Connect with us

News

Possibly infected with stealthy RAT type of malware

Published

on

I’m suspecting having being infected by some sort of spy software. I would like to know what’s the probability of it infecting my phone devices and other home devices and above all to know if that is actually the case.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-10-2021

Ran by H.P Lovecraft (administrator) on HPLOVECRAFT (Gigabyte Technology Co., Ltd. Z87-DS3H) (05-10-2021 14:49:16)

Running from C:UsersH.P LovecraftDesktop

Loaded Profiles: H.P Lovecraft

Platform: Windows 10 Home Version 2004 19041.1237 (X64) Language: Polish (Poland) -> English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraAntivirusavgnt.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraAntivirusavguard.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraAntivirusavshadow.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraAntivirusprotectedservice.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraAntivirussched.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraOptimizer HostAvira.OptimizerHost.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraSecurityAvira.Spotlight.Service.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraSecurityAvira.Spotlight.Systray.Application.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraSoftwareUpdaterAvira.SoftwareUpdater.ServiceHost.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:Program Files (x86)AviraVPNAvira.VpnService.exe

(Discord Inc. -> Discord Inc.) C:UsersH.P LovecraftAppDataLocalDiscordapp-1.0.9003Discord.exe <9>

(GlassWire -> SecureMix LLC) C:Program Files (x86)GlassWireGlassWire.exe

(GlassWire -> SecureMix LLC) C:Program Files (x86)GlassWireGWCtlSrv.exe

(GlassWire -> SecureMix LLC) C:Program Files (x86)GlassWireGWIdlMon.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <35>

(Huawei Technologies Co.,Ltd. -> ) C:Program Files (x86)MobileBrServmbbService.exe

(Intel Corporation – Intel® Management Engine Firmware -> Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsDALjhi_service.exe

(Intel Corporation – Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

(Intel Corporation – Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe

(Intel Corporation – Software and Firmware Products -> Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

(Intel® pGFX -> ) C:WindowsSystem32igfxTray.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxCUIService.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxHK.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunAppVShNotify.exe <2>

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v4.0.30319SMSvcHost.exe <2>

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbweTime.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbweCalculator.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe

(miHoYo Co.,Ltd. -> ) C:Program FilesGenshin ImpactGenshin Impact GameGenshinImpact.exe

(miHoYo Co.,Ltd. -> ) C:Program FilesGenshin ImpactGenshin Impact GameGenshinImpact_DataPluginsZFGameBrowser.exe <3>

(miHoYo Co.,Ltd. -> miHoYo) C:Program FilesGenshin Impactlauncher.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_1c83a5d7cffd7bffDisplay.NvContainerNVDisplay.Container.exe <2>

(OpenVPN Technologies, Inc. -> The OpenVPN Project) C:Program FilesOpenVPNbinopenvpnserv.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe

(The Qt Company Oy -> The Qt Company Ltd.) C:Program FilesGenshin ImpactQtWebEngineProcess.exe

(Valve -> Valve Corporation) C:Program Files (x86)Common FilesSteamSteamService.exe

(Valve -> Valve Corporation) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe <7>

(Valve -> Valve Corporation) C:Program Files (x86)Steamsteam.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [287592 2013-08-07] (Intel Corporation – Intel® Rapid Storage Technology -> Intel Corporation)

HKLM…Run: [RtHDVCpl] => C:Program FilesRealtekAudioHDARAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM…Run: [] => [X]

HKLM-x32…Run: [] => [X]

HKLM-x32…Run: [Genshin Impact_Launcher] => [X]

HKLM-x32…Run: [Opera Browser Assistant] => C:Program FilesOperaassistantbrowser_assistant.exe [4092112 2021-09-28] (Opera Software AS -> Opera Software)

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [29271224 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Run: [SandboxieControl] => C:Program FilesSandboxieSbieCtrl.exe [3649024 2020-06-01] (Sandboxie Holdings, LLC) [File not signed]

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Run: [com.squirrel.Teams.Teams] => C:UsersH.P LovecraftAppDataLocalMicrosoftTeamsUpdate.exe [2453728 2021-04-03] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Run: [] => [X]

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Run: [poe-overlay] => C:Program Filespoe-overlaypoe-overlay.exe [104369640 2021-05-09] (Allan Smith -> PoE-Overlay-Community)

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Run: [GlassWire] => C:Program Files (x86)GlassWireglasswire.exe [9280456 2021-06-03] (GlassWire -> SecureMix LLC)

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Policiessystem: [shell] explorer.exe <==== ATTENTION

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…MountPoints2: {583a990f-71c5-11eb-9566-74d4351a38ce} – “H:AutoRun.exe” 

HKLM…PrintMonitorsHP 612a Status Monitor: C:Windowssystem32hpinksts612aLM.dll [476296 2017-02-10] (Hewlett Packard -> HP Inc.)

HKLM…PrintMonitorsHP Discovery Port Monitor (HP LaserJet M101-M106): C:Windowssystem32HPDiscoPM612a.dll [986248 2017-04-27] (Hewlett Packard -> HP Inc.)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication94.0.4606.61Installerchrmstp.exe [2021-09-24] (Google LLC -> Google LLC)

HKLMSoftware…AuthenticationCredential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 

Startup: C:UsersH.P LovecraftAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutorunsDisabled [2020-09-11] () <==== ATTENTION [zero byte File/Folder]

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {07CFCD9F-94FF-4649-86A4-3E30D19EAF02} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21976976 2021-09-24] (Microsoft Corporation -> Microsoft Corporation)

Task: {0C9CF8B7-C193-4D7B-9827-C13AA93884B3} – System32TasksOpera scheduled assistant Autoupdate 1582719959 => C:Program FilesOperalauncher.exe [42731216 2021-09-21] (Opera Software AS -> Opera Software) -> –scheduledautoupdate –component-name=assistant –component-path=”C:Program FilesOperaassistant” $(Arg0)

Task: {1127B239-EBCA-4BF6-A38D-D2E4C5AD838A} – System32TasksMicrosoftWindowsMedia CenterObjectStoreRecoveryTask => C:WINDOWSehomemcupdate.exe

Task: {12F87FF2-06D7-4DF8-A275-FBFC852EE6B2} – System32TasksMicrosoftWindowsSideShowGadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

Task: {14202ED6-92C1-424B-8D26-9FAF896FAC41} – System32TasksAvira_Security_Update => C:WINDOWSsystem32net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {17A0381B-8022-41EA-9602-E6BDECE7BE40} – System32TasksHPCustParticipation HP LaserJet M101-M106 => C:Program FilesHPHP LaserJet M101-M106BinHPCustPartic.exe [6658184 2017-04-27] (Hewlett Packard -> HP Inc.)

Task: {1D416BDF-776F-4BD7-8B0A-0F6AA3DE48AB} – System32Tasksupdate-sys => C:Program Files (x86)SkillbrainsUpdaterUpdater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

Task: {2095AA1E-FBC0-4B51-83AE-4EBE27B13C0F} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {25688383-8607-43B3-B3A8-CB1033D39AD1} – System32TasksMicrosoftWindowsMedia CenterMediaCenterRecoveryTask => C:WINDOWSehomemcupdate.exe

Task: {25912993-B3E7-42E8-A476-33947C8D7F24} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21976976 2021-09-24] (Microsoft Corporation -> Microsoft Corporation)

Task: {25BC3E9C-BC07-468C-A3AA-728FBDFEE9CD} – System32TasksMicrosoftWindowsMedia CenterActivateWindowsSearch => C:WINDOWSehomeehPrivJob.exe

Task: {2B283494-F373-4AFC-8CC3-505D7083AA91} – System32TasksMicrosoftWindowsMedia CenterConfigureInternetTimeService => C:WINDOWSehomeehPrivJob.exe

Task: {2C08B190-D544-4D46-8D52-CA94E8D15B0F} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Schedule to run OMADMClient by client => C:WINDOWSsystem32omadmclient.exe [435712 2021-08-13] (Microsoft Windows -> Microsoft Corporation)

Task: {32A4E494-8F2B-4213-A65B-60F895B84EB6} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589PushRenewal => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {356441A3-5B7F-4139-A8B5-21A71D44BB1B} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Schedule created by enrollment client for renewal of certificate warning => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {3D62CCA0-5473-4B70-8F48-A20680CB6DF3} – System32TasksOpera scheduled Autoupdate 1531076565 => C:Program FilesOperalauncher.exe [42731216 2021-09-21] (Opera Software AS -> Opera Software)

Task: {436766E9-68CA-4E8F-91C6-EE9880099525} – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {457190B7-BCD9-46F1-B9AE-93C9919E921D} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {469C1361-48B6-4C06-8923-749E65E2F120} – System32TasksMicrosoftWindowsMedia CenterPeriodicScanRetry => C:WINDOWSehomeMCUpdate.exe

Task: {46B68934-FD38-4557-A6E0-5549B83FDBAC} – System32TasksMicrosoftWindowsEnd Of SupportNotify2 => C:WINDOWSsystem32sipnotify.exe

Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} – System32TasksMicrosoftWindowsShellWindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}

Task: {48E8B4AE-3990-4F8C-B01C-3E2A59DE5DCC} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {4B02F5B9-0FE8-4CCC-B36E-B8C1319AC301} – System32TasksAvira_Antivirus_Systray => C:Program Files (x86)AviraAntivirusavgnt.exe [2651056 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

Task: {4B1BFA4C-27DE-4C19-B1AD-56AA674F15C0} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {50153A44-4E7F-42B3-95CD-AD27494DBDAF} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {55BF7BD4-74D5-448D-A16F-5C44C49EB9C4} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153752 2017-02-16] (Google Inc -> Google Inc.)

Task: {56C1350B-DEA2-44B9-A14E-8C84C76208E3} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Schedule #3 created by enrollment client => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} – System32TasksMicrosoftWindowsShellWindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}

Task: {6412F353-C0E5-4E29-8F00-CE6BCC40CF3F} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {64DBEB42-B0DA-49BE-BEFA-182924DDCB80} – System32Tasksupdate-S-1-5-21-1132999665-2204580135-1040923842-1000 => C:Program Files (x86)SkillbrainsUpdaterUpdater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

Task: {6653D710-E0B5-499F-BF16-AF472901023D} – System32TasksAvast SoftwareOverseer => C:Program FilesAVAST SoftwareAvastsetupoverseer.exe

Task: {667B3467-CE17-40DA-AA1B-9F4A15020DEE} – System32TasksGyazoUpdateTaskMachineDaily => C:Program Files (x86)GyazoGyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)

Task: {6A49B613-3DFE-4C86-BA10-C53D21B87D25} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {6C84F57F-A932-481F-A595-300EA4114539} – System32TasksAvira_Security_Service_SCM_Watchdog => C:Program Files (x86)AviraSecurityAvira.Spotlight.Service.Worker.exe [233608 2021-09-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

Task: {6D564AE1-B61B-499A-8772-E6CCC7FED6A8} – System32TasksMicrosoftWindowsMedia CenterOCURDiscovery => C:WINDOWSehomeehPrivJob.exe

Task: {6D9F7DD0-24BD-4CB3-89DD-94BDA0B4FC51} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Passport for Work alert created by enrollment client => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {6EA9CEE3-3A2F-4622-8114-40441956075F} – System32Tasksautorun vpn => C:WindowsSystem32rasdial.exe [20992 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {6F1D4EEE-1525-4CC4-998A-87883A6BB604} – System32TasksMicrosoftWindowsSideShowAutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}

Task: {6FC2E023-E082-4269-A18F-93ADA61A96AF} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [110432 2021-10-04] (Microsoft Corporation -> Microsoft Corporation)

Task: {73248904-A256-4B7E-8C42-6158834193A3} – System32TasksHPCustPartic.exe_{8C14DEC6-DFDA-4B62-BC4F-0C0D1F60FDBA} => C:Program FilesHPHP LaserJet M101-M106BinHPCustPartic.exe [6658184 2017-04-27] (Hewlett Packard -> HP Inc.)

