Undetectable virus - 100% disk space.

[Slowpomegranate]

100% disk space, but nothing there to have it take that much up.

[Slowpomegranate]

Scan done and nothing there.

[AdvancedSetup]

Hello @Slowpomegranate

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

[Slowpomegranate]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-01-2021
Ran by Lmalo (administrator) on DESKTOP-SQ7MEH0 (18-01-2021 17:37:54)
Running from C:\Users\Lmalo\Downloads
Loaded Profiles: Lmalo
Platform: Windows 10 Home Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Chan Software Solutions) C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.WPF.Core.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxCUIService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\Lmalo\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe <21>
(Opera Software AS -> Opera Software) C:\Users\Lmalo\AppData\Local\Programs\Opera\73.0.3856.344\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\Lmalo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Sony) [File not signed] C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Lmalo\AppData\Local\Temp\Twitch\Twitch.exe
(Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Lmalo\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe <7>
(Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Lmalo\AppData\Roaming\Twitch\Bin\TwitchAgent.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268168 2018-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [465120 2020-08-20] (Express Vpn LLC -> ExpressVPN)
HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Run: [Opera Browser Assistant] => C:\Users\Lmalo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-sess (the data entry has 165 more characters).
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\Software\...\AppCompatFlags\Custom\Myst.exe: [{a2a608e4-05f8-466b-a53f-f0f07515143a}.sdb] -> GOG.com Myst
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a2a608e4-05f8-466b-a53f-f0f07515143a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a2a608e4-05f8-466b-a53f-f0f07515143a}.sdb [2017-06-27]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-14] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-12-29]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\Users\Lmalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-01-20]
ShortcutTarget: Twitch.lnk -> C:\Users\Lmalo\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1CB0AD70-14BC-46D2-B337-B9E897907654} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2FBA7EFB-7396-47EF-9BBF-5671D86FD200} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-01] (Google Inc -> Google Inc.)
Task: {4767079C-6932-4C73-B025-904E6A1C151F} - System32\Tasks\Opera scheduled Autoupdate 1568669370 => C:\Users\Lmalo\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {829C556D-DA82-42BA-A600-DA5F9380731F} - System32\Tasks\Opera scheduled assistant Autoupdate 1569409016 => C:\Users\Lmalo\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Lmalo\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {B0F66D45-2CD5-4209-A55C-C538D1FDF873} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAC2E99C-3C57-406F-B5CB-C5BB646ACA0F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF9756D9-9A91-404A-856A-9C14A239FE3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-01] (Google Inc -> Google Inc.)
Task: {CCD6E3B9-9C13-4E60-9EE8-EF706399A6C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{0bdd6c04-ef05-43cf-9f94-b94c1e03aaa2}: [DhcpNameServer] 172.16.144.1
Tcpip\..\Interfaces\{21e1c6e0-af58-4b60-ba19-52c74fcc3a58}: [DhcpNameServer] 10.130.0.1
Tcpip\..\Interfaces\{5f6fa8ab-404c-45c9-a6f3-6536d9730f5a}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge: 
=======
Edge HomeButtonPage: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> hxxp://www.app-surf.com/
Edge Notifications: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> hxxps://tinder.com; hxxps://www.facebook.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lmalo\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-14]
Edge HomePage: Default -> hxxp://www.app-surf.com/
Edge StartupUrls: Default -> "hxxp://www.app-surf.com/"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Lmalo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-14]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 87n4qgzr.default
FF ProfilePath: C:\Users\Lmalo\AppData\Roaming\Mozilla\Firefox\Profiles\87n4qgzr.default [2020-11-30]
FF Homepage: Mozilla\Firefox\Profiles\87n4qgzr.default -> hxxp://www.app-surf.com/
FF Notifications: Mozilla\Firefox\Profiles\87n4qgzr.default -> hxxps://tinder.com; hxxps://www.facebook.com
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2020-12-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2020-12-11] (Oracle America, Inc. -> Oracle Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default [2021-01-16]
CHR Extension: (Slides) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-09]
CHR Extension: (Docs) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-09]
CHR Extension: (Google Drive) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-09]
CHR Extension: (YouTube) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-09]
CHR Extension: (uBlock Origin) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-01-09]
CHR Extension: (Sheets) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-09]
CHR Extension: (Google Docs Offline) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-09]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2021-01-09]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-09]
CHR Extension: (Gmail) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-09]
CHR Extension: (Chrome Media Router) - C:\Users\Lmalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera: 
=======
OPR Profile: C:\Users\Lmalo\AppData\Roaming\Opera Software\Opera Stable [2021-01-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Lmalo\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-11-11]
OPR Extension: (Install Chrome Extensions) - C:\Users\Lmalo\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2020-11-23]
OPR Extension: (Amazon Assistant for Opera) - C:\Users\Lmalo\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2020-12-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-01-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-08-20] (Express Vpn LLC -> ExpressVPN)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-10-20] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6841416 2019-10-20] (GOG Sp. z o.o. -> GOG.com)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2156864 2018-02-28] (Electronic Arts, Inc. -> Electronic Arts)
S3 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3026760 2018-02-28] (Electronic Arts, Inc. -> Electronic Arts)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2198016 2018-11-20] (Sony) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CtClsFlt; C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [188408 2015-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [43392 2018-05-14] (Elgato Systems LLC -> UB658)
S3 ElgatoVAD; C:\WINDOWS\System32\drivers\ElgatoVAD.sys [39208 2017-07-11] (Elgato Systems LLC -> Elgato Systems GmbH)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2020-08-20] (ExprsVPN LLC -> ExpressVPN)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [32384 2018-03-14] (Sony Mobile Communications AB -> Sony Mobile Communications)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-05-08] (Martin Malik - REALiX -> REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslfb657f6a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6ADCFC31-2884-4AB0-9FA5-2148E09A3E31}\MpKslDrv.sys [91376 2021-01-18] (Microsoft Windows -> Microsoft Corporation)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-09-10] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-05-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2020-08-20] (ExprsVPN LLC -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-18 17:37 - 2021-01-18 17:37 - 002295296 _____ (Farbar) C:\Users\Lmalo\Downloads\FRST64 (1).exe
