Mariux Posted July 7, 2021 ID:1468093 Share Posted July 7, 2021 Hi! I ran a program to scan and it came up with some kits on Nvidia files, dont know why...false? Here is Rkill report Rkill 2.9.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2021 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/07/2021 09:50:45 PM in x64 mode. Windows Version: Windows 10 Pro Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Reparse Point/Junctions Found (These may be legitimate)! * C:\Windows\System32\drivers\nvlddmkm-patched\cudnn_infer64_7.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\cudnn_infer64_7.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nv3dappshext.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nv3dappshext.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nv3dappshextr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nv3dappshextr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvapi.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvapi.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvapi64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvapi64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcbl64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvcbl64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcompiler.dll => ..\..\..\System32\nvcompiler.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcompiler32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvcompiler32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcompiler64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvcompiler64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcpl.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvcpl.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcuda.dll => ..\..\..\System32\nvcuda.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcuda32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvcuda32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcuda64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvcuda64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcuvid.dll => ..\..\..\System32\nvcuvid.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcuvid32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvcuvid32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvcuvid64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvcuvid64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvd3dum.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvd3dum.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvd3dumx.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvd3dumx.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvd3dumx_cfg.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvd3dumx_cfg.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvd3dum_cfg.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvd3dum_cfg.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvDecMFTMjpeg.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvDecMFTMjpeg.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvDecMFTMjpegx.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvDecMFTMjpegx.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvdevtools.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvdevtools.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvdevtoolsr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvdevtoolsr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvdisps.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvdisps.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvdispsr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvdispsr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvdlist.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvdlist.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvdlistx.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvdlistx.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvEncMFTH264.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvEncMFTH264.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvEncMFTH264x.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvEncMFTH264x.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvEncMFThevc.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvEncMFThevc.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvEncMFThevcx.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvEncMFThevcx.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvEncodeAPI.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvEncodeAPI.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvEncodeAPI64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvEncodeAPI64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvfatbinaryLoader.dll => ..\..\..\System32\nvfatbinaryLoader.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvfatbinaryLoader32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvfatbinaryLoader32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvfatbinaryLoader64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvfatbinaryLoader64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\NvFBC.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\NvFBC.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\NvFBC64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\NvFBC64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvgames.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvgames.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvgamesr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvgamesr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\NvIFR.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\NvIFR.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\NvIFR64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\NvIFR64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\NvIFROpenGL.dll => ..\..\..\System32\NvIFROpenGL.