Task: {743A898C-8D3E-4ABF-AFF6-F53C320622C7} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [110432 2021-10-04] (Microsoft Corporation -> Microsoft Corporation)

Task: {76936F6F-C5EA-420A-9357-39BDABA73658} – System32TasksMicrosoftWindowsMedia CenterSqlLiteRecoveryTask => C:WINDOWSehomemcupdate.exe

Task: {7DDEBC97-8D98-4B7D-9F8E-9ED0F558575E} – System32TasksMicrosoftWindowsMedia CenterRecordingRestart => C:WINDOWSehomeehrec.exe

Task: {7E26A768-D3DD-48EE-8A6F-E3CFA021BF08} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Win10 S Mode event listener created by enrollment client => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {7FC71153-94BA-475D-AEA9-08AE0EF0B8AF} – System32TasksMicrosoftWindowsMedia CenterPBDADiscoveryW1 => C:WINDOWSehomeehPrivJob.exe

Task: {80CD2322-E8A4-4842-B663-ECE96B22921F} – System32TasksMicrosoftWindowsMedia CenterRegisterSearch => C:WINDOWSehomeehPrivJob.exe

Task: {81BD9D99-D89B-4DB6-82BC-F2AEE60407DB} – System32TasksMicrosoftWindowsMedia CenterUpdateRecordPath => C:WINDOWSehomeehPrivJob.exe

Task: {828E663B-080F-47E9-85B7-A00A09AFAFA5} – System32TasksMicrosoftWindowsMedia CenterPBDADiscovery => C:WINDOWSehomeehPrivJob.exe

Task: {832C2B74-C08F-4D65-B40B-572EBC2D4B83} – System32TasksGyazoUpdateTaskMachine => C:Program Files (x86)GyazoGyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)

Task: {86DEAB7D-160E-44CB-9D76-A9AC3CCEC2E0} – System32TasksMicrosoftWindowsSideShowSessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}

Task: {89722FC0-4A92-40AE-B11E-5FB655578E07} – System32TasksMicrosoftWindowsMedia CenterPvrScheduleTask => C:WINDOWSehomemcupdate.exe

Task: {8AAE83AC-2795-44B5-8720-B916591BC8CD} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: {8C3B3139-4F02-487B-A24A-C33F04FDC6EC} – System32TasksAviraSystemSpeedupUpdate => C:ProgramDataAviraSystemSpeedupUpdateavira_speedup_setup_update.exe [29851288 2021-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

Task: {8C785D3C-28FF-4BB7-B056-210F54DF06BF} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589PushUpgrade => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {8F0447DB-8B48-4CD5-B44E-8B985349E107} – System32TasksAvira_Security_Systray => C:Program Files (x86)AviraSecurityAvira.Spotlight.Systray.Application.exe [1611760 2021-09-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

Task: {992B8A16-6153-4A6F-BC95-07DDAD274B56} – System32TasksMicrosoftWindowsMedia CenterOCURActivate => C:WINDOWSehomeehPrivJob.exe

Task: {9A265378-05D9-4058-9779-13A1C1FCA13A} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {9C3C229E-E780-4C93-9E04-680E350A6341} – System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {9D57385F-DE57-4E4E-AF25-44F7EEBB6B1D} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Schedule to run OMADMClient by server => C:WINDOWSsystem32omadmclient.exe [435712 2021-08-13] (Microsoft Windows -> Microsoft Corporation)

Task: {A4CC4AFB-9137-49BD-9CE7-3704254B41BE} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Provisioning initiated session => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {AAC83DB3-15CD-402C-8348-DC2FE10312DE} – System32TasksMicrosoftWindowsSideShowSystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}

Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} – System32TasksMicrosoftWindowsPerfTrackBackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}

Task: {B3AA8B3A-5A08-41A1-9E9E-E610E9DBBB41} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Schedule #1 created by enrollment client => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {B5603A51-D22E-4AD6-988C-C284C21D54F8} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589OS Edition Upgrade event listener created by enrollment client => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {B68CB8DC-C549-454C-8F99-C9FD461247E0} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589PushLaunch => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {B954C29D-B8F6-4833-966B-F95B7E7840B6} – System32TasksMicrosoftWindowsMedia CenterDispatchRecoveryTasks => C:WINDOWSehomeehPrivJob.exe

Task: {BE6AA98F-3DD0-497C-B423-AA3A8573CA04} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {C0A1A944-D898-43D4-A654-4350313292DD} – System32Tasks{04E4A842-9754-480A-8BCF-009B21D34E20} => C:Windowssystem32pcalua.exe -a C:UsersH69BC~1.PLOAppDataLocalTempjre-8u131-windows-au.exe -d C:WindowsSysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION

Task: {C5257DAC-06C5-4104-B783-2C15F70A9E1D} – System32TasksMicrosoftVisualStudioVSIX Auto Update 14 => C:Program Files (x86)Microsoft Visual Studio 14.0Common7IDEVSIXAutoUpdate.exe

Task: {C8961161-CBDE-4589-A43D-0230F57AA98B} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153752 2017-02-16] (Google Inc -> Google Inc.)

Task: {CA4397E0-9ABF-4005-85D8-DFF835B70E21} – System32TasksMicrosoftWindowsMedia CenterInstallPlayReady => C:WINDOWSehomeehPrivJob.exe

Task: {CBB08BFA-F0E9-444B-A247-84B0B2CDEF9D} – System32TasksMicrosoftWindowsMedia CenterPBDADiscoveryW2 => C:WINDOWSehomeehPrivJob.exe

Task: {D425A338-CC51-44A3-B6ED-6177446F3460} – System32TasksMicrosoftWindowsMobilePCHotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}

Task: {D8F64F10-417C-45F2-92A7-B72971327170} – System32TasksMicrosoftWindowsMedia CenterPvrRecoveryTask => C:WINDOWSehomemcupdate.exe

Task: {E3223774-E09F-4919-8A4A-5BC2C5B359CD} – System32TasksMicrosoftWindowsMedia CenterReindexSearchRoot => C:WINDOWSehomeehPrivJob.exe

Task: {E7601B0E-3AD4-4DFC-A671-A4B6451CA8C2} – System32TasksMicrosoftWindowsMedia CenterehDRMInit => C:WINDOWSehomeehPrivJob.exe

Task: {ED96AF26-8E4A-4057-8177-5D2000CED3D9} – System32TasksSamsungMagician => C:Program Files (x86)SamsungSamsung MagicianSamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)

Task: {EFB0F556-9BBA-40D8-85CD-3A40B7B7EC92} – System32Tasksnptunnel.service.launcher.exe => C:ProgramDataNpClientInfonptunnel.service.launcher.exe

Task: {EFF158F8-4005-48C4-B156-A7EF92F855CE} – System32TasksMicrosoftWindowsMedia Centermcupdate => C:WINDOWSehomemcupdate.exe

Task: {F20A5937-12BC-4AA2-AC0D-BC59CE1BEF56} – System32TasksMicrosoftWindows LiveSOXEExtractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

Task: {F9FD5472-2501-4B3C-8984-B56F36FE7E08} – System32TasksMicrosoftWindowsEnterpriseMgmt62EA897-C53F-4895-95EB-DB0A05508589Schedule #2 created by enrollment client => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {FB6E6FF2-EF3A-4810-BD76-EC9BD4118AE4} – System32Tasksklcp_update => C:Program Files (x86)K-Lite Codec PackToolsCodecTweakTool.exe [1907712 2020-12-28] () [File not signed]

Task: {FCB49658-C828-4754-BB56-9EF17FC624A2} – System32Tasksnpcapwatchdog => C:Program FilesNpcapCheckStatus.bat [862 2019-04-30] () [File not signed]

Task: {FF1384A8-5355-4A0A-8B6C-141DCD6E08F2} – System32TasksMicrosoftWindowsEnd Of SupportNotify1 => C:WINDOWSsystem32sipnotify.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:Windowsexplorer.exe

Task: C:WINDOWSTasksupdate-S-1-5-21-1132999665-2204580135-1040923842-1000.job => C:Program Files (x86)SkillbrainsUpdaterUpdater.exe

Task: C:WINDOWSTasksupdate-sys.job => C:Program Files (x86)SkillbrainsUpdaterUpdater.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLMSOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones3: <==== ATTENTION (Restriction – Zones)

Tcpip..Interfaces{C787B05E-FD40-4ED4-A2D8-6FE52BD69C91}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip..Interfaces{e4007e06-5482-4104-a8f4-d066eab39fb0}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Tcpip..Interfaces{f8afc86f-4eeb-4c44-a576-e6e0b03a4cf6}: [DhcpNameServer] 192.168.42.129

HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <==== ATTENTION

 

Edge: 

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge Profile: C:UsersH.P LovecraftAppDataLocalMicrosoftEdgeUser DataDefault [2021-08-17]

Edge DownloadDir: Default -> C:UsersH.P LovecraftDownloads

Edge HomePage: Default -> hxxps://www.google.com/

 

FireFox:

========

FF DefaultProfile: 96p7v6a0.default-1517368794646

FF ProfilePath: C:UsersH.P LovecraftAppDataRoamingMozillaFirefoxProfiles96p7v6a0.default-1517368794646 [2021-07-04]

FF NetworkProxy: MozillaFirefoxProfiles96p7v6a0.default-1517368794646 -> backup.ftp”, “u834530.nvpn.so”

FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:Program FilesJavajre1.8.0_151bindtpluginnpDeployJava1.dll [2018-01-12] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:Program FilesJavajre1.8.0_151binplugin2npjp2.dll [2018-01-12] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:Program FilesMicrosoft Silverlight5.1.50918.0npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:Program Files (x86)IntelIntel® Management Engine ComponentsIPTnpIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:Program Files (x86)Javajre1.8.0_151bindtpluginnpDeployJava1.dll [2018-01-12] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:Program Files (x86)Javajre1.8.0_151binplugin2npjp2.dll [2018-01-12] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:Program Files (x86)Microsoft Silverlight5.1.50918.0npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program Files (x86)Microsoft OfficerootOffice16NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll [No File]

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [No File]

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [No File]

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [No File]

FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [No File]

FF Plugin HKUS-1-5-21-1132999665-2204580135-1040923842-1000: @zoom.us/ZoomVideoPlugin -> C:UsersH.P LovecraftAppDataRoamingZoombinnpzoomplugin.dll [2020-05-04] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefault [2021-10-05]

CHR DownloadDir: C:UsersH.P LovecraftDesktop

CHR Notifications: Default -> hxxps://do.centrum24.pl; hxxps://top.gg; hxxps://web.skype.com; hxxps://www.chess.com; hxxps://www1a.delmarmora.pro; hxxps://www1a.samcunningham.pro

CHR HomePage: Default -> hxxps://www.google.com/

CHR StartupUrls: Default -> “”,”hxxp://www.pandora.com/”,”hxxp://www.google.pl/”,”hxxps://www.google.com/”,”hxxp://mysearch.avg.com?cid={7AAB11B6-D4A8-4C07-851A-BCB7DD8FBEDD}&mid=2422fd9a222247d2a5b2a59d73fed13d-cbcc6e946b6ed6f557f727d7cf6dcef6ce9099fc&lang=pl&ds=av013&coid=avgtbdisav&cmpid=&pr=sa&d=2014-06-04 21:41:15&v=18.1.0.443&pid=safeguard&sg=&sap=hp”,”hxxp://www.hxxps://www.google.com/.com/?type=hp&ts=1402586714&from=wpm0612&uid=ST1000DM003-1CH162_Z1D6D8L7XXXXZ1D6D8L7″,”www.wp.pl/?src01=dp2″

CHR Session Restore: Default -> is enabled.