2021-01-14 14:37 - 2021-01-14 14:37 - 000107313 _____ C:\Users\Lmalo\Downloads\Goodbye_Mother_Nature.pdf
2021-01-14 14:19 - 2021-01-14 14:19 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-14 14:19 - 2021-01-14 14:19 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-14 14:19 - 2021-01-14 14:19 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-14 14:19 - 2021-01-14 14:19 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-14 14:19 - 2021-01-14 14:19 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-14 14:19 - 2021-01-14 14:19 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-14 14:19 - 2021-01-14 14:19 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-14 14:19 - 2021-01-14 14:19 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-14 14:19 - 2021-01-14 14:19 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-14 14:19 - 2021-01-14 14:19 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-14 14:18 - 2021-01-14 14:18 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-14 14:18 - 2021-01-14 14:18 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-14 14:18 - 2021-01-14 14:18 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-14 14:18 - 2021-01-14 14:18 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-14 14:17 - 2021-01-14 14:17 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-14 14:17 - 2021-01-14 14:17 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-14 14:17 - 2021-01-14 14:17 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-14 14:17 - 2021-01-14 14:17 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-14 14:17 - 2021-01-14 14:17 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-14 14:17 - 2021-01-14 14:17 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-14 14:16 - 2021-01-14 14:16 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-14 14:16 - 2021-01-14 14:16 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-14 14:16 - 2021-01-14 14:16 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-14 14:16 - 2021-01-14 14:16 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-14 14:16 - 2021-01-14 14:16 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-14 14:16 - 2021-01-14 14:16 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-14 14:16 - 2021-01-14 14:16 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-14 14:15 - 2021-01-14 14:15 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-14 14:15 - 2021-01-14 14:15 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-14 14:14 - 2021-01-14 14:14 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-14 14:14 - 2021-01-14 14:14 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-14 14:14 - 2021-01-14 14:14 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-14 14:14 - 2021-01-14 14:14 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-14 14:14 - 2021-01-14 14:14 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-14 14:14 - 2021-01-14 14:14 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-14 14:13 - 2021-01-14 14:13 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-14 14:12 - 2021-01-14 14:12 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-14 14:12 - 2021-01-14 14:12 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-14 14:12 - 2021-01-14 14:12 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-14 14:12 - 2021-01-14 14:12 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-06 20:08 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-06 20:08 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-06 20:08 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-06 20:08 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-06 20:08 - 2020-10-05 14:05 - 000351128 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000673520 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000555248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-06 20:08 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-06 20:08 - 2020-10-05 14:02 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-06 20:08 - 2020-10-05 14:00 - 005972824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-04 20:42 - 2021-01-04 20:42 - 000238572 _____ C:\Users\Lmalo\Downloads\correspondence.pdf
2021-01-03 21:28 - 2021-01-04 08:55 - 000000000 ____D C:\Users\Lmalo\OneDrive\Documents\My Kindle Content
2021-01-03 21:28 - 2021-01-03 21:28 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2021-01-03 21:28 - 2021-01-03 21:28 - 000000000 ____D C:\Users\Lmalo\AppData\Local\Amazon
2021-01-03 21:27 - 2021-01-03 21:27 - 058106720 _____ (Amazon.com) C:\Users\Lmalo\Downloads\KindleForPC-installer-1.30.59056.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-18 17:39 - 2020-11-26 11:01 - 000019574 _____ C:\Users\Lmalo\Downloads\FRST.txt
2021-01-18 17:38 - 2020-11-24 11:05 - 000000000 ____D C:\FRST
2021-01-18 17:35 - 2020-09-05 13:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-18 17:35 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-18 17:03 - 2017-06-25 13:56 - 000000000 ____D C:\Users\Lmalo\AppData\Local\ElevatedDiagnostics
2021-01-18 16:16 - 2020-03-15 15:03 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-18 16:15 - 2018-09-13 21:42 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\Twitch
2021-01-18 16:12 - 2020-09-05 14:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-18 16:12 - 2020-09-03 23:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-18 16:12 - 2017-06-25 14:26 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-18 13:00 - 2020-09-05 14:00 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-18 13:00 - 2020-09-05 14:00 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-18 12:58 - 2020-09-05 14:00 - 000004206 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1568669370
2021-01-18 12:58 - 2019-09-16 21:29 - 000001405 _____ C:\Users\Lmalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-01-16 14:05 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-16 14:05 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-15 10:14 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-14 19:18 - 2017-09-04 19:31 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\discord
2021-01-14 16:39 - 2020-09-05 13:46 - 000868930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-14 16:33 - 2020-09-05 13:24 - 000508272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-14 16:32 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-14 16:30 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-14 16:29 - 2020-09-05 21:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-14 16:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-14 16:28 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-14 16:28 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-14 16:28 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-14 14:25 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-14 14:12 - 2020-09-05 13:29 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-14 13:41 - 2017-05-09 18:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-14 13:39 - 2017-05-09 18:49 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-14 10:35 - 2020-12-09 14:09 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-14 10:35 - 2020-12-09 14:09 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-14 10:35 - 2020-12-09 14:09 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-09 15:55 - 2020-08-29 11:26 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-09 15:55 - 2020-08-29 11:26 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-09 15:55 - 2020-08-29 11:26 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-06 20:11 - 2017-05-13 22:12 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-01-06 20:10 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Help
2021-01-06 20:10 - 2017-05-13 22:12 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-12-31 19:33 - 2020-12-11 14:01 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\.minecraft
2020-12-31 19:32 - 2020-12-11 14:40 - 000000000 ____D C:\Users\Lmalo\AppData\Roaming\.tlauncher