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\NvIFROpenGL32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\NvIFROpenGL32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\NvIFROpenGL64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\NvIFROpenGL64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvldumd.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvldumd.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvldumdx.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvldumdx.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvlicensings.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvlicensings.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvlicensingsr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvlicensingsr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvmcumd.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvmcumd.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvml.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvml.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvngx.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvngx.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvofapi.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvofapi.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvofapi64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvofapi64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvoglv32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvoglv32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvoglv64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvoglv64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvopencl32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvopencl32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvopencl64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvopencl64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvoptix.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvoptix.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvptxJitCompiler.dll => ..\..\..\System32\nvptxJitCompiler.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvptxJitCompiler32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvptxJitCompiler32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvptxJitCompiler64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvptxJitCompiler64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvrtum64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvrtum64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvshext.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvshext.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvsmartmax.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvsmartmax.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvsmartmax64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvsmartmax64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvsvc64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvsvc64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvsvcr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvsvcr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvsvs.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvsvs.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvsvsr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvsvsr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\NvTelemetry64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\NvTelemetry64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvui.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvui.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvuir.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvuir.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvvitvs.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvvitvs.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvvitvsr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvvitvsr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvvkwddc32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvvkwddc32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvvkwddc64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvvkwddc64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvwgf2um.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvwgf2um.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvwgf2umx.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvwgf2umx.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvwgf2umx_cfg.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvwgf2umx_cfg.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvwgf2um_cfg.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvwgf2um_cfg.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvwss.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvwss.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvwssr.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvwssr.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvxdapix.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvxdapix.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvxdbat.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvxdbat.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\nvxdplcy.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\nvxdplcy.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\OpenCL.dll => ..\..\..\System32\OpenCL.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\OpenCL32.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\OpenCL32.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\OpenCL64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\OpenCL64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\vulkan-1-999-0-0-0.dll => ..\..\..\System32\vulkan-1-999-0-0-0.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\vulkan-1-x64.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\vulkan-1-x64.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\vulkan-1-x86.dll => ..\..\DriverStore\FileRepository\nvmi.inf_amd64_648cd8d675c313c6\vulkan-1-x86.dll [File] * C:\Windows\System32\drivers\nvlddmkm-patched\vulkan-1.dll => ..\..\..\System32\vulkan-1.dll [File] * C:\Windows\SysWOW64\drivers\nvlddmkm-patched => ..\..\System32\drivers\nvlddmkm-patched [Dir] * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 07/07/2021 09:51:51 PM Execution time: 0 hours(s), 1 minute(s), and 6 seconds(s) Link to post Share on other sites More sharing options...