CHR Extension: (Google Translate) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionsaapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-15]

CHR Extension: (BetterTTV) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionsajopnjidmegmdimjlfnijceegpefgped [2021-10-03]

CHR Extension: (WebRTC Leak Shield) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionsbppamachkoflopbagkdoflbgfjflfnfl [2021-10-03]

CHR Extension: (uBlock Origin) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-10-03]

CHR Extension: (Steam Inventory Helper) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionscmeakgjggjdlcpncigglobpjbkabhmjl [2021-10-03]

CHR Extension: (Galaxy-View) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionsdcbeddldohkakodfncjnkkjfojggbahp [2018-09-04]

CHR Extension: (Dark Reader) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionseimadpbcbfnmbkopoojfekhnkhdbieeh [2021-10-03]

CHR Extension: (FrankerFaceZ) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionsfadndhdgpmmaapbmfcknlfgcflmmmieb [2018-12-17]

CHR Extension: (Malwarebytes Browser Guard) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2021-09-15]

CHR Extension: (Image Search Options) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionskljmejbpilkadikecejccebmccagifhl [2020-02-17]

CHR Extension: (Fair AdBlocker) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionslgblnfidahcdcjddiepkckcfdhpknnjh [2021-03-19]

CHR Extension: (Chrome Web Store Payments) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]

CHR Extension: (SetupVPN – Lifetime Free VPN) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionsoofgbpoabipfcfjapgnbbjjaenockbdp [2021-10-03]

CHR Extension: (Gmail) – C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-30]

CHR Profile: C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataGuest Profile [2021-03-17]

CHR Profile: C:UsersH.P LovecraftAppDataLocalGoogleChromeUser DataSystem Profile [2021-03-17]

CHR HKLM-x32…ChromeExtension: [caljgklbbfbcjjanaijlacgncafpegll]

CHR HKLM-x32…ChromeExtension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

 

Opera: 

=======

OPR Profile: C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera Stable [2021-09-29]

OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

OPR Extension: (BetterTTV) – C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera StableExtensionsajopnjidmegmdimjlfnijceegpefgped [2021-08-19]

OPR Extension: (Rich Hints Agent) – C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera StableExtensionsenegjkbbakeegngfapepobipndnebkdk [2021-08-19]

OPR Extension: (FrankerFaceZ) – C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera StableExtensionsfadndhdgpmmaapbmfcknlfgcflmmmieb [2020-08-31]

OPR Extension: (Amazon Assistant Promotion) – C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera StableExtensionskbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-19]

OPR Extension: (uBlock Origin) – C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera StableExtensionskccohkcpppjjkkjppopfnflnebibpida [2021-08-19]

OPR Extension: (Zainstaluj rozszerzenia Chrome) – C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera StableExtensionskipjbhgniklcnglfaldilecjomjaddfi [2020-08-18]

OPR Extension: (Fair AdBlocker) – C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera StableExtensionslgblnfidahcdcjddiepkckcfdhpknnjh [2021-05-08]

OPR Extension: (Dlive Xtra Stickers) – C:UsersH.P LovecraftAppDataRoamingOpera SoftwareOpera StableExtensionsloglhilplhpdmjhnemifeiodjabijlbc [2020-09-15]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AntiVirMailService; C:Program Files (x86)AviraAntivirusavmailc7.exe [1206648 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AntivirProtectedService; C:Program Files (x86)AviraAntivirusProtectedService.exe [538000 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:Program Files (x86)AviraAntivirussched.exe [485048 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:Program Files (x86)AviraAntivirusavguard.exe [485048 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:Program Files (x86)AviraAntivirusavwebg7.exe [574672 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AviraOptimizerHost; C:Program Files (x86)AviraOptimizer HostAvira.OptimizerHost.exe [2989160 2021-08-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:Program Files (x86)AviraVPNAvira.VpnService.exe [384480 2021-08-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AviraSecurity; C:Program Files (x86)AviraSecurityAvira.Spotlight.Service.exe [252208 2021-09-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S2 AviraSecurityUpdater; C:Program Files (x86)AviraSecurityAvira.Spotlight.Common.Updater.exe [259064 2021-09-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:Program Files (x86)AviraSoftwareUpdaterAvira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9250696 2021-09-24] (Microsoft Corporation -> Microsoft Corporation)

S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [784512 2019-02-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R2 GlassWire; C:Program Files (x86)GlassWireGWCtlSrv.exe [7007176 2021-06-03] (GlassWire -> SecureMix LLC)

S4 Intel® Capability Licensing Service Interface; C:Program FilesInteliCLS ClientHeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S3 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7456464 2021-01-12] (Malwarebytes Inc -> Malwarebytes)

R2 Mobile Broadband HL Service; C:Program Files (x86)MobileBrServmbbservice.exe [242264 2016-03-24] (Huawei Technologies Co.,Ltd. -> )

S3 npggsvc; C:WindowsSysWOW64GameMon.des [7962384 2017-04-09] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)

S3 OpenVPNService; C:Program FilesOpenVPNbinopenvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> )

R2 OpenVPNServiceInteractive; C:Program FilesOpenVPNbinopenvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S3 OpenVPNServiceLegacy; C:Program FilesOpenVPNbinopenvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S2 SbieSvc; C:Program FilesSandboxieSbieSvc.exe [310272 2020-06-01] (Sandboxie Holdings, LLC) [File not signed]

S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2010.7-0NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2010.7-0MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_1c83a5d7cffd7bffDisplay.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_1c83a5d7cffd7bffDisplay.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

S3 Origin Client Service; “C:Program Files (x86)OriginOriginClientService.exe” [X]

S2 Origin Web Helper Service; “C:Program Files (x86)OriginOriginWebHelperService.exe” [X]

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AndnetBus; C:WINDOWSSystem32driverslgandnetbus64.sys [30208 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)

S3 AndNetDiag; C:WINDOWSsystem32DRIVERSlgandnetdiag64.sys [30720 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)

S3 ANDNetModem; C:WINDOWSsystem32DRIVERSlgandnetmodem64.sys [37376 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)

S3 athur; C:WINDOWSSystem32DRIVERSathurx.sys [1930240 2013-06-29] (Atheros Communications, Inc.) [File not signed]

R0 avdevprot; C:WINDOWSSystem32DRIVERSavdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S0 avelam; C:WINDOWSSystem32driversavelam.sys [22848 2021-07-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)

R2 avgntflt; C:WINDOWSSystem32DRIVERSavgntflt.sys [207864 2021-08-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R1 avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [199312 2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R1 avkmgr; C:WINDOWSsystem32DRIVERSavkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 avnetflt; C:WINDOWSsystem32DRIVERSavnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R0 avusbflt; C:WINDOWSSystem32Driversavusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2020-09-11] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:WINDOWSSystem32driversbthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]

R1 gwdrv; C:WINDOWSsystem32DRIVERSgwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)

S3 keycrypt; C:WINDOWSSystem32DRIVERSKeyCrypt64.sys [161408 2017-09-12] (Zemana Ltd. -> Zemana Ltd.)

R3 kmloop; C:WINDOWSSystem32driversloop.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

R2 LdVBoxDrv; C:Program FilesldplayerboxLdVBoxDrv.sys [315232 2021-08-24] (MyTestCertificate -> Oracle Corporation)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R0 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248968 2021-01-12] (Malwarebytes Inc -> Malwarebytes)

U4 mhyprot2; C:UsersH69BC~1.PLOAppDataLocalTempmhyprot2.sys [1349408 2021-08-23] (miHoYo Co.,Ltd. -> ) <==== ATTENTION

S3 npcap; C:WINDOWSsystem32DRIVERSnpcap.sys [80192 2019-07-31] (Insecure.Com LLC -> Insecure.Com LLC.)

R3 phantomtap; C:WINDOWSSystem32driversphantomtap.sys [50248 2020-12-01] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)

R3 ptun0901; C:WINDOWSSystem32driversptun0901.sys [27136 2016-06-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S3 tap-tb-0901; C:WINDOWSSystem32driverstap-tb-0901.sys [38656 2020-04-08] (TunnelBear, Inc. -> The OpenVPN Project)

R3 tap0901; C:WINDOWSSystem32driverstap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

R3 VBAudioVACMME; C:WINDOWSSystem32driversvbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows ® Win 7 DDK provider)

R3 VBAudioVMVAIOMME; C:WINDOWSSystem32driversvbaudio_vmvaio64_win7.sys [41192 2017-08-28] (Vincent Burel -> Windows ® Win 7 DDK provider)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)

S3 xhunter1; C:Windowsxhunter1.sys [2719256 2020-02-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

R1 ZAM_Guard; C:WindowsSystem32driverszamguard64.sys [203680 2019-05-21] (Zemana Ltd. -> Zemana Ltd.)

R1 zeonetfilter; C:WINDOWSSystem32driverszeonetfilter.sys [74816 2018-09-28] (Microsoft Windows Hardware Compatibility Publisher -> NOVNIFY LIMITED.)

S1 amsdk; ??C:WINDOWSsystem32driversamsdk.sys [X]

U3 idsvc; no ImagePath

S3 SbieDrv; ??C:Program FilesSandboxieSbieDrv.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-10-05 14:49 – 2021-10-05 14:50 – 000045820 _____ C:UsersH.P LovecraftDesktopFRST.txt

2021-10-05 14:48 – 2021-10-05 14:49 – 000000000 ____D C:FRST

2021-10-05 14:47 – 2021-10-05 14:47 – 002308096 _____ (Farbar) C:UsersH.P LovecraftDesktopFRST64.exe

2021-09-30 14:30 – 2021-09-30 14:30 – 000000000 ____D C:UsersH.P LovecraftAppDataRoamingEasyAntiCheat

2021-09-29 17:20 – 2021-09-29 17:20 – 000036158 _____ C:UsersH.P LovecraftDesktopThe.Houses.October.Built.2014.1080p.BluRay.H264.AAC-RARBG-[rarbg.to].torrent

2021-09-23 05:24 – 2021-09-23 06:42 – 000000000 ____D C:UsersH.P LovecraftDesktopOld.2021.1080p.WEBRip.DD5.1.x264-NOGRP

2021-09-18 13:14 – 2021-09-18 13:14 – 001260882 _____ C:UsersH.P LovecraftDesktopquiet_boy.mp4

2021-09-16 22:37 – 2021-09-16 22:37 – 000452096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-09-16 22:36 – 2021-09-16 22:36 – 002111488 _____ (Digimarc) C:WINDOWSSysWOW64DMRCDecoder.dll

2021-09-16 22:36 – 2021-09-16 22:36 – 001823304 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-09-16 22:36 – 2021-09-16 22:36 – 001393480 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-09-16 22:36 – 2021-09-16 22:36 – 001333760 _____ C:WINDOWSSysWOW64TextInputMethodFormatter.dll

2021-09-16 22:36 – 2021-09-16 22:36 – 001313608 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-09-16 22:36 – 2021-09-16 22:36 – 001164288 _____ C:WINDOWSsystem32MBR2GPT.EXE

2021-09-16 22:36 – 2021-09-16 22:36 – 000672768 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll

2021-09-16 22:36 – 2021-09-16 22:36 – 000570368 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-09-16 22:36 – 2021-09-16 22:36 – 000426496 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv

2021-09-16 22:36 – 2021-09-16 22:36 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-09-16 22:36 – 2021-09-16 22:36 – 000147456 _____ (Microsoft Corporation) C:WINDOWSsystem32wshom.ocx

2021-09-16 22:36 – 2021-09-16 22:36 – 000122880 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wshom.ocx

2021-09-16 22:36 – 2021-09-16 22:36 – 000011355 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-09-16 22:35 – 2021-09-16 22:35 – 002295296 _____ (Digimarc) C:WINDOWSsystem32DMRCDecoder.dll

2021-09-16 22:35 – 2021-09-16 22:35 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll

2021-09-16 22:35 – 2021-09-16 22:35 – 000566784 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv

2021-09-16 22:35 – 2021-09-16 22:35 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-09-16 22:35 – 2021-09-16 22:35 – 000162816 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe

2021-09-16 22:35 – 2021-09-16 22:35 – 000098816 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-09-16 22:21 – 2021-09-16 22:21 – 000000000 ___HD C:$WinREAgent

2021-09-15 08:07 – 2021-09-15 08:07 – 000021992 _____ (EasyAntiCheat Oy) C:WINDOWSsystem32eac_usermode_128923411218621.dll

2021-09-14 10:59 – 2021-09-14 10:59 – 000001068 _____ C:UsersH.P LovecraftDesktopGenshin Impact.lnk

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-10-05 14:51 – 2021-06-22 19:44 – 005882989 _____ C:WINDOWSZAM_Guard.krnl.trace

2021-10-05 14:50 – 2017-02-16 00:39 – 000000000 ____D C:Program Files (x86)Steam

2021-10-05 14:48 – 2017-02-16 00:21 – 000000000 ____D C:UsersH.P LovecraftAppDataRoamingdiscord

2021-10-05 14:38 – 2019-12-07 11:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-10-05 14:35 – 2017-02-16 00:03 – 000000000 ____D C:Program Files (x86)Google

2021-10-05 14:19 – 2017-02-16 00:21 – 000000000 ____D C:UsersH.P LovecraftAppDataLocalDiscord

2021-10-05 12:46 – 2020-10-02 01:29 – 000000000 ____D C:Program FilesGenshin Impact

2021-10-05 11:28 – 2020-09-11 14:53 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-10-05 11:28 – 2020-07-14 08:48 – 000000000 ____D C:UsersH.P Lovecraft.Ld2VirtualBox

2021-10-04 18:00 – 2020-11-25 21:07 – 000000000 ____D C:UsersH.P LovecraftAppDataRoamingpoe-overlay

2021-10-04 14:21 – 2020-07-14 08:48 – 000000000 ____D C:UsersH.P LovecraftAppDataRoamingXuanZhi

2021-10-04 12:55 – 2020-09-11 15:03 – 001922934 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-10-04 12:55 – 2019-12-07 17:08 – 000823158 _____ C:WINDOWSsystem32perfh015.dat

2021-10-04 12:55 – 2019-12-07 17:08 – 000171202 _____ C:WINDOWSsystem32perfc015.dat

2021-10-04 12:55 – 2019-12-07 11:13 – 000000000 ____D C:WINDOWSINF

2021-10-04 11:24 – 2017-02-16 23:10 – 000000000 ____D C:UsersH.P LovecraftAppDataLocalCrashDumps

2021-10-04 10:48 – 2018-03-06 13:48 – 000000000 ____D C:Program Files (x86)Microsoft Office

2021-10-04 10:37 – 2020-08-15 00:04 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-10-03 10:29 – 2017-02-16 00:31 – 000000000 ____D C:ProgramDataNVIDIA

2021-10-03 10:28 – 2020-09-11 15:00 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-10-03 10:28 – 2020-09-11 14:53 – 000008192 ___SH C:DumpStack.log.tmp

2021-10-03 10:28 – 2019-09-30 14:15 – 000000000 ____D C:UsersH.P LovecraftDesktopshadowplayvids

2021-10-03 10:28 – 2019-08-25 21:14 – 000000000 __SHD C:UsersH.P LovecraftIntelGraphicsProfiles

2021-10-03 10:28 – 2019-08-25 19:52 – 000000180 _____ C:WINDOWSsystem32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2021-10-02 23:43 – 2020-09-11 14:55 – 000000000 ____D C:UsersH.P Lovecraft

2021-10-02 23:43 – 2019-12-07 11:03 – 000524288 _____ C:WINDOWSsystem32configBBI

2021-10-02 11:22 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-10-02 11:21 – 2020-07-18 00:55 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-10-02 11:21 – 2019-12-07 11:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-10-02 10:58 – 2020-09-11 15:00 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-10-02 10:58 – 2020-09-11 15:00 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-10-01 08:37 – 2020-09-11 15:00 – 000003420 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA

2021-10-01 08:37 – 2020-09-11 15:00 – 000003296 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore

2021-09-30 18:20 – 2019-08-25 22:32 – 000000000 ____D C:UsersH.P LovecraftAppDataLocalD3DSCache

2021-09-29 20:32 – 2019-05-24 15:30 – 000000000 ____D C:UsersH.P LovecraftDesktopemolji

2021-09-29 19:19 – 2017-02-16 00:15 – 000000000 ____D C:UsersH.P LovecraftAppDataRoaminguTorrent

2021-09-29 19:18 – 2019-06-06 21:48 – 000000000 ____D C:UsersH.P LovecraftAppDataLocalBitTorrentHelper

2021-09-29 08:54 – 2020-09-11 15:00 – 000004162 _____ C:WINDOWSsystem32TasksOpera scheduled assistant Autoupdate 1582719959

2021-09-25 06:14 – 2020-09-11 14:55 – 000002407 _____ C:UsersH.P LovecraftAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-09-24 12:10 – 2017-02-16 00:04 – 000002307 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-09-24 06:21 – 2018-07-08 20:47 – 000000000 ____D C:Program FilesOpera

2021-09-24 05:09 – 2020-09-20 12:18 – 000000000 ____D C:WINDOWSMinidump

2021-09-24 05:04 – 2021-07-14 03:51 – 000002818 _____ C:WINDOWSsystem32TasksAvira_Security_Systray

2021-09-24 05:04 – 2021-04-16 15:51 – 000001078 _____ C:UsersPublicDesktopAvira.lnk

2021-09-24 05:04 – 2021-04-16 15:51 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAvira

2021-09-24 05:04 – 2020-11-08 18:01 – 000003636 _____ C:WINDOWSsystem32TasksAvira_Security_Update

2021-09-24 05:02 – 2020-09-11 15:00 – 000003992 _____ C:WINDOWSsystem32TasksOpera scheduled Autoupdate 1531076565

2021-09-24 05:02 – 2018-07-08 21:02 – 000001113 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPrzeglądarka Opera.lnk

2021-09-24 04:59 – 2020-11-08 17:52 – 000003778 _____ C:WINDOWSsystem32TasksAviraSystemSpeedupUpdate

2021-09-21 16:59 – 2021-03-07 14:44 – 000000408 _____ C:UsersH.P LovecraftDesktopgenshinteam.txt

2021-09-19 04:42 – 2021-04-18 18:05 – 000000000 ____D C:UsersH.P LovecraftAppDataLocalNotepad

2021-09-19 01:16 – 2020-09-11 14:53 – 000443920 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSystemResources

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32WinMetadata

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32migwiz

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32DDFs

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32appraiser

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSShellComponents

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSProvisioning

2021-09-19 01:14 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-09-19 01:14 – 2019-12-07 11:03 – 000000000 ____D C:WINDOWSservicing

2021-09-16 22:40 – 2019-12-07 11:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-09-16 22:20 – 2018-03-31 11:59 – 000000000 ____D C:WINDOWSsystem32MRT

2021-09-16 22:17 – 2018-03-31 11:57 – 135637312 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-09-16 03:45 – 2017-07-11 02:41 – 000000000 ____D C:UsersH.P LovecraftDesktopweeb

2021-09-14 11:02 – 2020-10-02 01:31 – 000000000 ____D C:UsersH.P LovecraftAppDataLocalmiHoYo

2021-09-14 10:59 – 2020-10-02 01:29 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGenshin Impact

2021-09-08 21:47 – 2020-08-15 00:04 – 000605520 _____ (Microsoft Corporation) C:WINDOWSsystem32sedplugins.dll

2021-09-08 21:47 – 2020-08-15 00:04 – 000486736 _____ (Microsoft Corporation) C:WINDOWSsystem32QualityUpdateAssistant.dll

 

==================== Files in the root of some directories ========

 

2020-07-14 08:48 – 2020-07-14 08:48 – 000000068 _____ () C:UsersH.P LovecraftAppDataRoamingchangzhi_leidian.data

2021-08-24 03:07 – 2021-08-24 03:07 – 000000154 _____ () C:UsersH.P LovecraftAppDataRoamingchangzhi_leidianmac.data

2020-08-03 22:56 – 2020-08-03 22:56 – 000000068 _____ () C:UsersH.P LovecraftAppDataRoamingchangzhi_mplayer.data

2017-03-11 05:04 – 2017-03-11 04:18 – 008251680 _____ () C:UsersH.P LovecraftAppDataRoamingDS2SOFS0000.sl2

2017-03-11 05:04 – 2017-03-11 04:03 – 009307472 _____ () C:UsersH.P LovecraftAppDataRoamingDS30000.sl2

2019-12-03 08:09 – 2019-12-03 08:09 – 000010849 _____ () C:UsersH.P LovecraftAppDataRoamingmanifest.json

2019-12-03 08:07 – 2019-12-03 08:07 – 000011854 _____ () C:UsersH.P LovecraftAppDataRoamingmodlist.html

2018-09-12 18:46 – 2018-09-12 18:46 – 000000020 _____ () C:UsersH.P LovecraftAppDataRoamingsystem.xml

2017-08-29 13:39 – 2017-08-29 14:00 – 000004477 _____ () C:UsersH.P LovecraftAppDataRoamingVoiceMeeterDefault.xml

2017-08-04 23:02 – 2017-08-04 23:02 – 000000600 _____ () C:UsersH.P LovecraftAppDataLocalPUTTY.RND

2021-08-17 21:49 – 2021-08-17 21:49 – 000002639 _____ () C:UsersH.P LovecraftAppDataLocalrecently-used.xbel

2017-08-08 19:36 – 2019-08-02 21:39 – 000007601 _____ () C:UsersH.P LovecraftAppDataLocalResmon.ResmonCfg

2019-06-29 16:12 – 2019-06-29 16:12 – 000000003 _____ () C:UsersH.P LovecraftAppDataLocalupdater.log

2019-06-29 16:12 – 2019-06-29 16:12 – 000000425 _____ () C:UsersH.P LovecraftAppDataLocalUserProducts.xml

2020-05-11 15:12 – 2020-05-11 15:12 – 000000000 _____ () C:UsersH.P LovecraftAppDataLocalzenmap.exe.log

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2021

Ran by H.P Lovecraft (05-10-2021 14:51:51)

Running from C:UsersH.P LovecraftDesktop

Windows 10 Home Version 2004 19041.1237 (X64) (2020-09-11 13:00:32)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-1132999665-2204580135-1040923842-500 – Administrator – Disabled)

Gość (S-1-5-21-1132999665-2204580135-1040923842-501 – Limited – Disabled)

H.P Lovecraft (S-1-5-21-1132999665-2204580135-1040923842-1000 – Administrator – Enabled) => C:UsersH.P Lovecraft

Konto domyślne (S-1-5-21-1132999665-2204580135-1040923842-503 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-1132999665-2204580135-1040923842-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avira Antivirus (Enabled – Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…uTorrent) (Version: 3.5.5.46096 – BitTorrent Inc.)

7-Zip 16.04 (x64) (HKLM…7-Zip) (Version: 16.04 – Igor Pavlov)

Active Directory Authentication Library for SQL Server (HKLM…{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 – Microsoft Corporation) Hidden

Active Directory Authentication Library for SQL Server (x86) (HKLM-x32…{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 – Microsoft Corporation) Hidden

Allgemeine Runtime Files (x86) (HKLM…{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.0 – Sereby Corporation)

Audacity 2.3.1 (HKLM-x32…Audacity_is1) (Version: 2.3.1 – Audacity Team)

AutoHotkey 1.1.32.00 (HKLM…AutoHotkey) (Version: 1.1.32.00 – Lexikos)

Avira Antivirus (HKLM-x32…Avira Antivirus) (Version: 15.0.2108.2113 – Avira Operations GmbH & Co. KG) Hidden

Avira Phantom VPN (HKLM-x32…Avira Phantom VPN) (Version: 2.37.7.25887 – Avira Operations GmbH & Co. KG) Hidden

Avira Security (HKLM-x32…Avira Security_is1) (Version: 1.1.55.23309 – Avira Operations GmbH & Co. KG) Hidden

Avira Security (HKLM-x32…AviraSecurityUninstaller) (Version:  – Avira Operations GmbH & Co. KG;)

Avira Software Updater (HKLM-x32…{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 – Avira Operations GmbH & Co. KG) Hidden

Avira System Speedup (HKLM-x32…Avira System Speedup_is1) (Version: 6.13.0.11216 – Avira Operations GmbH & Co. KG) Hidden

Badanie mające na celu poprawę produktów HP LaserJet M101-M106 (HKLM…{B8C93DC2-4558-43CB-B919-E5C24726002A}) (Version: 44.1.2483.17117 – HP Inc.)

BatchPurifier (HKLM-x32…{0CB949A6-F151-41CC-BD33-43C4F26A60D9}) (Version: 6.00.0000 – Digital Confidence)

Blade & Soul (HKLM-x32…{37EEA701-C7E3-4DC9-BCFB-39C89A6998AD}) (Version: 2.02.0000 – NCTAIWAN) Hidden

Blade & Soul (HKLM-x32…{9C7ADD9B-0F54-4526-87E8-E739FBB91FD4}) (Version: 1.0.65.0 – NC Interactive, LLC)

Blade & Soul (HKLM-x32…InstallShield_{37EEA701-C7E3-4DC9-BCFB-39C89A6998AD}) (Version: 2.02.0000 – NCTAIWAN)

Blade & Soul Launcher Bundle (HKLM-x32…{fcb7b621-345c-46f2-a010-76a58c939d54}) (Version: 1.0.2.0 – NC Interactive, LLC) Hidden

Blender (HKLM…{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 – Blender Foundation)

Blizzard App (HKLM-x32…Battle.net) (Version:  – Blizzard Entertainment)

Burning Crusade Classic (HKLM-x32…Burning Crusade Classic) (Version:  – Blizzard Entertainment)

CCleaner (HKLM…CCleaner) (Version: 5.70 – Piriform)

Chaos Recipe Enhancer (HKLM-x32…{7801B2B8-4088-46B3-A630-18CABB34F367}) (Version: 1.1.3 – kosace)

Core Temp 1.15 (HKLM…{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15 – ALCPU)

CPUID CPU-Z 1.90 (HKLM…CPUID CPU-Z_is1) (Version: 1.90 – CPUID, Inc.)

D3DX10 (HKLM-x32…{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 – Microsoft) Hidden

Discord (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Discord) (Version: 0.0.309 – Discord Inc.)

DriversCloud.com (64 bits) (HKLM…{DB35A54E-1155-42D5-9F9E-584067B0E226}) (Version: 10.0.10.0 – Cybelsoft)

Epic Games Launcher (HKLM-x32…{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 – Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM…{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Exilence Next 0.4.8 (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…58032b8c-4c17-5b0e-b3bc-74d53946ba55) (Version: 0.4.8 – )

FileZilla Client 3.23.0.2 (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…FileZilla Client) (Version: 3.23.0.2 – Tim Kosse)

FINAL FANTASY XIV ONLINE (HKLM-x32…{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 – SQUARE ENIX CO., LTD.)

FreeFixer (HKLM-x32…FreeFixer1.19) (Version: 1.19 – Kephyr)

GCFScape 1.8.6 (HKLM…GCFScape_is1) (Version:  – Ryan Gregg)

GIMP 2.8.20 (HKLM…GIMP-2_is1) (Version: 2.8.20 – The GIMP Team)

GlassWire 2.3 (remove only) (HKLM-x32…GlassWire 2.3) (Version: 2.3.321 – SecureMix LLC)

Google Chrome (HKLM-x32…Google Chrome) (Version: 94.0.4606.61 – Google LLC)

Gyazo 4.1.2.0 (HKLM-x32…{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  – Nota Inc.)

HandBrake 1.3.3 (HKLM-x32…HandBrake) (Version: 1.3.3 – )

HP LaserJet M101-M106 — podstawowe oprogramowanie urządzenia (HKLM…{452F9083-A50C-49A5-97D1-2DDE0C72AAC8}) (Version: 44.1.2483.17117 – HP Inc.)

IIS 10.0 Express (HKLM…{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 – Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM…{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  – )

IIS Express Application Compatibility Database for x86 (HKLM…{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  – )

Intel® Management Engine Components (HKLM-x32…{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 – Intel Corporation)

Intel® Processor Graphics (HKLM-x32…{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 – Intel Corporation)

Intel® Rapid Storage Technology (HKLM…{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 – Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32…{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 – Intel Corporation)

Java 8 Update 151 (64-bit) (HKLM…{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 – Oracle Corporation)

Java 8 Update 151 (HKLM-x32…{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 – Oracle Corporation)

Java SE Development Kit 7 Update 55 (HKLM-x32…{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 – Oracle)

Kits Configuration Installer (HKLM-x32…{0275DC52-C83E-3142-D2EF-70877F885663}) (Version: 10.0.26624 – Microsoft) Hidden

K-Lite Codec Pack 16.1.2 Full (HKLM-x32…KLiteCodecPack_is1) (Version: 16.1.2 – KLCP)

LAME v3.99.3 (for Windows) (HKLM-x32…LAME_is1) (Version:  – )

Launcher Prerequisites (x64) (HKLM-x32…{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

LDPlayer (HKLM-x32…LDPlayer4) (Version: 4.0.63 – XUANZHI INTERNATIONAL CO., LIMITED)

League of Legends (HKLM-x32…League of Legends 1.0) (Version: 1.0 – Riot Games, Inc)

LG Mobile Driver (HKLM-x32…{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.5.0 – LG Electronics)

Lightshot-5.4.0.35 (HKLM-x32…{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 – Skillbrains)

LM101 (HKLM-x32…{C1D550A6-7C72-4286-970D-5CBF7C828A38}) (Version: 0.00.0005 – HP)

Macro Recorder 5.8.0 (HKLM-x32…Macro Recorder_is1) (Version: 5.8.0 – Jitbit Software)

Malwarebytes version 4.3.0.98 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 – Malwarebytes)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32…{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 – Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32…{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 SDK (HKLM-x32…{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 SDK (Polski) (HKLM-x32…{A9D7F21C-C602-46C5-A080-4E44E440F249}) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32…{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32…{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 z dodatkiem Targeting Pack (Polski) (HKLM-x32…{EDC3FD45-C9CE-483F-8013-D18C69EF3F85}) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 94.0.992.38 – Microsoft Corporation)

Microsoft Help Viewer 2.2 (HKLM-x32…Microsoft Help Viewer 2.2) (Version: 2.2.25420 – Microsoft Corporation)

Microsoft Office Professional 2016 – pl-pl (HKLM…ProfessionalRetail – pl-pl) (Version: 16.0.14430.20234 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…OneDriveSetup.exe) (Version: 21.170.0822.0002 – Microsoft Corporation)

Microsoft Silverlight (HKLM…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 – Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM…{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 – Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM…{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 – Microsoft Corporation)

Microsoft SQL Server 2014 Express LocalDB  (HKLM…{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects  (HKLM-x32…{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects  (x64) (HKLM…{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM…{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32…{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2016 LocalDB  (HKLM…{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft SQL Server 2016 Management Objects  (HKLM-x32…{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft SQL Server 2016 Management Objects  (x64) (HKLM…{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32…{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 – Microsoft Corporation)

Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM…{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM…{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 – Microsoft Corporation)

Microsoft SQL Server Data Tools – enu (14.0.60519.0) (HKLM-x32…{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM…{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM-x32…{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2016 (HKLM…{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2016 (HKLM-x32…{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft Teams (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Teams) (Version: 1.4.00.8872 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.7523 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022 (HKLM-x32…{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.7523 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…{82f2609e-68ba-408d-963f-530ad8809435}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…{577ff5ba-39aa-4d8c-a3a9-f95012763438}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32…{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.28.29334 (HKLM-x32…{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 – Microsoft Corporation)

Minecraft Launcher (HKLM-x32…{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 – Mojang)

Mobile Broadband HL Service (HKLM-x32…Mobile Broadband HL Service) (Version: 22.001.29.01.03 – Huawei Technologies Co.,Ltd)

Movie Maker (HKLM-x32…{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 – Microsoft Corporation) Hidden

Movie Maker (HKLM-x32…{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 – Microsoft Corporation) Hidden

Mozilla Firefox 69.0 (x64 pl) (HKLM…Mozilla Firefox 69.0 (x64 pl)) (Version: 69.0 – Mozilla)

Mozilla Maintenance Service (HKLM-x32…MozillaMaintenanceService) (Version: 69.0.0.7178 – Mozilla)

NC Launcher (HKLM-x32…NCLauncherS_plaync) (Version:  – NCSOFT)

NCSOFT Game Launcher (HKLM-x32…NCLauncher_NCWest) (Version:  – NCSOFT)

Nmap 7.80 (HKLM-x32…Nmap) (Version: 7.80 – Nmap Project)

Node.js (HKLM…{E3C2DC65-9DCA-4422-BDDE-0489B89A16D2}) (Version: 10.16.0 – Node.js Foundation)

Notepad++ (64-bit x64) (HKLM…Notepad++) (Version: 7.9.1 – Notepad++ Team)

Npcap 0.9982 (HKLM-x32…NpcapInst) (Version: 0.9982 – Nmap Project)

NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 – NVIDIA Corporation)

NVIDIA GeForce Experience 3.23.0.74 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 – NVIDIA Corporation)

NVIDIA Graphics Driver 456.71 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)

OBS Studio (HKLM-x32…OBS Studio) (Version: 17.0.2 – OBS Project)

Office 16 Click-to-Run Extensibility Component (HKLM-x32…{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14430.20234 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14430.20234 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14430.20234 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32…{90160000-008C-0415-0000-0000000FF1CE}) (Version: 16.0.14430.20234 – Microsoft Corporation) Hidden

OpenShot Video Editor version 2.4.3 (HKLM…{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.3 – OpenShot Studios, LLC)

OpenVPN 2.4.6-I602  (HKLM…OpenVPN) (Version: 2.4.6-I602 – OpenVPN Technologies, Inc.)

Opera Stable 79.0.4143.50 (HKLM-x32…Opera 79.0.4143.50) (Version: 79.0.4143.50 – Opera Software)

osu! (HKLM-x32…{ba740871-6b73-4de7-a01e-66469706fcfc}) (Version: latest – ppy Pty Ltd)

Path of Building Community (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Path of Building Community) (Version: 1.4.170.16 – Path of Building Community)

Path of Building version 1.4.170 (HKLM-x32…{72FA9AB7-189F-4BDE-8856-72DEB90C157B}_is1) (Version: 1.4.170 – Openarl)

poe-overlay 0.7.14 (HKLM…{4029a1cf-61b4-539a-827c-d229b542fc0f}) (Version: 0.7.14 – PoE-Overlay-Community)

Python 3.7.3 (32-bit) (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 – Python Software Foundation)

Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32…{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python 3.7.3 Development Libraries (32-bit) (HKLM-x32…{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python 3.7.3 Documentation (32-bit) (HKLM-x32…{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python 3.7.3 Executables (32-bit) (HKLM-x32…{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32…{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python 3.7.3 Standard Library (32-bit) (HKLM-x32…{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32…{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python 3.7.3 Test Suite (32-bit) (HKLM-x32…{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32…{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 – Python Software Foundation) Hidden

Python Launcher (HKLM-x32…{A28C27E4-A725-482A-9C65-61EDC0E4D583}) (Version: 3.7.6657.0 – Python Software Foundation)

Realtek Ethernet Controller Driver (HKLM-x32…{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 – Realtek)

Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 – Realtek Semiconductor Corp.)

Rustangelo PRO (HKLM-x32…{51F87064-E2FC-488C-83BA-217BB6D34BB8}) (Version: 2.4.4000 – JaviteSoft)

Samsung Data Migration (HKLM-x32…{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 – Samsung)

Samsung Magician (HKLM-x32…{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 – Samsung Electronics)

Sandboxie 5.40.2 (64-bit) (HKLM…Sandboxie) (Version: 5.40.2 – Sandboxie Holdings, LLC)

screenSHU – the fastest screen capture ever. (HKLM-x32…screenSHU) (Version:  – )

Skype™ 7.32 (HKLM-x32…{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 – Skype Technologies S.A.)

Speccy (HKLM…Speccy) (Version: 1.32 – Piriform)

Speedtest by Ookla (HKLM…{9CC33E6C-8EF8-4CE3-A874-D5B18966A73F}) (Version: 1.0.14.001 – Ookla)

Spotify (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…Spotify) (Version: 1.1.12.451.gdb77255f – Spotify AB)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

TAP-Windows 9.21.2 (HKLM…TAP-Windows) (Version: 9.21.2 – )

TeamSpeak 3 Client (HKLM…TeamSpeak 3 Client) (Version: 3.1.0 – TeamSpeak Systems GmbH)

TP-LINK Archer T2U_T2UH Driver (HKLM-x32…{95EF5DBB-C2DA-48AF-93B4-533333227486}) (Version: 1.3.1 – TP-LINK)

TP-LINK Wireless Configuration Utility (HKLM-x32…{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 – TP-LINK)

VBCABLE, The Virtual Audio Cable (HKLM…VB:VBCABLE {87459874-1236-4469}) (Version:  – VB-Audio Software)

VC80CRTRedist – 8.0.50727.6195 (HKLM-x32…{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 – DivX, Inc) Hidden

Vegas Pro 13.0 (64-bit) (HKLM…{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 – Sony)

Voicemeeter, The Virtual Mixing Console (HKLM-x32…VB:Voicemeeter {17359A74-1236-5467}) (Version:  – VB-Audio Software)

WinDirStat 1.1.2 (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…WinDirStat) (Version:  – )

Windows 10 Update Assistant (HKLM-x32…{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23072 – Microsoft Corporation)

WizTree v3.36 (HKLM…WizTree_is1) (Version: 3.36 – Antibody Software)

World of Warcraft Classic Era (HKLM-x32…World of Warcraft Classic Era) (Version:  – Blizzard Entertainment)

YTD Video Downloader 5.9.10 (HKLM-x32…{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.10 – GreenTree Applications SRL) <==== ATTENTION

YTD Video Downloader 5.9.18 (HKLM…{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.18 – GreenTree Applications SRL) <==== ATTENTION

Zoom (HKUS-1-5-21-1132999665-2204580135-1040923842-1000…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)

 

Packages:

=========

Microsoft Advertising SDK for JavaScript -> C:Program FilesWindowsAppsMicrosoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2020-12-18] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for JavaScript -> C:Program FilesWindowsAppsMicrosoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2020-12-18] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-26] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-26] (Microsoft Corporation) [MS Ad]

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-27] (NVIDIA Corp.)

Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-12] (Microsoft Corporation)

Sound Recorder App -> C:Program FilesWindowsApps61083ApeApps.SoundRecorderApp_2.7.0.0_x64__d2yynfvsn01f4 [2020-12-18] (Ape Apps) [MS Ad]

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKUS-1-5-21-1132999665-2204580135-1040923842-1000_ClassesCLSID{04271989-C4D2-D4A5-8573-03D61D683B37} -> [OneDrive – Eduwarszawa] => C:UsersH.P LovecraftOneDrive – Eduwarszawa [2020-10-22 12:10]

CustomCLSID: HKUS-1-5-21-1132999665-2204580135-1040923842-1000_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:UsersH.P LovecraftAppDataLocalMicrosoftTeamsMeetingAddin1.0.20339.4x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-1132999665-2204580135-1040923842-1000_ClassesCLSID{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}InprocServer32 -> C:UsersH.P LovecraftAppDataLocalMicrosoftTeamsMeetingAddin1.0.20244.4x64Microsoft.Teams.AddinLoader.dll => No File

CustomCLSID: HKUS-1-5-21-1132999665-2204580135-1040923842-1000_ClassesCLSID{D45F043D-F17F-4e8a-8435-70971D9FA46D}InprocServer32 -> C:Program FilesBlender FoundationBlenderBlendThumb64.dll () [File not signed]

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program FilesNotepad++NppShell_06.dll [2019-05-19] (Notepad++ -> )

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:Program Files (x86)AviraAntivirusshlext64.dll [2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:Program Files (x86)AviraSystem SpeedupAvira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:Program Files (x86)AviraSystem SpeedupAvira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WINDOWSsystem32igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_1c83a5d7cffd7bffnvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:Program Files (x86)AviraSystem SpeedupAvira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:Program Files (x86)AviraAntivirusshlext64.dll [2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:UsersH.P LovecraftAppDataRoamingMicrosoftWindowsStart MenuProgramsNode.jsNode.js command prompt.lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> /k “C:Program Files (x86)nodejsnodevars.bat”

 

==================== Loaded Modules (Whitelisted) =============

 

2017-02-16 01:26 – 2016-10-04 16:51 – 000076800 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll

2013-08-07 15:24 – 2013-08-07 15:24 – 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:Program FilesIntelIntel® Rapid Storage TechnologyPsiData.dll

2013-08-07 15:24 – 2013-08-07 15:24 – 000514048 _____ (Intel Corporation) [File not signed] C:Program FilesIntelIntel® Rapid Storage TechnologyISDI2.dll

2020-10-02 01:29 – 2020-12-11 17:29 – 006159480 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program FilesGenshin ImpactQt5Core.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalamsdk.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkamsdk.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16OCHelper.dll [2021-10-04] (Microsoft Corporation -> Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program FilesJavajre1.8.0_151binssv.dll [2018-01-12] (Oracle America, Inc. -> Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program FilesJavajre1.8.0_151binjp2ssv.dll [2018-01-12] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre1.8.0_151binssv.dll [2018-01-12] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre1.8.0_151binjp2ssv.dll [2018-01-12] (Oracle America, Inc. -> Oracle Corporation)

Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-10-04] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-10-04] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-10-04] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-10-04] (Microsoft Corporation -> Microsoft Corporation)

Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} –  No File

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKUS-1-5-21-1132999665-2204580135-1040923842-1000…sharepoint.com -> hxxps://eduwarszawa-files.sharepoint.com

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:34 – 2020-09-07 22:21 – 000000855 _____ C:WINDOWSsystem32driversetchosts

127.0.0.1       localhost

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)InteliCLS Client;C:Program FilesInteliCLS Client;C:ProgramDataOracleJavajavapath;C:Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:WindowsSystem32WindowsPowerShellv1.0;C:Program Files (x86)NVIDIA CorporationPhysXCommon;C:Program Files (x86)SkypePhone;C:Program FilesIntelIntel® Management Engine ComponentsDAL;C:Program FilesIntelIntel® Management Engine ComponentsIPT;C:Program Files (x86)IntelIntel® Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel® Management Engine ComponentsIPT;C:Program FilesMicrosoft SQL Server120ToolsBinn;C:Program FilesMicrosoft SQL Server130ToolsBinn;C:Program FilesNVIDIA CorporationNVIDIA NvDLISR;C:Program Files (x86)nodejs;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH

HKUS-1-5-21-1132999665-2204580135-1040923842-1000Control PanelDesktop\Wallpaper -> C:UsersH.P LovecraftAppDataLocalPackagesMicrosoft.Windows.Photos_8wekyb3d8bbweLocalStatePhotosAppBackgroundthumb-1920-278051.jpg

DNS Servers: 8.8.8.8 – 8.8.4.4

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Warn)

HKLMsoftwaremicrosoftWindowsCurrentVersionTelephonyProviders => ProviderFileName2 -> ndptsp.tsp (No File)

Windows Firewall is enabled.