==================== Files in the root of some directories ========

2017-06-12 11:34 - 2018-07-05 11:34 - 000000422 _____ () C:\Users\Lmalo\AppData\Roaming\WB.CFG
2017-06-21 21:26 - 2017-06-21 21:26 - 001065984 _____ () C:\Users\Lmalo\AppData\Local\file__0.localstorage
2019-01-08 15:44 - 2019-01-08 15:44 - 000000218 _____ () C:\Users\Lmalo\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2021
Ran by Lmalo (18-01-2021 17:42:14)
Running from C:\Users\Lmalo\Downloads
Windows 10 Home Version 20H2 19042.746 (X64) (2020-09-05 14:02:36)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1796348420-728246846-562771544-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1796348420-728246846-562771544-503 - Limited - Disabled)
Guest (S-1-5-21-1796348420-728246846-562771544-501 - Limited - Disabled)
Lmalo (S-1-5-21-1796348420-728246846-562771544-1001 - Administrator - Enabled) => C:\Users\Lmalo
WDAGUtilityAccount (S-1-5-21-1796348420-728246846-562771544-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon Kindle (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
Antichamber (HKLM\...\UDK-395a7117-f457-4eab-b093-db255d0f3310) (Version:  - Epic Games, Inc.)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{57350A74-1CA4-48F2-861F-EDCB971D260C}) (Version: 1.1.137.0 - Epic Games, Inc.)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8468D8835}) (Version: 7.12.1.4 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{ebd248cd-b3ef-4e14-b91a-d626fa5c392a}) (Version: 7.12.1.4 - ExpressVPN)
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\GrammarlyForWindows) (Version: 1.5.32 - Grammarly)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Kodi) (Version:  - XBMC Foundation)
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.42.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-GB)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
Myst Masterpiece Edition (HKLM-x32\...\1207658818_is1) (Version: 2.1.0.23 - GOG.com)
NGT Lite (HKLM-x32\...\{5213E009-D101-4869-AE3F-30E238721E83}) (Version: 1.51 - DSPG Telecom)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{708F0253-F566-48F3-9B88-06F48F16548B}) (Version: 4.15.9789 - Apache Software Foundation)
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.12.32066 - Electronic Arts, Inc.)
QT Lite 4.1.0 (HKLM-x32\...\quicktime_lite_is1) (Version: 4.1.0 - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8372 - Realtek Semiconductor Corp.)
Scrivener (HKLM-x32\...\Scrivener 19160) (Version: 19160 - Literature and Latte)
Sony Mobile Software Update Drivers (HKLM\...\{4872001F-F67C-4C54-BC92-281C6A165251}) (Version: 3.2.0.3 - Sony Mobile Communications)
Sony Mobile Update Engine (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\Update Engine) (Version: 2.18.16.201812071229 - Sony Mobile Communications Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.32.1.1020 - Electronic Arts Inc.)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
Twitch (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Unity Hub 2.1.0 (HKLM\...\Unity Technologies - Hub) (Version: 2.1.0 - Unity Technologies Inc.)
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\WhatsApp) (Version: 0.4.930 - WhatsApp)
Windows Driver Package - Sony Mobile Communications (ggsomc) SOMCFlashDevice  (12/06/2017 3.2.0.0) (HKLM\...\7AA77B236196DB9A6C04257060560ACDBB626F30) (Version: 12/06/2017 3.2.0.0 - Sony Mobile Communications)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Workflow Manager Client 1.0 (HKLM\...\{0443092A-4B34-4D71-A800-31CBBA11F275}) (Version: 2.1.10217.1 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xperia Companion (HKLM-x32\...\{128ab02b-3b93-4490-8304-8b16d7d1564f}) (Version: 2.3.7.0 - Sony)