Mariux Posted July 7, 2021 Author ID:1468097 Share Posted July 7, 2021 and heres Farbar Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-07-2021 Ran by mariu (07-07-2021 22:10:26) Running from C:\Users\mariu\Downloads Windows 10 Pro Version 21H1 19043.1081 (X64) (2021-06-30 04:55:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2754156630-795056227-535938833-500 - Administrator - Disabled) Gjest (S-1-5-21-2754156630-795056227-535938833-501 - Limited - Disabled) mariu (S-1-5-21-2754156630-795056227-535938833-1001 - Administrator - Enabled) => C:\Users\mariu Standardkonto (S-1-5-21-2754156630-795056227-535938833-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2754156630-795056227-535938833-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.2001.2101 - Micro-Star International Co., Ltd.) CPUID CPU-Z MSI 1.74 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.74 - CPUID, Inc.) ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.2.2 - Ene Tech.) Hidden ENE_DRAM_RGB_AIO (HKLM-x32\...\{c0cc7253-fa06-46c2-9ceb-f8641408262f}) (Version: 1.0.2.2 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{54d3d2b5-db16-446d-b6dd-f4964b166b3b}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC) Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2245.0 - Rockstar Games) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7463 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.2.1024 - Intel Corporation) Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C1A5573E-1508-49E1-BA6A-34E2EB15E9BF}) (Version: 17.5.2.1024 - Intel Corporation) Microsoft 365 Apps for enterprise - nb-no (HKLM\...\O365ProPlusRetail - nb-no) (Version: 16.0.14131.20278 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.64 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.64 - Microsoft Corporation) Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-2754156630-795056227-535938833-1001\...\Teams) (Version: 1.4.00.7174 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation) MSI NBFoundation Service (HKLM-x32\...\{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2104.2801 - MSI) Hidden MSI NBFoundation Service (HKLM-x32\...\InstallShield_{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2104.2801 - MSI) MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 2.2021.0428.01 - MSI) NVIDIA Grafikkdriver 462.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.21 - NVIDIA Corporation) NVIDIA PhysX systemprogramvare 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0414-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden qBittorrent 4.3.6 (HKLM-x32\...\qBittorrent) (Version: 4.3.6 - The qBittorrent project) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.15.19.1412 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.42.369 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.5 - Rockstar Games) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.7174 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN) VulkanSDK 1.2.176.1 (HKLM\...\VulkanSDK1.2.176.1) (Version: 1.2.176.1 - LunarG, Inc.) WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA) Packages: ========= DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.109.0_x64__kzh8wxbdkxb8p [2021-06-30] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task] Intel® grafikkommandosenter -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-07-03] (INTEL CORP) [Startup Task] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-02] (Microsoft Studios) [MS Ad] Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.7.2.0_x64__w2gh52qy24etm [2021-06-30] (A-Volute) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-30] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2021-07-06] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0 [2021-06-30] (Spotify AB) [Startup Task] Tillegg for Bilder-mediemotor -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2754156630-795056227-535938833-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\mariu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2754156630-795056227-535938833-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\mariu\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-08] (Intel(R) Rapid Storage Technology -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-08] (Intel(R) Rapid Storage Technology -> ) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_63c2bbf15c85cec8\nvshext.dll [2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\mariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apper\Gjenopprettelsesverktøy for Chromebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai ==================== Loaded Modules (Whitelisted) ============= 2021-06-30 07:30 - 2021-06-30 07:30 - 002972368 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.109.0_x64__kzh8wxbdkxb8p\DCv2\Device\GM6070\IcMSIDll.dll 2021-06-30 07:46 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-06-30 07:02 - 2021-06-30 07:02 - 042557440 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.dll 2021-06-30 07:49 - 2021-06-30 07:49 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2021-06-30 07:49 - 2021-06-30 07:49 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2019-07-02 15:07 - 2019-07-02 15:07 - 000014632 _____ (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\MSI NBFoundation Service\UEFIVaribleDll.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-2754156630-795056227-535938833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=NMTE BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-06-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-06-30] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\VulkanSDK\1.2.176.1\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-21-2754156630-795056227-535938833-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mariu\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\29752.