 

Network Binding:

=============

Połączenie lokalne 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

Local Area Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

Połączenie lokalne: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

Połączenie lokalne 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

MSCONFIGServices: rpcapd => 3

MSCONFIGServices: WSearch => 2

MSCONFIGServices: wtfast.Service => 2

MSCONFIGstartupreg: CCleaner Smart Cleaning => “C:Program FilesCCleanerCCleaner64.exe” /MONITOR

MSCONFIGstartupreg: screenSHU => “C:Program Files (x86)screenSHUscreenSHU.exe” –hidden

HKLM…StartupApprovedRun32: => “Opera Browser Assistant”

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…StartupApprovedRun: => “CCleaner Smart Cleaning”

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…StartupApprovedRun: => “SandboxieControl”

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…StartupApprovedRun: => “OneDrive”

HKUS-1-5-21-1132999665-2204580135-1040923842-1000…StartupApprovedRun: => “com.squirrel.Teams.Teams”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{2E2F181C-C0BC-4423-886C-9DB92FC578B3}] => (Block) C:program filesldplayerboxldvboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)

FirewallRules: [{5CA4888C-E601-4943-B0FF-653839C9C864}] => (Block) C:program filesldplayerboxldvboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)

FirewallRules: [UDP Query User{88CDBBEC-8572-4203-938D-E1B34EDE49B0}C:program filesldplayerboxldvboxheadless.exe] => (Allow) C:program filesldplayerboxldvboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)

FirewallRules: [TCP Query User{96DA8900-E51C-43E7-A021-9B59F73E0ABE}C:program filesldplayerboxldvboxheadless.exe] => (Allow) C:program filesldplayerboxldvboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)

FirewallRules: [{04F7A418-261B-4387-9D5E-6FD290EFEA98}] => (Block) LPort=20048

FirewallRules: [{87C2978F-D526-462E-BA6F-3B4D61F7A683}] => (Block) LPort=14667

FirewallRules: [{102A9DD3-190B-47C7-BC56-E42B0FAD17B2}] => (Block) LPort=6042

FirewallRules: [{64999821-D71D-4285-BCC7-4F1FE31A61FF}] => (Block) LPort=3127

FirewallRules: [{52FA3473-1158-4D1E-A337-B2260A7B8BA9}] => (Block) LPort=9998

FirewallRules: [{01A79D95-E9D8-4188-ABDD-BC2140D9E39F}] => (Block) LPort=9999

FirewallRules: [{2CE43088-EE53-41B0-9ADF-0F1DBB3718A8}] => (Block) LPort=3128

FirewallRules: [{BFAB87BB-C1E3-4210-8C1E-98CFE35AFF4D}] => (Block) LPort=2049

FirewallRules: [{08EBC9BD-6914-4F4D-A075-D7FD8976E30C}] => (Allow) C:UsersH.P LovecraftAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{10C504F8-B3D3-433A-BB91-5B5D879D9503}] => (Block) C:program files (x86)videolanvlcvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [{193E5DA3-AB00-4843-ADA0-2E7F466BBE97}] => (Block) C:program files (x86)videolanvlcvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [UDP Query User{B20D98C7-D891-420D-B0D5-5F246F46B80D}C:program files (x86)videolanvlcvlc.exe] => (Allow) C:program files (x86)videolanvlcvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [TCP Query User{0298D66C-CDE9-4DD7-AC6D-14B3C893B345}C:program files (x86)videolanvlcvlc.exe] => (Allow) C:program files (x86)videolanvlcvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [{F305914A-D5F0-4863-88D0-68712E23071D}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginelauncher.exe (Skutta, Kristjan -> )

FirewallRules: [{B1A32A32-1A66-499F-9E12-CB92FC4E364D}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginelauncher.exe (Skutta, Kristjan -> )

FirewallRules: [{0859FF5B-B48E-4F36-9F93-D0D2BA3194F7}] => (Block) C:riot gamesleague of legendsgameleague of legends.exe (Riot Games, Inc. -> )

FirewallRules: [{32365541-232B-42DF-B334-4D08014D2BDD}] => (Block) C:riot gamesleague of legendsgameleague of legends.exe (Riot Games, Inc. -> )

FirewallRules: [UDP Query User{8104AA7A-8007-4A04-98A5-9ECF65F5BF60}C:riot gamesleague of legendsgameleague of legends.exe] => (Allow) C:riot gamesleague of legendsgameleague of legends.exe (Riot Games, Inc. -> )

FirewallRules: [TCP Query User{1E5B463D-E58D-466D-B9A3-586534ECD408}C:riot gamesleague of legendsgameleague of legends.exe] => (Allow) C:riot gamesleague of legendsgameleague of legends.exe (Riot Games, Inc. -> )

FirewallRules: [{0BE59955-DF2C-481A-8202-4953D3578EA1}] => (Allow) C:UsersH.P LovecraftAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [{DA537B19-82CB-42E8-999F-535A6961439E}] => (Allow) C:UsersH.P LovecraftAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [{04482760-2BA3-4358-B0BB-57712DEA9945}] => (Allow) C:UsersH.P LovecraftAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [{9EF1C7EC-A1E5-4077-BAA6-1B7331ABC9E4}] => (Allow) C:UsersH.P LovecraftAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [{A59EE6F3-DBD1-4296-80F8-AB3991FA2073}] => (Allow) C:UsersH.P LovecraftAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [{25BD396F-B51A-4370-9B39-21F8DBB43417}] => (Allow) C:UsersH.P LovecraftAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [{91AF054A-B72D-4907-8BCC-AB793B2E9209}] => (Allow) C:Program FilesNVIDIA CorporationNvContainerNvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{5ACA0F66-60CE-433B-8D29-1715177075D1}] => (Allow) C:Program FilesNVIDIA CorporationNvContainerNvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{77390BDD-E5B4-4E59-8136-7210E2307709}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{1BFD88B1-85FA-4C68-B3D4-12E37B3F3250}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{33D994BE-F307-4B78-9A37-D1B91AF66BB0}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{EAD46CDD-E0AA-41DD-A23A-8A8453E7C95D}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{1FC4A939-0AF7-499A-9D76-6E0CE85F0BA7}] => (Allow) C:Program Files (x86)SkypePhoneSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{02E0C06C-279A-46AE-953D-898C2C304D96}] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{FAEE84C5-056A-4D77-9430-03033A08AD90}] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{2CE9B9A2-07CB-40A6-B61B-98C8A7073AA4}] => (Allow) C:Program FilesOpenVPNbinopenvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)

FirewallRules: [{8BE30677-8F71-443C-80CA-9F8890FDAD7C}] => (Allow) C:Program FilesOpenVPNbinopenvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)

FirewallRules: [{3DDB6A7E-0D14-421C-A9E2-DB00932FAEFA}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{C296A920-D1A8-4EBF-AD66-B7995414125B}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{F65CCBEC-319A-49BE-93F0-DD3BB73CB909}] => (Allow) C:Program FilesHPHP LaserJet M101-M106binEWSProxy.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{DD4CB67C-7FD7-4B19-80B2-FC25DF88AC26}] => (Allow) C:Program FilesHPHP LaserJet M101-M106BinDeviceSetup.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{45C45941-E65B-455F-896F-4FB47F4AA921}] => (Allow) LPort=5357

FirewallRules: [{ACDB6263-4930-4592-BEBB-D2E6CCEE3822}] => (Allow) C:Program FilesHPHP LaserJet M101-M106BinHPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{400FD3FD-6C84-4A19-85BD-5BF26CCE97C1}] => (Allow) C:Program FilesCCleanerCCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{7F57A293-827E-4A18-8906-454D4B9960AB}] => (Allow) C:Program FilesCCleanerCCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{8933111D-3E2F-4EDB-8B1E-F25E416323E6}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{9262E567-B117-42A0-9D8C-20C3E530168C}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [TCP Query User{51D661E8-7457-4BF7-8437-CDC2EC056264}C:program filesopenshot video editorlaunch.exe] => (Allow) C:program filesopenshot video editorlaunch.exe () [File not signed]

FirewallRules: [UDP Query User{50EC1C89-AC85-4A28-991A-1F90B405A0BC}C:program filesopenshot video editorlaunch.exe] => (Allow) C:program filesopenshot video editorlaunch.exe () [File not signed]

FirewallRules: [TCP Query User{BA2D7EFB-590B-47D6-BB37-B0A6FF8B3B31}C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Allow) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe

FirewallRules: [UDP Query User{A46E90DF-2E50-4450-9112-E8F61D74213D}C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Allow) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe

FirewallRules: [{F6BB15EA-FC79-43B6-9A72-F67FA53D50D2}] => (Allow) C:Program FilesDriversCloud.comDriversCloud.exe (CYBELSOFT -> CybelSoft)

FirewallRules: [{ED6BCEC9-2CFD-40C3-AD66-D49F60F80475}] => (Allow) C:Program FilesDriversCloud.comDriversCloud.exe (CYBELSOFT -> CybelSoft)

FirewallRules: [TCP Query User{331A63C2-F7E6-4D5D-BB73-F555FBF242D8}C:usersh.p lovecraftappdataroamingspotifyspotify.exe] => (Allow) C:usersh.p lovecraftappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{ED81D7A1-1D6E-4E69-B349-A2B2AD6571BA}C:usersh.p lovecraftappdataroamingspotifyspotify.exe] => (Allow) C:usersh.p lovecraftappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [TCP Query User{98DAA691-FB8A-43F6-900C-E5772D936CDE}C:usersh.p lovecraftappdataroamingspotifyspotify.exe] => (Allow) C:usersh.p lovecraftappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{9E319A30-270D-44CC-8AE8-CC67A5A66BF0}C:usersh.p lovecraftappdataroamingspotifyspotify.exe] => (Allow) C:usersh.p lovecraftappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{FCD9AFDE-CD4C-4A37-BAD9-277DD09CAD00}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginebindiagnostics32.exe (Kristjan Skutta -> )

FirewallRules: [{BDB7482F-8B16-4E7D-82F6-A4E2FF667516}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginebindiagnostics32.exe (Kristjan Skutta -> )

FirewallRules: [{15F04029-5E7E-4B63-AE2F-07FBB46DCC69}] => (Allow) C:Program Files (x86)SteamsteamappscommonPath of ExilePathOfExileSteam.exe (Grinding Gear Games Limited -> )

FirewallRules: [{C8F159AB-A721-42F1-8868-F34632613B72}] => (Allow) C:Program Files (x86)SteamsteamappscommonPath of ExilePathOfExileSteam.exe (Grinding Gear Games Limited -> )

FirewallRules: [TCP Query User{76E88CCB-CF10-4597-A891-A7189E561CC0}C:usersh.p lovecraftappdatalocalmicrosoftteamscurrentteams.exe] => (Allow) C:usersh.p lovecraftappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [UDP Query User{4689A9D2-F37D-4904-B51E-59CFEF1FA133}C:usersh.p lovecraftappdatalocalmicrosoftteamscurrentteams.exe] => (Allow) C:usersh.p lovecraftappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{D0B05F09-34E5-433F-AEE7-EF39173D3AEC}] => (Block) C:usersh.p lovecraftappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{50D33D9F-D971-4CB4-ABDB-80968AA25424}] => (Block) C:usersh.p lovecraftappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{9AF862C4-D70C-4214-A98A-5AF535860947}] => (Allow) C:Program Files (x86)SteamsteamappscommonRustRust.exe (Facepunch Studios Ltd -> Epic Games, Inc)

FirewallRules: [{358C0999-A0CE-4177-862A-CBBF3951391B}] => (Allow) C:Program Files (x86)SteamsteamappscommonRustRust.exe (Facepunch Studios Ltd -> Epic Games, Inc)

FirewallRules: [{AB47AD79-23FA-4EBE-B54B-021E792F51AA}] => (Allow) C:Program Files (x86)GlassWireGWCtlSrv.exe (GlassWire -> SecureMix LLC)

FirewallRules: [{AB5DA011-D5FF-4478-A5D4-789F8D955B57}] => (Allow) C:Program Files (x86)GlassWireGWCtlSrv.exe (GlassWire -> SecureMix LLC)

FirewallRules: [{A55BF121-1D39-44CC-BE33-C38B18E31F08}] => (Allow) C:Program Files (x86)SquareEnixFINAL FANTASY XIV – A Realm Rebornbootffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)

FirewallRules: [{DDBB5725-5C9C-4AE8-82CA-D064148C355A}] => (Allow) C:Program Files (x86)SquareEnixFINAL FANTASY XIV – A Realm Rebornbootffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)

FirewallRules: [{1CB83DD8-1EEA-4744-B2CE-00503D0784F3}] => (Allow) C:Program Files (x86)SquareEnixFINAL FANTASY XIV – A Realm Rebornbootffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)

FirewallRules: [{4883412E-9135-423E-8B6E-E40154030D82}] => (Allow) C:Program Files (x86)SquareEnixFINAL FANTASY XIV – A Realm Rebornbootffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)

FirewallRules: [TCP Query User{794DA658-5CC4-4078-81FA-1108B0455C20}C:program filesgenshin impactgenshin impact gamegenshinimpact.exe] => (Allow) C:program filesgenshin impactgenshin impact gamegenshinimpact.exe (miHoYo Co.,Ltd. -> )

FirewallRules: [UDP Query User{22C331BF-41BB-41D1-BAD4-91950D7999AC}C:program filesgenshin impactgenshin impact gamegenshinimpact.exe] => (Allow) C:program filesgenshin impactgenshin impact gamegenshinimpact.exe (miHoYo Co.,Ltd. -> )

FirewallRules: [{de1e351d-d0af-434f-9ab7-9c2efb0c3d14}] => (Allow) C:Program FilesldplayerboxLdVBoxHeadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)

FirewallRules: [{2E486553-66FE-4E1F-8A47-62476CCD055E}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{1C677F68-F28D-473E-B635-55B969CBE507}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{03880F11-1155-4769-BCB7-EDB852C381DE}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{48BE3E69-0EB9-4E81-B39C-694BB69C6A93}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{2E4CE564-CB16-4C52-BFDF-73157546617A}] => (Allow) C:Program FilesOpera78.0.4093.231opera.exe (Opera Software AS -> Opera Software)

FirewallRules: [{6E54899A-99B0-4945-B93F-282435693233}] => (Allow) C:Program FilesOpera79.0.4143.50opera.exe (Opera Software AS -> Opera Software)

FirewallRules: [{FCDA669E-9AFD-4486-A8C3-ECBC2C42DAE2}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{E362E741-6B55-4DE2-A36D-50125F6B14F7}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginebindiagnostics32.exe (Kristjan Skutta -> )

FirewallRules: [{A0D648F2-D385-49CA-A5E9-42C3AC7C8313}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginebindiagnostics32.exe (Kristjan Skutta -> )

FirewallRules: [{A326F920-D317-4EA8-9BB7-609F3FFAFBB4}] => (Block) C:Program Files (x86)AviraSoftwareUpdateravirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

FirewallRules: [{7ECA9A76-C101-4870-A5D6-A0300FAA973A}] => (Allow) C:Program Files (x86)AviraSoftwareUpdateravirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

FirewallRules: [{A8E18534-B757-4F4A-98A3-09C17D12DD12}] => (Allow) C:Program Files (x86)AviraSoftwareUpdateravirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

FirewallRules: [{E75D8F6F-CD5C-499A-AE14-E9827D3CAFD1}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

 

==================== Restore Points =========================

 

12-09-2021 02:50:58 Scheduled Checkpoint

16-09-2021 22:21:01 Windows Modules Installer

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (10/05/2021 11:15:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn’t complete re-trim on (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (10/05/2021 11:15:49 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn’t complete re-trim on (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (10/05/2021 11:15:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn’t complete re-trim on Zastrzeżone przez system (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (10/04/2021 11:24:36 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LdVBoxHeadless.exe, version: 5.2.30.30462, time stamp: 0x60d58d59

Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac

Exception code: 0xc0000005

Fault offset: 0x0000000000015225

Faulting process id: 0x27dc

Faulting application start time: 0x01d7b8fbb5238cff

Faulting application path: C:Program FilesldplayerboxLdVBoxHeadless.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 90b5c854-8a0e-4921-90f1-0a31eb8198d0

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (10/04/2021 12:57:47 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn’t complete re-trim on Zastrzeżone przez system (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (10/03/2021 10:28:59 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)

Description: Windows cannot load the extensible counter DLL “C:WINDOWSsystem32sysmain.dll” (Win32 error code 126).

 

Error: (10/02/2021 01:53:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LdVBoxHeadless.exe, version: 5.2.30.30462, time stamp: 0x60d58d59

Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac

Exception code: 0xc0000005

Fault offset: 0x0000000000015232

Faulting process id: 0x50c

Faulting application start time: 0x01d7b76c756527e7

Faulting application path: C:Program FilesldplayerboxLdVBoxHeadless.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: df584f0d-6bd8-478d-baad-d8ba2da21e44

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (10/02/2021 12:06:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LdVBoxHeadless.exe, version: 5.2.30.30462, time stamp: 0x60d58d59

Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac

Exception code: 0xc0000005

Fault offset: 0x0000000000015232

Faulting process id: 0x47c

Faulting application start time: 0x01d7b76c14c0302c

Faulting application path: C:Program FilesldplayerboxLdVBoxHeadless.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 072d3529-5fca-461d-acf1-1d979f308dc0

Faulting package full name: 

Faulting package-relative application ID:

 

 

System errors:

=============

Error: (10/05/2021 11:10:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Avira Security Updater service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

Error: (10/05/2021 11:10:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Security Updater service to connect.

 

Error: (10/05/2021 11:10:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Avira Security Updater service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

Error: (10/05/2021 11:10:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Security Updater service to connect.

 

Error: (10/05/2021 11:10:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Avira Security Updater service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

Error: (10/05/2021 11:10:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Security Updater service to connect.

 

Error: (10/05/2021 11:10:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Avira Security Updater service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

Error: (10/05/2021 11:10:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Security Updater service to connect.

 

 

Windows Defender:

================

Date: 2020-11-07 17:23:27

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2020-11-05 22:40:19

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2020-11-05 14:06:48

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2020-11-05 14:06:46

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2020-11-04 12:29:16

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan



CodeIntegrity:

===============

Date: 2021-09-19 01:18:25

Description: 

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSysWOW64BioCredProv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2021-09-19 01:18:24

Description: 

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSysWOW64edpnotify.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2021-09-19 01:18:16

Description: 

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. F1 09/24/2013

Motherboard: Gigabyte Technology Co., Ltd. Z87-DS3H

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz

Percentage of memory in use: 53%

Total physical RAM: 16267.84 MB

Available physical RAM: 7514.66 MB

Total Virtual: 40843.84 MB

Available Virtual: 27030.3 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:464.73 GB) (Free:133.63 GB) NTFS

Drive d: () (Fixed) (Total:464.71 GB) (Free:217.05 GB) NTFS

Drive f: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive g: () (Fixed) (Total:466.26 GB) (Free:56.02 GB) NTFS

 

\?Volume{fcb4a243-0000-0000-0000-100000000000} () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS

\?Volume{641a5b47-f3c3-11e6-9e71-806e6f6e6963} () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS

\?Volume{fcb4a243-0000-0000-0000-f04d74000000} () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 92ADE5D2)

Partition 1: (Active) – (Size=100 MB) – (Type=07 NTFS)

Partition 2: (Not Active) – (Size=466.3 GB) – (Type=07 NTFS)

Partition 3: (Not Active) – (Size=450 MB) – (Type=27)

Partition 4: (Not Active) – (Size=464.7 GB) – (Type=07 NTFS)

 

==========================================================

Disk: 1 (Size: 465.8 GB) (Disk ID: FCB4A243)

Partition 1: (Active) – (Size=500 MB) – (Type=07 NTFS)

Partition 2: (Not Active) – (Size=464.7 GB) – (Type=07 NTFS)

Partition 3: (Not Active) – (Size=556 MB) – (Type=27)

 

==================== End of Addition.txt =======================

 

News

Covid deaths: 1,438 get aid in city | Ahmedabad News

Published

on

Ahmedabad: The district collector office has so far disbursed the Covid death aid of Rs 50,000 to 1,438 families in the past five days. The similar number of applications are already under process, said authorities. In all, Ahmedabad city has 3,319 recorded deaths and district 93.
Sandip Sagale, Ahmedabad collector, said that the process is expedited, and they are working on the details collected by teams. TNN

FacebookTwitterLinkedinEMail

Continue Reading

News

Where Is the ‘Facts of Life’ Cast Now? The Show Is Being Recreated Live

Published

on

Charlotte had been acting consistently in various roles before and after her time on The Facts of Life. According to IMDb, her most recent project was in 2015, but her career goes back to the early 1950s. Over the years, she played various roles in All in the Family, Pretty Little Liars, 101 Dalmations, and more.

Unfortunately, Charlotte passed away at 92 years old in her L.A. home in 2018. According to The L.A. Times, she had been diagnosed with bone cancer in 2017.

Continue Reading

News

School of Chocolate season 2 release date updates, renewal, cast and more

Published

on

School of Chocolate, the Netflix original baking competition, premiered on Black Friday.

The series led by world famous chocolatier, Chef Amaury Guichon, pit eight contestants against each other in a competition that paired the deliciousness of pastries and chocolate with the artistry of skilled engineering and sculpting.

Unlike many of the reality cooking and baking contests on the platform, School of Chocolate doubled as a learning environment for the chefs participating in the show. Instead of being eliminated one by one each episode, they continued to sharpen their skills until two of them went head-to-head in the finale.

The competition’s Best in Class throw down could only produce one winner and, if you’ve seen the season, it came as no surprise who took home the coveted title and the 50,000 dollar grand prize.

If you’re a fan of this series then we know you have your mind on School of Chocolate season 2. Here’s what we know about the baking contest’s future!

How many seasons of School of Chocolate are there?

There’s currently one season of the competition on Netflix.

Will there be a second season of School of Chocolate?

A renewal announcement has yet to be released. However, in season 1’s finale episode, Chef Guichon popped a bottle of bubbly and said, “And this concludes the first School of Chocolate,” which suggests the show isn’t meant to be a limited series and a second season isn’t out of the question.

School of Chocolate season 2 cast

As School of Chocolate is Chef Guichon’s show, he’ll make a return in a potential season 2. His assistants Carolyn and Devin likely will, too. The cast is sure to be a new set of experienced pastry chefs and chocolatiers.

School of Chocolate season 2 synopsis

A sophomore season of the competition will likely follow the same direction as the first. Chefs will go head-to-head in pastry and chocolate showpiece challenges modeled after the techniques and methods Chef Guichon teaches them in the episode.

The two lowest scoring chefs in the pastry challenge will sit out of the chocolate showpiece battle. While they will earn a one-on-one tutorial with Guichon, it also means they’re standing at the School of Chocolate is in jeopardy.

By the end of the season, a new Best in Class will be chosen.

School of Chocolate season 2 release date predictions

If School of Chocolate is renewed for a second season, we’ll see the show’s return in 2022. Without a renewal, we can’t determine when that could be, but it may continue to be a seasonal release on the streamer around Thanksgiving.

The show lends itself well to Netflix’s holiday programming and if it gets a Christmas spin in season 2, it’ll be a perfect fit. We’ll keep you posted on renewal news. Stay tuned to Netflix Life!

Continue Reading

Trending