Xperia Companion (HKLM-x32\...\{8F6C5405-9677-4516-BCB0-775128C31874}) (Version: 2.3.7.0 - Sony) Hidden
Xperia Companion Service (HKLM\...\{AEEFEB49-3F89-4B0E-9031-56563B8F7D4E}) (Version: 2.3.7.0 - Sony) Hidden
Zoho Docs (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\{E3278D94-0A89-4C68-8CEB-44E828D8C7A3}) (Version: 1.8.30 - Zoho Corporation Pvt. Ltd.)
Zoom (HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
All 4 -> C:\Program Files\WindowsApps\4onDemand.4oD_2.1.1.0_x64__skngk38cybkhm [2020-12-14] (Channel Four Television Corporation)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-20] (Autodesk Inc.)
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.18.0_x86__ffd303wmbhcjt [2020-07-18] (BreeZip) [MS Ad]
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-17] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.49.2.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1930.2.0_x86__kgqvnymyfvs32 [2021-01-04] (king.com)
Converter for YouTube by Flvto.com -> C:\Program Files\WindowsApps\Hotger.com.YouTubeConverterbywww.flvto.com_2.0.58.0_x64__cg7p2qfgefa1a [2018-07-03] (Белов Кирилл Леонидович) [MS Ad]
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.6.10.0_x86__h6adky7gbf63m [2020-12-16] (Gameloft SE)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-25] (Facebook Inc)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-03-04] (Instagram)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2020-12-30] (INTEL CORP) [Startup Task]
Live Sun -> C:\Program Files\WindowsApps\33630DanielLam.LiveSun_1.2.2.0_x64__agwpzyfba80hm [2019-10-28] (Daniel Lam) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.11.0.0_x64__jhretta7p24aw [2020-11-19] (Kdan Mobile Software Ltd.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-28] (Microsoft Corporation)
ROBLOX -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.460.22961.0_x86__55nm5eh3cm0pr [2021-01-10] (ROBLOX Corporation)
Space Images from NASA -> C:\Program Files\WindowsApps\25241Digitalmediaphile.SpaceImagesfromNASA_1.1.0.7_neutral__m2thxh7x439cm [2019-10-28] (Digitalmediaphile)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.13.139.0_x64__43tkc6nmykmb6 [2021-01-14] (Ookla)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]
Torrex Lite - Torrent Downloader -> C:\Program Files\WindowsApps\BooStudioLLC.TorrexLite-TorrentDownloader_1.4.33.0_x64__b6e429xa66pga [2020-12-17] (Finebits OÜ) [MS Ad] [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Widget Launcher -> C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng [2020-05-26] (Chan Software Solutions) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796348420-728246846-562771544-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
ShellIconOverlayIdentifiers: [  ZSyncOverlay1] -> {2696C613-1F19-4017-B23D-1F7448B266BE} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers: [  ZSyncOverlay2] -> {1BA95E7D-38CC-4F73-A4F4-1F8E86C6DA11} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers: [  ZSyncOverlay3] -> {88BC58CB-F443-4A99-8BF4-BA3AC82A15EE} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers-x32: [  ZSyncOverlay1] -> {2696C613-1F19-4017-B23D-1F7448B266BE} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers-x32: [  ZSyncOverlay2] -> {1BA95E7D-38CC-4F73-A4F4-1F8E86C6DA11} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ShellIconOverlayIdentifiers-x32: [  ZSyncOverlay3] -> {88BC58CB-F443-4A99-8BF4-BA3AC82A15EE} => C:\Users\Lmalo\AppData\Roaming\ZohoDocs\bin\64bit\iconoverlay.dll [2018-04-19] (ZOHO Corporation -> Zoho Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Lmalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (Anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Lmalo\Anaconda3\Scripts\activate.bat C:\Users\Lmalo\Anaconda3

==================== Loaded Modules (Whitelisted) =============

2020-05-26 22:37 - 2020-05-26 22:37 - 000097792 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\ExtensionHosting.dll
2020-05-26 22:37 - 2020-05-26 22:37 - 000012800 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\ExtensionProcess.dll
2020-05-26 22:37 - 2020-05-26 22:37 - 000012800 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\ExtensionProcess64.dll
2020-05-26 22:37 - 2020-05-26 22:37 - 000094720 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.UWP.Views.dll
2020-05-26 22:37 - 2020-05-26 22:37 - 000193536 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.WPF.Core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 001265664 _____ () [File not signed] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\e_sqlite3.DLL
2020-05-11 22:48 - 2020-05-11 22:48 - 000279040 _____ (Castle Project Contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\Castle.Core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000332288 _____ (Chan Software Solutions) [File not signed] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\CSS.FluidUI.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000005120 _____ (CSS.WidgetExtension.Core) [File not signed] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\CSS.WidgetExtension.Core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000041472 _____ (GalaSoft Laurent Bugnion @ hxxp://www.galasoft.ch) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\GalaSoft.MvvmLight.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000018432 _____ (GalaSoft Laurent Bugnion @ hxxp://www.galasoft.ch) [File not signed] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\GalaSoft.MvvmLight.Platform.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000092672 _____ (hardcodet.net) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\Hardcodet.Wpf.TaskbarNotification.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000008704 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Abstractions.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000005120 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Client.Abstractions.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000015360 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Client.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000007680 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Client.NamedPipe.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000014336 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000006144 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Hosting.Abstractions.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000018432 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Hosting.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000008704 _____ (Jacques Kang and other GitHub contributors) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\JKang.IpcServiceFramework.Hosting.NamedPipe.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000288768 _____ (Jimmy Bogard) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\AutoMapper.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000185856 _____ (John Sheehan, Andrew Young, Alexey Zimarev and RestSharp community) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\RestSharp.dll
2018-10-15 07:49 - 2015-02-27 09:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000006144 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\SQLitePCLRaw.batteries_v2.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000046080 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\SQLitePCLRaw.core.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000005632 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\SQLitePCLRaw.nativelibrary.dll
2020-05-11 22:48 - 2020-05-11 22:48 - 000056832 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\SQLitePCLRaw.provider.dynamic_cdecl.dll
2020-05-11 22:48 - 2020-05-11 22:49 - 000064512 _____ (Unity Open Source Project) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\Unity.Abstractions.dll
2020-05-11 22:48 - 2020-05-11 22:49 - 000147968 _____ (Unity Open Source Project) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\Unity.Container.dll
2020-05-17 22:35 - 2020-05-17 22:35 - 000032256 _____ (WindowsWidgets.Standard.Common) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.Standard.Common.dll
2020-05-21 16:49 - 2020-05-21 16:49 - 000080384 _____ (WindowsWidgets.Standard.Core) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.Standard.Core.dll
2020-05-17 22:35 - 2020-05-17 22:35 - 000050176 _____ (WindowsWidgets.Standard.Repository) [File not signed] [File is in use] C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.Standard.Repository.dll
2018-10-15 07:49 - 2017-03-20 15:13 - 000087552 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCollect.dll
2018-10-15 07:49 - 2017-03-20 15:13 - 000197632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1796348420-728246846-562771544-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.app-surf.com/
SearchScopes: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> DefaultScope {CF505EC6-DABD-447B-8FA7-5BC5383E8367} URL = hxxp://www.app-surf.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1796348420-728246846-562771544-1001 -> {CF505EC6-DABD-447B-8FA7-5BC5383E8367} URL = hxxp://www.app-surf.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2020-12-11] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2020-12-11] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 21:03 - 2020-11-26 22:05 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Microsoft MPI\Bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\QT Lite\QTSystem;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Git\cmd;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QT Lite\QTSystem\
HKU\S-1-5-21-1796348420-728246846-562771544-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lmalo\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\8a962d2af91a0d38586031913de6f566.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Live! Central 3"
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1796348420-728246846-562771544-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{574F61EF-B9ED-498F-ACAA-83F8654FB429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe () [File not signed]
FirewallRules: [{4CC004D6-4ACF-4003-AB40-DE62390A6997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe () [File not signed]
FirewallRules: [{C7E0B6CA-F94A-430E-B061-DEF9C529CD92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Material Girl\Game.exe () [File not signed]
FirewallRules: [{11309CA6-1984-4208-B4F2-B43B05231225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Material Girl\Game.exe () [File not signed]
FirewallRules: [UDP Query User{06CBD6C7-D47A-49CC-9673-5D8C03DD6AB6}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [TCP Query User{C25C7075-2635-4325-A07A-8E0E83CC959D}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{3BDAB9E7-B338-4998-B16E-8760B639E8EC}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [UDP Query User{0DBB9202-25A7-41E9-B94D-B0560F4EDCA9}C:\users\lmalo\appdata\local\shortestminer\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\lmalo\appdata\local\shortestminer\miners\claymore_cryptonote_v1\nscpucnminer64.gh () [File not signed]
FirewallRules: [TCP Query User{6111259A-3329-49B2-8621-5D6A8C6FFA0F}C:\users\lmalo\appdata\local\shortestminer\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\lmalo\appdata\local\shortestminer\miners\claymore_cryptonote_v1\nscpucnminer64.gh () [File not signed]
FirewallRules: [{FA55245F-19E9-477C-9920-B86A568DA7A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9C8D2143-2A96-4B97-BD63-5DAA565B4E1E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D233249D-AFF0-4365-A758-D17592602084}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe => No File
FirewallRules: [{8886C322-4208-4C1E-8DEA-2B5296CE30B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe => No File
FirewallRules: [UDP Query User{EEC1AFFB-B22A-4D96-93EC-A68135A1656A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{DD66B81E-EB00-48CA-BA12-940FAAB06C82}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{3B0376E3-7327-461A-AE10-465595A997DB}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B050D4B1-2B88-4E8B-9105-B7EB3959F6D5}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{593DA457-B81D-4A64-A842-2457BD920F65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe () [File not signed]
FirewallRules: [{8AFA026C-30D7-4DB8-8EEA-70677745EC14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe () [File not signed]
FirewallRules: [{4800B361-6BB3-482F-BE77-133F441A2E75}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D114E188-B332-490D-BA39-46280503D470}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9E3C9157-7F45-420F-9B69-8C1B0151B542}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{27B20B1B-3189-4E67-9450-FF7A85FF156F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{062F690D-8228-42B3-8344-4D3076F89C0A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{75BFCBE3-A286-4146-9C4C-FD31BEDDACEE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{120EF778-E422-4B5F-BC15-501FA9C7F0A9}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [UDP Query User{7C345D08-46DB-4958-9059-5EEA59400A86}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [{58EEE4F1-8C6C-495A-BAF4-60B1EB0EEE4C}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{704BD86A-9FAB-40AD-9C45-7D8453F68233}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{2C8DF536-B48F-4758-B8CB-97E54B309AD0}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{293ABE7E-3869-4501-9598-BFD21888474F}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67CEE698-628E-4DDA-943C-755FBF886326}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5ABE9346-3B92-458B-9F31-DA59EB6246AA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8C300360-CC84-4861-9AF4-40801CFA49CF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe => No File
FirewallRules: [UDP Query User{61E77DD9-6007-4D75-A9C6-5B0673217E89}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe => No File
FirewallRules: [{44E81B82-C343-486D-8894-4AF61599F36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Goes On\Life Goes On.exe => No File
FirewallRules: [{65FCEB8F-627B-43AF-9921-451489B71306}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Goes On\Life Goes On.exe => No File
FirewallRules: [{DDBD17E4-69B1-45FA-971F-D1A39DFA6C1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe => No File
FirewallRules: [{974F4081-F3E2-422A-82DA-DD08367D8DF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe => No File
FirewallRules: [{B98FEE2D-882A-4BD0-8E2B-83E8107A5EFC}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{98C05E80-9071-4D09-9DAC-44E3C72DC7B4}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{AD69271A-9251-444F-951A-5805ADC94029}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{6147ECE8-19B6-473C-B74A-602EDB56BAD5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{FAE65B95-67E6-4AE6-B568-CF4748D07A0B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6458F711-81C9-4273-AC4B-B462F1E14C3B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3E5D956A-1531-4151-956C-35CBBA7152B9}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony)
FirewallRules: [{19114F7A-6B45-4930-8B76-E0BFF21D8E79}] => (Allow) C:\ProgramData\Sony Mobile\Update Engine\{ADED31D1-D80E-4C71-998F-465D0D861F5C}\Sony Mobile Update Engine.exe (Sony Mobile Communications AB -> )
FirewallRules: [{9101F06E-4BF7-45D1-BCD0-5EA06D3CD8EF}] => (Allow) C:\ProgramData\Sony Mobile\Update Engine\{ADED31D1-D80E-4C71-998F-465D0D861F5C}\Sony Mobile Update Engine.exe (Sony Mobile Communications AB -> )
FirewallRules: [TCP Query User{DA92B9A4-9471-40CF-9F4A-23E673886D24}C:\programdata\sony mobile\update engine\{92e849c6-50ae-4b2a-80f9-e1e7259b7e49}\sony mobile update engine.exe] => (Allow) C:\programdata\sony mobile\update engine\{92e849c6-50ae-4b2a-80f9-e1e7259b7e49}\sony mobile update engine.exe (Sony Mobile Communications AB -> )
FirewallRules: [UDP Query User{907A7A88-CF4F-4AE2-A01E-B6F08209AD94}C:\programdata\sony mobile\update engine\{92e849c6-50ae-4b2a-80f9-e1e7259b7e49}\sony mobile update engine.exe] => (Allow) C:\programdata\sony mobile\update engine\{92e849c6-50ae-4b2a-80f9-e1e7259b7e49}\sony mobile update engine.exe (Sony Mobile Communications AB -> )
FirewallRules: [TCP Query User{4DFAE865-CF90-4DD6-BC5F-D824FA19512B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{3A513E8F-AC8D-438E-852B-0BB52AF73630}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{45E22AD4-8B08-4443-BC3D-1F153CFB8A0F}] => (Allow) C:\Users\Lmalo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{0A68E48B-CA9C-462D-AEF7-D4AEB7FF7F0F}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{993ADDC0-58B5-4BF9-80A0-BF986178093C}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{4829D038-EE89-44E1-97DB-B1A6BD6E6B8E}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{AF05C8DD-E450-4F9C-B6C9-57128BD7FED4}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [TCP Query User{F5BE2F8E-0C81-4217-87F2-DF3382E61744}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{A1EA47ED-823D-49CF-B3CD-1E5DC1075563}C:\users\lmalo\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\lmalo\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [{AB1238BA-7FA4-4152-9CD6-6A8200E1E4A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy III\FF3_Launcher.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [{7E9729CB-D00C-43C4-857D-5C1294AEB8B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy III\FF3_Launcher.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [{89C65AC4-D7CD-4514-BC17-BC8309500E77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares II Demo\Little Nightmares II Demo.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{088943BB-B326-42B7-9CA5-27077AED2D51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Nightmares II Demo\Little Nightmares II Demo.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{11527DE5-BB91-424D-8963-199CC353B844}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape the Game\EscapeTheGame.exe () [File not signed]
FirewallRules: [{910EC82C-2485-4E6B-8291-AA345ABC40B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape the Game\EscapeTheGame.exe () [File not signed]
FirewallRules: [{E399977B-4DBB-4E65-B802-F2F3CF27B058}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAC491F7-2566-4E86-9EA9-CA71F8ACAA8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8DDC53D3-B7E3-4408-A17A-A084ED40D86C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{27C961B3-BA00-41F3-9B1B-1CB305F09CBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C0AD314-B065-433E-B9B7-958D06263276}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{42940F59-20C1-4E6D-B670-A1CD9D19B91D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DE960F7-4C14-4B0E-822B-92BD6F5C563D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E97961A0-8B71-44C7-8F61-13619B633DB5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{80B22ABD-6A44-48BC-A5B1-C89488D00069}C:\users\lmalo\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\lmalo\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{96635C8E-9B9D-4316-AC0D-758F3BF7378D}C:\users\lmalo\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\lmalo\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{867CFB0F-A63E-4654-B689-1999EB83A4CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F796439-D0BF-4CB4-9B6E-0DE253C61B03}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3F21367D-F2D7-4E24-A72C-906603C203D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{997E3D32-533C-4B9B-8C6E-1F494897843D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{EE25EF4A-B7CA-4A9E-8BE5-FB9F55D75AA4}C:\users\lmalo\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Block) C:\users\lmalo\appdata\local\programs\opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{E650D4F5-3689-46DD-88DA-9F052B4EA821}C:\users\lmalo\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Block) C:\users\lmalo\appdata\local\programs\opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1E5B4DD3-2E52-45EF-9FB5-D1FECB5D681B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-01-2021 15:01:12 Scheduled Checkpoint
10-01-2021 16:14:54 Scheduled Checkpoint
14-01-2021 13:41:54 Windows Modules Installer
14-01-2021 13:43:36 Windows Modules Installer
14-01-2021 13:45:24 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/18/2021 05:35:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/18/2021 05:27:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (01/18/2021 04:13:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/18/2021 04:13:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/18/2021 03:32:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/18/2021 03:32:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/18/2021 12:55:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/18/2021 12:52:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

System errors:
=============
Error: (01/18/2021 04:12:11 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (01/18/2021 04:12:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:37:29 PM on ‎1/‎18/‎2021 was unexpected.

Error: (01/18/2021 12:51:22 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (01/18/2021 12:51:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:55:52 PM on ‎1/‎17/‎2021 was unexpected.

Error: (01/17/2021 11:48:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:58:58 PM on ‎1/‎16/‎2021 was unexpected.

Error: (01/17/2021 11:48:19 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (01/16/2021 02:03:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (01/16/2021 01:58:19 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Windows Defender:
===================================
Date: 2021-01-14 11:21:19.1930000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B31034CB-EDA6-4602-84F1-9E0FADB787A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-14 10:53:35.1720000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {12D95413-A736-4C31-BA6F-136B900F32D2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 14:01:52.8010000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B89DC9B7-A044-4EB8-AE83-E1616E6F1B06}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-07 11:35:22.3270000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {5F2121C6-A7C0-493B-99D1-AA9015983C74}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-05 11:15:57.4900000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {5134F9EB-63AB-4493-978E-C4AFE00C84A9}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 14:01:39.9380000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.1770.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-01-08 14:01:39.9350000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.1770.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2020-12-22 15:19:31.8830000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.619.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2020-12-22 15:19:31.8800000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.619.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2020-11-15 13:47:54.6630000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.893.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x80070102
Error description: The wait operation timed out. 

CodeIntegrity:
===================================

Date: 2021-01-15 15:49:49.7550000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-10 14:27:08.3490000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-06 19:49:55.4770000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-12-09 14:17:56.6060000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-12-04 10:40:58.7180000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-12-01 13:52:47.5690000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-11-30 16:48:10.3290000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 3016 12/27/2016
Motherboard: ASUSTeK COMPUTER INC. B150M-A/M.2
Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 16311.32 MB
Available physical RAM: 10520.63 MB
Total Virtual: 18743.32 MB
Available Virtual: 11392.26 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:930.46 GB) (Free:649.88 GB) NTFS

\\?\Volume{5d0d6787-6677-4c35-9d58-f8c4f8fa022e}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{a7ed4b5e-ac35-4f18-be34-af47e77ba998}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
\\?\Volume{9ed7240a-8f64-4e3f-a14e-cc6e9c489f36}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

[AdvancedSetup]

Sorry for the delay @Slowpomegranate I'm officially off work until tomorrow, but can you please ATTACH both of these logs. The forum software does not properly translate all logs.

Thank you

 

[AdvancedSetup]

Hello @Slowpomegranate

Do you still need further assistance?

 

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks