861F-EDCB971D260C}) (Version: 1.1.137.0 - Epic Games, Inc.)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8468D8835}) (Version: 7.12.1.4 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{ebd248cd-b3ef-4e14-b91a-d626fa5c392a}) (Version: 7.12.1.4 - ExpressVPN)
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\GrammarlyForWindows) (Version: 1.5.32 - Grammarly)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Kodi) (Version:  - XBMC Foundation)
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.42.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-GB)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
Myst Masterpiece Edition (HKLM-x32\...\1207658818_is1) (Version: 2.1.0.23 - GOG.com)
NGT Lite (HKLM-x32\...\{5213E009-D101-4869-AE3F-30E238721E83}) (Version: 1.51 - DSPG Telecom)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{708F0253-F566-48F3-9B88-06F48F16548B}) (Version: 4.15.9789 - Apache Software Foundation)
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.12.32066 - Electronic Arts, Inc.)
QT Lite 4.1.0 (HKLM-x32\...\quicktime_lite_is1) (Version: 4.1.0 - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8372 - Realtek Semiconductor Corp.)
Scrivener (HKLM-x32\...\Scrivener 19160) (Version: 19160 - Literature and Latte)
Sony Mobile Software Update Drivers (HKLM\...\{4872001F-F67C-4C54-BC92-281C6A165251}) (Version: 3.2.0.3 - Sony Mobile Communications)
Sony Mobile Update Engine (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Update Engine) (Version: 2.18.16.201812071229 - Sony Mobile Communications Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.32.1.1020 - Electronic Arts Inc.)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
Twitch (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Unity Hub 2.1.0 (HKLM\...\Unity Technologies - Hub) (Version: 2.1.0 - Unity Technologies Inc.)
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\WhatsApp) (Version: 0.4.930 - WhatsApp)
Windows Driver Package - Sony Mobile Communications (ggsomc) SOMCFlashDevice  (12/06/2017 3.2.0.0) (HKLM\...\7AA77B236196DB9A6C04257060560ACDBB626F30) (Version: 12/06/2017 3.2.0.0 - Sony Mobile Communications)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Workflow Manager Client 1.0 (HKLM\...\{0443092A-4B34-4D71-A800-31CBBA11F275}) (Version: 2.1.10217.1 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xperia Companion (HKLM-x32\...\{128ab02b-3b93-4490-8304-8b16d7d1564f}) (Version: 2.3.7.0 - Sony)
Xperia Companion (HKLM-x32\...\{8F6C5405-9677-4516-BCB0-775128C31874}) (Version: 2.3.7.0 - Sony) Hidden
Xperia Companion Service (HKLM\...\{AEEFEB49-3F89-4B0E-9031-56563B8F7D4E}) (Version: 2.3.7.0 - Sony) Hidden
Zoho Docs (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\{E3278D94-0A89-4C68-8CEB-44E828D8C7A3}) (Version: 1.8.30 - Zoho Corporation Pvt. Ltd.)
Zoom (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
All 4 -> C:\Program Files\WindowsApps\4onDemand.4oD_2.1.1.0_x64__skngk38cybkhm [2020-12-14] (Channel Four Television Corporation)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-20] (Autodesk Inc.)
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.18.0_x86__ffd303wmbhcjt [2020-07-18] (BreeZip) [MS Ad]
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-17] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.49.2.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1930.2.0_x86__kgqvnymyfvs32 [2021-01-04] (king.com)
Converter for YouTube by Flvto.com -> C:\Program Files\WindowsApps\Hotger.com.YouTubeConverterbywww.flvto.com_2.0.58.0_x64__cg7p2qfgefa1a [2018-07-03] (Белов Кирилл Леонидович) [MS Ad]
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.6.10.0_x86__h6adky7gbf63m [2020-12-16] (Gameloft SE)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-25] (Facebook Inc)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-03-04] (Instagram)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2020-12-30] (INTEL CORP) [Startup Task]
Live Sun -> C:\Program Files\WindowsApps\33630DanielLam.LiveSun_1.2.2.0_x64__agwpzyfba80hm [2019-10-28] (Daniel Lam) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.11.0.0_x64__jhretta7p24aw [2020-11-19] (Kdan Mobile Software Ltd.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-28] (Microsoft Corporation)
ROBLOX -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.460.22961.0_x86__55nm5eh3cm0pr [2021-01-10] (ROBLOX Corporation)
Space Images from NASA -> C:\Program Files\WindowsApps\25241Digitalmediaphile.SpaceImagesfromNASA_1.1.0.7_neutral__m2thxh7x439cm [2019-10-28] (Digitalmediaphile)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.13.139.0_x64__43tkc6nmykmb6 [2021-01-14] (Ookla)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]
Torrex Lite - Torrent Downloader -> C:\Program Files\WindowsApps\BooStudioLLC.TorrexLite-TorrentDownloader_1.4.33.0_x64__b6e429xa66pga [2020-12-17] (Finebits OÜ) [MS Ad] [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Widget Launcher -> C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng [2020-05-26] (Chan Software Solutions) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
ShellIconOverlayIdentifiers: [  ZSyncOverlay1] -> {2696C613-1F19-4017-B23D-1F7448B266BE} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers: [  ZSyncOverlay2] -> {1BA95E7D-38CC-4F73-A4F4-1F8E86C6DA11} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers: [  ZSyncOverlay3] -> {88BC58CB-F443-4A99-8BF4-BA3AC82A15EE} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers-x32: [  ZSyncOverlay1] -> {2696C613-1F19-4017-B23D-1F7448B266BE} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers-x32: [  ZSyncOverlay2] -> {1BA95E7D-38CC-4F73-A4F4-1F8E86C6DA11} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers-x32: [  ZSyncOverlay3] -> {88BC58CB-F443-4A99-8BF4-BA3AC82A15EE} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Lmalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (Anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Lmalo\Anaconda3\Scripts\activate.bat C:\Users\Lmalo\Anaconda3

==================== Loaded Modules (Whitelisted) =============

2020-05-26 22:37 - 2020-05-26 22:37 - 000097792 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\ExtensionHosting.dll
2020-05-26 22:37 - 2020-05-26 22:37 - 000012800 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\ExtensionProcess.dll
2020-05-26 22:37 - 2020-05-26 22:37 - 000012800 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\ExtensionProcess64.dll
2020-05-26 22:37 - 2020-05-26 22:37 - 000094720 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.UWP.Views.dll
2020-05-26 22:37 - 2020-05-26 22:37 - 000193536 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.WPF.Core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 001265664 _____ () [File not signed] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\e_sqlite3.DLL
2020-05-11 22:48 - 2020-05-11 22:48 - 000279040 _____ (Castle Project Contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\Castle.Core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000332288 _____ (Chan Software Solutions) [File not signed] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\CSS.FluidUI.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000005120 _____ (CSS.WidgetExtension.Core) [File not signed] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\CSS.WidgetExtension.Core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000041472 _____ (GalaSoft Laurent Bugnion @ hxxp://www.galasoft.ch) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\GalaSoft.MvvmLight.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000018432 _____ (GalaSoft Laurent Bugnion @ hxxp://www.galasoft.ch) [File not signed] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\GalaSoft.MvvmLight.Platform.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000092672 _____ (hardcodet.net) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\Hardcodet.Wpf.TaskbarNotification.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000008704 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Abstractions.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000005120 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Client.Abstractions.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000015360 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Client.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000007680 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Client.NamedPipe.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000014336 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000006144 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Hosting.Abstractions.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000018432 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Hosting.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000008704 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Hosting.NamedPipe.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000288768 _____ (Jimmy Bogard) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\AutoMapper.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000185856 _____ (John Sheehan, Andrew Young, Alexey Zimarev and RestSharp community) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\RestSharp.dll
2018-10-15 07:49 - 2015-02-27 09:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000006144 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\SQLitePCLRaw.batteries_v2.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000046080 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\SQLitePCLRaw.core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000005632 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\SQLitePCLRaw.nativelibrary.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000056832 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\SQLitePCLRaw.provider.dynamic_cdecl.dll
2020-05-11 22:48 - 2020-05-11 22:49 - 000064512 _____ (Unity Open Source Project) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\Unity.Abstractions.dll
2020-05-11 22:48 - 2020-05-11 22:49 - 000147968 _____ (Unity Open Source Project) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\Unity.Container.dll
2020-05-17 22:35 - 2020-05-17 22:35 - 000032256 _____ (WindowsWidgets.Standard.Common) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.Standard.Common.dll
2020-05-21 16:49 - 2020-05-21 16:49 - 000080384 _____ (WindowsWidgets.Standard.Core) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.Standard.Core.dll
2020-05-17 22:35 - 2020-05-17 22:35 - 000050176 _____ (WindowsWidgets.Standard.Repository) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.Standard.Repository.dll
2018-10-15 07:49 - 2017-03-20 15:13 - 000087552 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCollect.dll
2018-10-15 07:49 - 2017-03-20 15:13 - 000197632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1796348420-728246846-562771544-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.app-surf.com/
SearchScopes: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> DefaultScope {CF505EC6-DABD-447B-8FA7-5BC5383E8367} URL = hxxp://www.app-surf.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> {CF505EC6-DABD-447B-8FA7-5BC5383E8367} URL = hxxp://www.app-surf.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2020-12-11] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2020-12-11] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 21:03 - 2020-11-26 22:05 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Microsoft MPI\Bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\QT Lite\QTSystem;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Git\cmd;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QT Lite\QTSystem\
HKU\S-1-5-21-1796348420-728246846-562771544-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lmalo\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\8a962d2af91a0d38586031913de6f566.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Live! Central 3"
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{574F61EF-B9ED-498F-ACAA-83F8654FB429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe () [File not signed]
FirewallRules: [{4CC004D6-4ACF-4003-AB40-DE62390A6997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe () [File not signed]
FirewallRules: [{C7E0B6CA-F94A-430E-B061-DEF9C529CD92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Material Girl\Game.exe () [File not signed]
FirewallRules: [{11309CA6-1984-4208-B4F2-B43B05231225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Material Girl\Game.exe () [File not signed]
FirewallRules: [UDP Query User{06CBD6C7-D47A-49CC-9673-5D8C03DD6AB6}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [TCP Query User{C25C7075-2635-4325-A07A-8E0E83CC959D}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{3BDAB9E7-B338-4998-B16E-8760B639E8EC}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [UDP Query User{0DBB9202-25A7-41E9-B94D-B0560F4EDCA9}C:\users\lmalo\appdata\local\shortestminer\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\lmalo\appdata\local\shortestminer\miners\claymore_cryptonote_v1\nscpucnminer64.gh () [File not signed]
FirewallRules: [TCP Query User{6111259A-3329-49B2-8621-5D6A8C6FFA0F}C:\users\lmalo\appdata\local\shortestminer\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\lmalo\appdata\local\shortestminer\miners\claymore_cryptonote_v1\nscpucnminer64.gh () [File not signed]
FirewallRules: [{FA55245F-19E9-477C-9920-B86A568DA7A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9C8D2143-2A96-4B97-BD63-5DAA565B4E1E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D233249D-AFF0-4365-A758-D17592602084}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe => No File
FirewallRules: [{8886C322-4208-4C1E-8DEA-2B5296CE30B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe => No File
FirewallRules: [UDP Query User{EEC1AFFB-B22A-4D96-93EC-A68135A1656A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{DD66B81E-EB00-48CA-BA12-940FAAB06C82}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{3B0376E3-7327-461A-AE10-465595A997DB}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B050D4B1-2B88-4E8B-9105-B7EB3959F6D5}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{593DA457-B81D-4A64-A842-2457BD920F65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe () [File not signed]
FirewallRules: [{8AFA026C-30D7-4DB8-8EEA-70677745EC14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe () [File not signed]
FirewallRules: [{4800B361-6BB3-482F-BE77-133F441A2E75}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D114E188-B332-490D-BA39-46280503D470}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9E3C9157-7F45-420F-9B69-8C1B0151B542}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{27B20B1B-3189-4E67-9450-FF7A85FF156F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{062F690D-8228-42B3-8344-4D3076F89C0A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{75BFCBE3-A286-4146-9C4C-FD31BEDDACEE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{120EF778-E422-4B5F-BC15-501FA9C7F0A9}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [UDP Query User{7C345D08-46DB-4958-9059-5EEA59400A86}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [{58EEE4F1-8C6C-495A-BAF4-60B1EB0EEE4C}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{704BD86A-9FAB-40AD-9C45-7D8453F68233}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{2C8DF536-B48F-4758-B8CB-97E54B309AD0}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{293ABE7E-3869-4501-9598-BFD21888474F}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67CEE698-628E-4DDA-943C-755FBF886326}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5ABE9346-3B92-458B-9F31-DA59EB6246AA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8C300360-CC84-4861-9AF4-40801CFA49CF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe => No File
FirewallRules: [UDP Query User{61E77DD9-6007-4D75-A9C6-5B0673217E89}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe => No File
FirewallRules: [{44E81B82-C343-486D-8894-4AF61599F36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Goes On\Life Goes On.exe => No File
FirewallRules: [{65FCEB8F-627B-43AF-9921-451489B71306}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Goes On\Life Goes On.exe => No File
FirewallRules: [{DDBD17E4-69B1-45FA-971F-D1A39DFA6C1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe => No File
FirewallRules: [{974F4081-F3E2-422A-82DA-DD08367D8DF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe => No File
FirewallRules: [{B98FEE2D-882A-4BD0-8E2B-83E8107A5EFC}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{98C05E80-9071-4D09-9DAC-44E3C72DC7B4}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{AD69271A-9251-444F-951A-5805ADC94029}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{6147ECE8-19B6-473C-B74A-602EDB56BAD5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{FAE65B95-67E6-4AE6-B568-CF4748D07A0B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6458F711-81C9-4273-AC4B-B462F1E14C3B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3E5D956A-1531-4151-956C-35CBBA7152B9}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony)
FirewallRules: [{19114F7A-6B45-4930-8B76-E0BFF21D8E79}] => (Allow) C:\ProgramData\Sony Mobile\Update Engine\{ADED31D1-D80E-4C71-998F-465D0D861F5C}\Sony Mobile Update Engine.exe (Sony Mobile Communications AB -> )
FirewallRules: [{9101F06E-4BF7-45D1-BCD0-5EA06D3CD8EF}] => (Allow) C:\ProgramData\Sony Mobile\Update Engine\{ADED31D1-D80E-4C71-998F-465D0D861F5C}\Sony Mobile Update Engine.exe (Sony Mobile Communications AB -> )
FirewallRules: [TCP Query User{DA92B9A4-9471-40CF-9F4A-23E673886D24}C:\programdata\sony mobile\update engine\{92e849c6-50ae-4b2a-80f9-e1e7259b7e49}\sony mobile update engine.exe] => (Allow) C:\programdata\sony mobile\update engine\{92e849c6-50ae-4b2a-80f9-e1e7259b7e49}\sony mobile update engine.exe (Sony Mobile Communications AB -> )
FirewallRules: [UDP Query User{907A7A88-CF4F-4AE2-A01E-B6F08209AD94}C:\programdata\sony mobile\update engine\{92e849c6-50ae-4b2a-80f9-e1e7259b7e49}\sony mobile update engine.exe] => (Allow) C:\programdata\sony mobile\update engine\{92e849c6-50ae-4b2a-80f9-e1e7259b7e49}\sony mobile update engine.exe (Sony Mobile Communications AB -> )
FirewallRules: [TCP Query User{4DFAE865-CF90-4DD6-BC5F-D824FA19512B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{3A513E8F-AC8D-438E-852B-0BB52AF73630}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{45E22AD4-8B08-4443-BC3D-1F153CFB8A0F}] => (Allow) C:\Users\Lmalo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{0A68E48B-CA9C-462D-AEF7-D4AEB7FF7F0F}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{993ADDC0-58B5-4BF9-80A0-BF986178093C}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{4829D038-EE89-44E1-97DB-B1A6BD6E6B8E}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{AF05C8DD-E450-4F9C-B6C9-57128BD7FED4}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [TCP Query User{F5BE2F8E-0C81-4217-87F2-DF3382E61744}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{A1EA47ED-823D-49CF-B3CD-1E5DC1075563}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [{AB1238BA-7FA4-4152-9CD6-6A8200E1E4A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy III\FF3_Launcher.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [{7E9729CB-D00C-43C4-857D-5C1294AEB8B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy III\FF3_Launcher.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [{89C65AC4-D7CD-4514-BC17-BC8309500E77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares II Demo\Little Nightmares II Demo.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{088943BB-B326-42B7-9CA5-27077AED2D51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares II Demo\Little Nightmares II Demo.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{11527DE5-BB91-424D-8963-199CC353B844}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape the Game\EscapeTheGame.exe () [File not signed]
FirewallRules: [{910EC82C-2485-4E6B-8291-AA345ABC40B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape the Game\EscapeTheGame.exe () [File not signed]
FirewallRules: [{E399977B-4DBB-4E65-B802-F2F3CF27B058}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAC491F7-2566-4E86-9EA9-CA71F8ACAA8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8DDC53D3-B7E3-4408-A17A-A084ED40D86C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{27C961B3-BA00-41F3-9B1B-1CB305F09CBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C0AD314-B065-433E-B9B7-958D06263276}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{42940F59-20C1-4E6D-B670-A1CD9D19B91D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DE960F7-4C14-4B0E-822B-92BD6F5C563D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E97961A0-8B71-44C7-8F61-13619B633DB5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{80B22ABD-6A44-48BC-A5B1-C89488D00069}C:\users\lmalo\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\lmalo\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{96635C8E-9B9D-4316-AC0D-758F3BF7378D}C:\users\lmalo\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\lmalo\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{867CFB0F-A63E-4654-B689-1999EB83A4CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F796439-D0BF-4CB4-9B6E-0DE253C61B03}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3F21367D-F2D7-4E24-A72C-906603C203D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{997E3D32-533C-4B9B-8C6E-1F494897843D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{EE25EF4A-B7CA-4A9E-8BE5-FB9F55D75AA4}C:\users\lmalo\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Block) C:\users\lmalo\appdata\local\programs\opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{E650D4F5-3689-46DD-88DA-9F052B4EA821}C:\users\lmalo\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Block) C:\users\lmalo\appdata\local\programs\opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1E5B4DD3-2E52-45EF-9FB5-D1FECB5D681B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-01-2021 15:01:12 Scheduled Checkpoint
10-01-2021 16:14:54 Scheduled Checkpoint
14-01-2021 13:41:54 Windows Modules Installer
14-01-2021 13:43:36 Windows Modules Installer
14-01-2021 13:45:24 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/18/2021 05:35:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/18/2021 05:27:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (01/18/2021 04:13:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/18/2021 04:13:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/18/2021 03:32:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/18/2021 03:32:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/18/2021 12:55:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/18/2021 12:52:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (01/18/2021 04:12:11 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (01/18/2021 04:12:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:37:29 PM on ‎1/‎18/‎2021 was unexpected.

Error: (01/18/2021 12:51:22 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (01/18/2021 12:51:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:55:52 PM on ‎1/‎17/‎2021 was unexpected.

Error: (01/17/2021 11:48:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:58:58 PM on ‎1/‎16/‎2021 was unexpected.

Error: (01/17/2021 11:48:19 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (01/16/2021 02:03:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (01/16/2021 01:58:19 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.


Windows Defender:
===================================
Date: 2021-01-14 11:21:19.1930000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B31034CB-EDA6-4602-84F1-9E0FADB787A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-14 10:53:35.1720000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {12D95413-A736-4C31-BA6F-136B900F32D2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 14:01:52.8010000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B89DC9B7-A044-4EB8-AE83-E1616E6F1B06}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-07 11:35:22.3270000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {5F2121C6-A7C0-493B-99D1-AA9015983C74}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-05 11:15:57.4900000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {5134F9EB-63AB-4493-978E-C4AFE00C84A9}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 14:01:39.9380000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.1770.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-01-08 14:01:39.9350000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.1770.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2020-12-22 15:19:31.8830000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.619.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2020-12-22 15:19:31.8800000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.619.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2020-11-15 13:47:54.6630000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.893.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x80070102
Error description: The wait operation timed out. 

CodeIntegrity:
===================================

Date: 2021-01-15 15:49:49.7550000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-10 14:27:08.3490000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-06 19:49:55.4770000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-12-09 14:17:56.6060000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-12-04 10:40:58.7180000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-12-01 13:52:47.5690000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-11-30 16:48:10.3290000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 3016 12/27/2016
Motherboard: ASUSTeK COMPUTER INC. B150M-A/M.2
Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 16311.32 MB
Available physical RAM: 10520.63 MB
Total Virtual: 18743.32 MB
Available Virtual: 11392.26 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:930.46 GB) (Free:649.88 GB) NTFS

\\?\Volume{5d0d6787-6677-4c35-9d58-f8c4f8fa022e}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{a7ed4b5e-ac35-4f18-be34-af47e77ba998}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
\\?\Volume{9ed7240a-8f64-4e3f-a14e-cc6e9c489f36}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.