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKU\S-1-5-21-2754156630-795056227-535938833-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 30-06-2021 08:29:06 Windows Sikkerhetskopiering 02-07-2021 01:11:28 Installasjonsprogram for Windows-moduler 02-07-2021 13:16:18 Installasjonsprogram for Windows-moduler 02-07-2021 13:16:57 Installasjonsprogram for Windows-moduler 02-07-2021 13:17:32 Installasjonsprogram for Windows-moduler 03-07-2021 13:04:30 Installasjonsprogram for Windows-moduler 03-07-2021 13:29:34 Installasjonsprogram for Windows-moduler 03-07-2021 13:30:36 Installasjonsprogram for Windows-moduler 07-07-2021 04:00:52 Installed Battery Calibration 07-07-2021 04:37:41 Installed Nahimic 3 Restore ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (07/07/2021 09:45:42 PM) (Source: ESENT) (EventID: 332) (User: ) Description: services (920,D,50) The database [D:\Downloads\FixWin10.2.2\defltbase.sdb] version 1568.200.440 is higher than the maximum version understood by the engine 1568.110.240. Error: (07/07/2021 09:44:27 PM) (Source: ESENT) (EventID: 332) (User: ) Description: services (920,D,50) The database [D:\Downloads\FixWin10.2.2\defltbase.sdb] version 1568.200.440 is higher than the maximum version understood by the engine 1568.110.240. Error: (07/07/2021 09:43:10 PM) (Source: ESENT) (EventID: 455) (User: ) Description: wuaueng.dll (1788,R,98) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb0006C.log. Error: (07/07/2021 07:07:26 AM) (Source: VSS) (EventID: 13) (User: ) Description: Informasjon fra Volume Shadow Copy-tjenesten: Kan ikke starte COM-serveren med CLSIDen {4e14fba2-2e22-11d1-9964-00c04fbbb345} og navnet CEventSystem. [0x8007045b, Systemavslutning forberedes. ] Error: (07/07/2021 07:07:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: GameManagerService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus) at System.Management.SinkForEventQuery.Cancel() at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize() Error: (07/07/2021 07:07:26 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Feil i tjenesten Volume Shadow Copy: Uventet feil under kall av rutinen CoCreateInstance. hr = 0x8007045b, Systemavslutning forberedes. . Error: (07/07/2021 07:07:26 AM) (Source: VSS) (EventID: 13) (User: ) Description: Informasjon fra Volume Shadow Copy-tjenesten: Kan ikke starte COM-serveren med CLSIDen {4e14fba2-2e22-11d1-9964-00c04fbbb345} og navnet CEventSystem. [0x8007045b, Systemavslutning forberedes. ] Error: (07/07/2021 05:37:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Programnavn med feil: SearchApp.exe, versjon: 10.0.19041.1081, tidsangivelse: 0x14a83b0b Modulnavn med feil: KERNELBASE.dll, versjon: 10.0.19041.1081, tidsangivelse: 0xde3fc775 Unntakskode: 0xc000027b Feilforskyvning: 0x000000000010bd3e Feil prosess-ID: 0x2124 Feil starttid for program: 0x01d772e15c052e19 Feil programbane: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Feil modulbane: C:\Windows\System32\KERNELBASE.dll Rapport-ID: bd0ba3e9-4965-4180-b121-ffb48d360d89 Fullstendig navn på feilpakke: Relativ program-ID for feilpakke: System errors: ============= Error: (07/07/2021 05:00:36 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget at nettverkskortet ikke fungerer slik det skal. 5002 - uCode SW error (SysAssert, NMI) Error: (07/07/2021 05:00:36 PM) (Source: Netwtw08) (EventID: 5005) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget en intern feil. 5005 - Driver internal error Error: (07/07/2021 05:00:36 PM) (Source: Netwtw08) (EventID: 5005) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget en intern feil. 5005 - Driver internal error Error: (07/07/2021 05:00:36 PM) (Source: Netwtw08) (EventID: 5007) (User: ) Description: 5007 - TX/CMD timeout (TfdQueue hanged) Error: (07/07/2021 04:55:51 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget at nettverkskortet ikke fungerer slik det skal. 5002 - uCode SW error (SysAssert, NMI) Error: (07/07/2021 04:55:50 PM) (Source: Netwtw08) (EventID: 5005) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget en intern feil. 5005 - Driver internal error Error: (07/07/2021 04:55:50 PM) (Source: Netwtw08) (EventID: 5005) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget en intern feil. 5005 - Driver internal error Error: (07/07/2021 04:55:50 PM) (Source: Netwtw08) (EventID: 5007) (User: ) Description: 5007 - TX/CMD timeout (TfdQueue hanged) Windows Defender: ================ Date: 2021-07-07 01:36:34 Description: Skanning av Microsoft Defender antivirus er stoppet før fullføring. Skanne-ID: {62D284D5-0659-445A-8A5B-1B01656E478F} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\SYSTEM Date: 2021-07-06 00:21:33 Description: Skanning av Microsoft Defender antivirus er stoppet før fullføring. Skanne-ID: {01FF7FE1-599D-4861-AF84-1D85A5BA2906} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\SYSTEM Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-07-2021 Ran by mariu (07-07-2021 22:10:26) Running from C:\Users\mariu\Downloads Windows 10 Pro Version 21H1 19043.1081 (X64) (2021-06-30 04:55:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2754156630-795056227-535938833-500 - Administrator - Disabled) Gjest (S-1-5-21-2754156630-795056227-535938833-501 - Limited - Disabled) mariu (S-1-5-21-2754156630-795056227-535938833-1001 - Administrator - Enabled) => C:\Users\mariu Standardkonto (S-1-5-21-2754156630-795056227-535938833-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2754156630-795056227-535938833-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.2001.2101 - Micro-Star International Co., Ltd.) CPUID CPU-Z MSI 1.74 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.74 - CPUID, Inc.) ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.2.2 - Ene Tech.) Hidden ENE_DRAM_RGB_AIO (HKLM-x32\...\{c0cc7253-fa06-46c2-9ceb-f8641408262f}) (Version: 1.0.2.2 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{54d3d2b5-db16-446d-b6dd-f4964b166b3b}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC) Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2245.0 - Rockstar Games) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7463 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.2.1024 - Intel Corporation) Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C1A5573E-1508-49E1-BA6A-34E2EB15E9BF}) (Version: 17.5.2.1024 - Intel Corporation) Microsoft 365 Apps for enterprise - nb-no (HKLM\...\O365ProPlusRetail - nb-no) (Version: 16.0.14131.20278 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.64 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.64 - Microsoft Corporation) Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-2754156630-795056227-535938833-1001\...\Teams) (Version: 1.4.00.7174 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation) MSI NBFoundation Service (HKLM-x32\...\{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2104.2801 - MSI) Hidden MSI NBFoundation Service (HKLM-x32\...\InstallShield_{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2104.2801 - MSI) MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 2.2021.0428.01 - MSI) NVIDIA Grafikkdriver 462.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.21 - NVIDIA Corporation) NVIDIA PhysX systemprogramvare 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0414-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden qBittorrent 4.3.6 (HKLM-x32\...\qBittorrent) (Version: 4.3.6 - The qBittorrent project) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.15.19.1412 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.42.369 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.5 - Rockstar Games) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.7174 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN) VulkanSDK 1.2.176.1 (HKLM\...\VulkanSDK1.2.176.1) (Version: 1.2.176.1 - LunarG, Inc.) WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA) Packages: ========= DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.109.0_x64__kzh8wxbdkxb8p [2021-06-30] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task] Intel® grafikkommandosenter -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-07-03] (INTEL CORP) [Startup Task] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-02] (Microsoft Studios) [MS Ad] Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.7.2.0_x64__w2gh52qy24etm [2021-06-30] (A-Volute) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-30] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2021-07-06] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0 [2021-06-30] (Spotify AB) [Startup Task] Tillegg for Bilder-mediemotor -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2754156630-795056227-535938833-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\mariu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2754156630-795056227-535938833-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\mariu\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-08] (Intel(R) Rapid Storage Technology -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-08] (Intel(R) Rapid Storage Technology -> ) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.119.0613.0001\amd64\FileSyncShell64.dll [2021-07-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_63c2bbf15c85cec8\nvshext.dll [2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\mariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apper\Gjenopprettelsesverktøy for Chromebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai ==================== Loaded Modules (Whitelisted) ============= 2021-06-30 07:30 - 2021-06-30 07:30 - 002972368 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.109.0_x64__kzh8wxbdkxb8p\DCv2\Device\GM6070\IcMSIDll.dll 2021-06-30 07:46 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-06-30 07:02 - 2021-06-30 07:02 - 042557440 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.dll 2021-06-30 07:49 - 2021-06-30 07:49 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2021-06-30 07:49 - 2021-06-30 07:49 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2019-07-02 15:07 - 2019-07-02 15:07 - 000014632 _____ (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\MSI NBFoundation Service\UEFIVaribleDll.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-2754156630-795056227-535938833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=NMTE BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-06-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-06-30] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\VulkanSDK\1.2.176.1\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-21-2754156630-795056227-535938833-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mariu\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\29752.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKU\S-1-5-21-2754156630-795056227-535938833-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 30-06-2021 08:29:06 Windows Sikkerhetskopiering 02-07-2021 01:11:28 Installasjonsprogram for Windows-moduler 02-07-2021 13:16:18 Installasjonsprogram for Windows-moduler 02-07-2021 13:16:57 Installasjonsprogram for Windows-moduler 02-07-2021 13:17:32 Installasjonsprogram for Windows-moduler 03-07-2021 13:04:30 Installasjonsprogram for Windows-moduler 03-07-2021 13:29:34 Installasjonsprogram for Windows-moduler 03-07-2021 13:30:36 Installasjonsprogram for Windows-moduler 07-07-2021 04:00:52 Installed Battery Calibration 07-07-2021 04:37:41 Installed Nahimic 3 Restore ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (07/07/2021 09:45:42 PM) (Source: ESENT) (EventID: 332) (User: ) Description: services (920,D,50) The database [D:\Downloads\FixWin10.2.2\defltbase.sdb] version 1568.200.440 is higher than the maximum version understood by the engine 1568.110.240. Error: (07/07/2021 09:44:27 PM) (Source: ESENT) (EventID: 332) (User: ) Description: services (920,D,50) The database [D:\Downloads\FixWin10.2.2\defltbase.sdb] version 1568.200.440 is higher than the maximum version understood by the engine 1568.110.240. Error: (07/07/2021 09:43:10 PM) (Source: ESENT) (EventID: 455) (User: ) Description: wuaueng.dll (1788,R,98) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb0006C.log. Error: (07/07/2021 07:07:26 AM) (Source: VSS) (EventID: 13) (User: ) Description: Informasjon fra Volume Shadow Copy-tjenesten: Kan ikke starte COM-serveren med CLSIDen {4e14fba2-2e22-11d1-9964-00c04fbbb345} og navnet CEventSystem. [0x8007045b, Systemavslutning forberedes. ] Error: (07/07/2021 07:07:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: GameManagerService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus) at System.Management.SinkForEventQuery.Cancel() at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize() Error: (07/07/2021 07:07:26 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Feil i tjenesten Volume Shadow Copy: Uventet feil under kall av rutinen CoCreateInstance. hr = 0x8007045b, Systemavslutning forberedes. . Error: (07/07/2021 07:07:26 AM) (Source: VSS) (EventID: 13) (User: ) Description: Informasjon fra Volume Shadow Copy-tjenesten: Kan ikke starte COM-serveren med CLSIDen {4e14fba2-2e22-11d1-9964-00c04fbbb345} og navnet CEventSystem. [0x8007045b, Systemavslutning forberedes. ] Error: (07/07/2021 05:37:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Programnavn med feil: SearchApp.exe, versjon: 10.0.19041.1081, tidsangivelse: 0x14a83b0b Modulnavn med feil: KERNELBASE.dll, versjon: 10.0.19041.1081, tidsangivelse: 0xde3fc775 Unntakskode: 0xc000027b Feilforskyvning: 0x000000000010bd3e Feil prosess-ID: 0x2124 Feil starttid for program: 0x01d772e15c052e19 Feil programbane: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Feil modulbane: C:\Windows\System32\KERNELBASE.dll Rapport-ID: bd0ba3e9-4965-4180-b121-ffb48d360d89 Fullstendig navn på feilpakke: Relativ program-ID for feilpakke: System errors: ============= Error: (07/07/2021 05:00:36 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget at nettverkskortet ikke fungerer slik det skal. 5002 - uCode SW error (SysAssert, NMI) Error: (07/07/2021 05:00:36 PM) (Source: Netwtw08) (EventID: 5005) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget en intern feil. 5005 - Driver internal error Error: (07/07/2021 05:00:36 PM) (Source: Netwtw08) (EventID: 5005) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget en intern feil. 5005 - Driver internal error Error: (07/07/2021 05:00:36 PM) (Source: Netwtw08) (EventID: 5007) (User: ) Description: 5007 - TX/CMD timeout (TfdQueue hanged) Error: (07/07/2021 04:55:51 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget at nettverkskortet ikke fungerer slik det skal. 5002 - uCode SW error (SysAssert, NMI) Error: (07/07/2021 04:55:50 PM) (Source: Netwtw08) (EventID: 5005) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget en intern feil. 5005 - Driver internal error Error: (07/07/2021 04:55:50 PM) (Source: Netwtw08) (EventID: 5005) (User: ) Description: Intel(R) Wireless-AC 9560 160MHz: Oppdaget en intern feil. 5005 - Driver internal error Error: (07/07/2021 04:55:50 PM) (Source: Netwtw08) (EventID: 5007) (User: ) Description: 5007 - TX/CMD timeout (TfdQueue hanged) Windows Defender: ================ Date: 2021-07-07 01:36:34 Description: Skanning av Microsoft Defender antivirus er stoppet før fullføring. Skanne-ID: {62D284D5-0659-445A-8A5B-1B01656E478F} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\SYSTEM Date: 2021-07-06 00:21:33 Description: Skanning av Microsoft Defender antivirus er stoppet før fullføring. Skanne-ID: {01FF7FE1-599D-4861-AF84-1D85A5BA2906} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\SYSTEM Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 7, 2021 Root Admin ID:1468105 Share Posted July 7, 2021 Please ATTACH all logs unless otherwise requested. Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 7, 2021 Root Admin ID:1468106 Share Posted July 7, 2021 To begin, please do the following so that we may take a closer look at your installation for troubleshooting: NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply Thank you Link to post Share on other sites More sharing options...
Mariux Posted July 7, 2021 Author ID:1468107 Share Posted July 7, 2021 sure. Link to post Share on other sites More sharing options...
Mariux Posted July 7, 2021 Author ID:1468111 Share Posted July 7, 2021 here...at last mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 7, 2021 Root Admin ID:1468115 Share Posted July 7, 2021 Well, neither of those are antivirus programs. Please run the following and I'll check back on you later this afternoon Please run the following steps and post back the logs as an attachment when ready. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download. Spoiler Spoiler When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users. Example of Microsoft Edge blocking the download STEP 01 If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Double-click to run the program Accept the End User License Agreement. Wait until the database is updated. Click Scan Now. When finished, if items are found please click Quarantine. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time Please attach the Additions.txt log to your reply as well. On your next reply, you should be attaching frst.txt and additions.txt to your post, every time. Thanks Link to post Share on other sites More sharing options...
Mariux Posted July 7, 2021 Author ID:1468116 Share Posted July 7, 2021 ok thanks, if nothing happens still, i wont be in contact any longer Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 26, 2021 ID:1471173 Share Posted July 26, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts