Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022 Ran by Dan (24-04-2022 22:53:08) Running from C:\Users\Dan\Documents Microsoft Windows 10 Education Version 21H1 19043.1645 (X64) (2021-05-16 21:56:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2582668551-3615273048-1737077342-500 - Administrator - Disabled) Dan (S-1-5-21-2582668551-3615273048-1737077342-1001 - Administrator - Enabled) => C:\Users\Dan Gość (S-1-5-21-2582668551-3615273048-1737077342-501 - Limited - Disabled) Konto domyślne (S-1-5-21-2582668551-3615273048-1737077342-503 - Limited - Disabled) nx (S-1-5-21-2582668551-3615273048-1737077342-1002 - Administrator - Enabled) => C:\Users\nx share (S-1-5-21-2582668551-3615273048-1737077342-1006 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-2582668551-3615273048-1737077342-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 21.02 alpha (x64) (HKLM\...\7-Zip) (Version: 21.02 alpha - Igor Pavlov) Ableton Live 11 Trial (HKLM\...\{49100AF6-FA9B-4823-A3FE-1BEA0EFECECE}) (Version: 11.0.0.0 - Ableton) Hidden Ableton Live 11 Trial (HKLM-x32\...\{fc31163c-2a1d-4d66-a88b-64f71832335b}) (Version: 11.0.0.0 - Ableton) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.7.0.1307 - Adobe Inc.) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.) Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_3_1) (Version: 23.3.1.426 - Adobe Inc.) Adobe Premiere Rush (HKLM-x32\...\RUSH_2_3) (Version: 2.3 - Adobe Inc.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.3.2 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden AOC G-Menu (HKLM\...\{177B7213-4D12-49AD-9746-C532580D6D52}) (Version: 1.2.003 - Portrait Displays, Inc.) AOC G-Tools version 1.1.3.2 (HKLM\...\AOC G-Tools_is1) (Version: 1.1.3.2 - ) Apex Legends Tracker (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\Overwolf_eobgllocdoafbamifhbngdafgpcognhcpkjlokak) (Version: 1.5.10 - Overwolf app) Authy Desktop (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\authy) (Version: 1.9.0 - Twilio Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bloody7 (HKLM-x32\...\Bloody3) (Version: 21.07.0005 - Bloody) BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.5.100.1040 - BlueStack Systems, Inc.) BlueStacks X (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\BlueStacks X) (Version: 0.13.2.5 - BlueStack Systems, Inc.) Branding64 (HKLM\...\{2AF42320-5ECF-4BCA-B756-8F3677262D55}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden Discord (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.) Epic Games Launcher (HKLM-x32\...\{B0835288-9678-47F2-82E4-0946F566C34E}) (Version: 1.2.35.0 - Epic Games, Inc.) Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) Exodus (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\exodus) (Version: 21.11.19 - Exodus Movement Inc) Ext2Fsd 0.69 (HKLM\...\Ext2Fsd_is1) (Version: 0.69 - Matt Wu) Figma (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\Figma) (Version: 107.1.0 - Figma, Inc.) Figma Agent (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\FigmaAgent) (Version: 108.1.0 - Figma, Inc.) FileZilla Client 3.56.0 (HKLM-x32\...\FileZilla Client) (Version: 3.56.0 - Tim Kosse) Git (HKLM\...\Git_is1) (Version: 2.34.0 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC) IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.1 - IBM Corp) IntelliJ IDEA 2019.2.4 (HKLM-x32\...\IntelliJ IDEA 2019.2.4) (Version: 192.7142.36 - JetBrains s.r.o.) Joplin 1.7.11 (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\499c114e-8890-5040-9c02-24abe7d3ebe9) (Version: 1.7.11 - Laurent Cozic) LastPass (HKLM-x32\...\{1180FA7F-B0F0-4D4C-B5FF-7418E1B2911A}) (Version: 4.93.0.2467 - GoTo Group, Inc.) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2022.4.250563 - Logitech) Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.50 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\OneDriveSetup.exe) (Version: 22.065.0412.0004 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.66.0 - Microsoft Corporation) Monero GUI Wallet version 0.17.3.1 (HKLM\...\Monero GUI Wallet_is1) (Version: 0.17.3.1 - The Monero Developer Community) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 95.0 (x64 en-US)) (Version: 95.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0 - Mozilla) MSI Afterburner 4.6.4 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.4 Beta 3 - MSI Co., LTD) NoMachine (HKLM-x32\...\NoMachine_is1) (Version: 7.6.2 - NoMachine S.a.r.l.) NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.36.6.0 - TEFINCOM S.A.) NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN) NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN) NVM for Windows 1.1.7 (HKLM\...\40078385-F676-4C61-9A9C-F9028599D6D3_is1) (Version: 1.1.7 - Ecor Ventures LLC) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project) Obsidian (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\bd400747-f0c1-5638-a859-982036102edf) (Version: 0.12.15 - Obsidian) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.195.0.17 - Overwolf Ltd.) PS Activator (HKLM\...\PSACTIVATOR) (Version: 4.9.0.0 - Predictive Solutions Sp. z o. o.) PS Desktop (HKLM\...\PSDESKTOP) (Version: 1.9.0.0 - Predictive Solutions Sp. z o. o.) PS IMAGO PRO (HKLM\...\PSIMAGOPRO) (Version: 6.0.0.0 - Predictive Solutions Sp. z o. o.) Python 3.10.4 (64-bit) (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\{20ae9c9d-53ff-44e7-973b-efb518e01971}) (Version: 3.10.4150.0 - Python Software Foundation) Python 3.10.4 Add to Path (64-bit) (HKLM\...\{51D88D9C-47E1-45C7-992C-3AF1AD91BF5F}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden Python 3.10.4 Core Interpreter (64-bit) (HKLM\...\{12BDD20C-1666-463B-B473-3473B4BB97A7}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden Python 3.10.4 Development Libraries (64-bit) (HKLM\...\{5A092BC3-DC8C-4B40-871A-D50F71058449}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden Python 3.10.4 Documentation (64-bit) (HKLM\...\{E2B8DCDD-2047-44A2-ADC7-E526084777B4}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden Python 3.10.4 Executables (64-bit) (HKLM\...\{FBCE87D2-C7FC-47AB-B870-A0613A081CFD}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden Python 3.10.4 pip Bootstrap (64-bit) (HKLM\...\{0707FD0B-C82B-4730-8967-D6C3003BCAE0}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden Python 3.10.4 Standard Library (64-bit) (HKLM\...\{FFF8FCBE-5551-4DB2-8828-D2FE463981E2}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden Python 3.10.4 Tcl/Tk Support (64-bit) (HKLM\...\{E22FBFCD-7312-4CED-BE8C-B8CB8D4EADCA}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden Python 3.10.4 Utility Scripts (64-bit) (HKLM\...\{7CBB42A3-C12B-413C-AA93-65DA4C31D421}) (Version: 3.10.4150.0 - Python Software Foundation) Hidden qBittorrent 4.3.8 (HKLM-x32\...\qBittorrent) (Version: 4.3.8 - The qBittorrent project) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9257.1 - Realtek Semiconductor Corp.) RescueTime 2.16.8.2 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com) RivaTuner Statistics Server 7.3.2 Beta 2 (HKLM-x32\...\RTSS) (Version: 7.3.2 Beta 2 - Unwinder) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.47.484 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games) RyzenMasterSDK (HKLM\...\{27555A81-EED9-4B96-8721-900AE920D662}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden Sapphire TRIXX 8.4.0 (HKLM-x32\...\{49272457-BEDE-4A3A-808F-7BBD4840E85B}_is1) (Version: 8.4.0 - Sapphire) Signal 5.25.0 (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.25.0 - Open Whisper Systems) Slack (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\slack) (Version: 4.25.2 - Slack Technologies Inc.) Spotify (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\Spotify) (Version: 1.1.83.956.gbe7ea9a7 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer (HKLM\...\TeamViewer) (Version: 15.25.8 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.45.0 - TechPowerUp) TheiaBlueprint 1.17.2 (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\8278baff-1a1c-5eb1-9d84-d0372d0070dc) (Version: 1.17.2 - Eclipse Theia) TVDownloader (HKLM-x32\...\TVDownloader) (Version: 1.19.0.c - XPloRR) UE Prerequisites (x64) (HKLM\...\{595B374E-CF48-4847-9A43-57DDF31FA0C5}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{932224d0-f414-4c86-b454-bfeaede3974c}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) WinDirStat 1.1.2 (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\WinDirStat) (Version: - ) Windows Subsystem for Linux Update (HKLM\...\{8D646799-DB00-4000-AE7A-756A05A4F1D8}) (Version: 5.4.72 - Microsoft Corporation) Zoom (HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-10-20] (Adobe Systems Incorporated) Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2022-04-24] (Adobe Systems Incorporated) Adobe XD -> C:\Program Files\WindowsApps\Adobe.XD_50.0.12.14_x64__pc75e8sa7ep4e [2022-04-24] (Adobe Inc.) AMD Link -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDLink_10.21.50009.0_x64__0a9344xs7nr4m [2022-04-02] (Advanced Micro Devices Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-22] (HP Inc.) LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.8.0.0_x64__sbg7naapqq8fj [2022-04-24] (LastPass) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-28] (Microsoft Studios) [MS Ad] Monitorian -> C:\Program Files\WindowsApps\10186emoacht.Monitorian_3.10.1.0_neutral__0q7myvhtpbc7w [2022-04-13] (emoacht) [Startup Task] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-28] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.30.258.0_x64__dt26b99r8h8gj [2022-01-04] (Realtek Semiconductor Corp) Ubuntu 20.04 on Windows -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu20.04onWindows_2004.2022.8.0_x64__79rhkp1fndgsc [2022-02-24] (Canonical Group Limited) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2582668551-3615273048-1737077342-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5C31BD0DDE64} -> [Creative Cloud Files] => C:\Users\Dan\Creative Cloud Files [2021-05-17 02:02] CustomCLSID: HKU\S-1-5-21-2582668551-3615273048-1737077342-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-2582668551-3615273048-1737077342-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-03-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-03-28] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-03-28] (Adobe Inc. -> ) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-05-06] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-03-28] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-19] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-05-06] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2022-04-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-05-06] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-03-28] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-19] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Dan\Desktop\Daniel (Osoba 1) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Dan\Desktop\Google Keep.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd ShortcutWithArgument: C:\Users\Dan\Desktop\SoundCloud.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eikjhbkpemdappjfcmdeeeamdpkgabmk ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Aparat (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 5" --app-id=hfhhnacclhffhdffklopdkcgdhifgngh ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Aparat (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=hfhhnacclhffhdffklopdkcgdhifgngh ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Aparat.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hfhhnacclhffhdffklopdkcgdhifgngh ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Authy.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 5" --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\BrowserStack Local.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 5" --app-id=mfiddfehmfdojjfdpfngagldgaaafcfo ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Chrome Apps & Extensions Developer Tool.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 5" --app-id=ohmmkhmmmpcnpikjeljgnaoabkaalbgc ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\drumbit (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mplpmdejoamenolpcojgegminhcnmibo ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\File System for Dropbox.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=hlffpaajmfllggclnjppbblobdhokjhe ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Floating for YouTube™ (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 5" --app-id=jjphmlaoffndcnecccgemfdaaoighkel ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Floating for YouTube™.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jjphmlaoffndcnecccgemfdaaoighkel ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Floating Video Player.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 5" --app-id=bnkfdgkccidbedkfoneaajldjgagjhib ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Google Keep.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Kreator aplikacji Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 5" --app-id=ighkikkfkalojiibipjigpccggljgdff ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\SoundCloud.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eikjhbkpemdappjfcmdeeeamdpkgabmk ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Text.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\TrackingTime _ Time Tracker.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=knailkjkjcfegledhjhcfacdngnicimb ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Daniel (Służbowy) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Daniel (Osoba 2) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4" ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Daniel (st.swps.edu.pl) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3" ==================== Loaded Modules (Whitelisted) ============= 2022-04-14 22:34 - 2022-04-14 22:34 - 000151040 _____ () [File not signed] \\?\C:\Program Files\LGHUB\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node 2021-09-19 23:47 - 2019-01-24 09:22 - 000114688 _____ () [File not signed] C:\AOC G-Tools App\EneEc.dll 2015-03-17 01:34 - 2015-03-17 01:34 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pl_pl\acrotray.pol 2022-01-12 01:53 - 2022-01-28 00:05 - 126964224 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll 2022-01-12 01:53 - 2021-11-17 13:38 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll 2022-01-12 01:53 - 2021-11-17 13:38 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll 2022-03-09 18:44 - 2022-03-09 18:44 - 018143744 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\avcodec-58.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2022-03-22 13:39 - 2022-03-22 13:39 - 000683520 _____ (Advanced Micro Devices) [File not signed] C:\Program Files\AMD\CNext\CNext\Device.dll 2022-03-22 13:39 - 2022-03-22 13:39 - 000065024 _____ (Advanced Micro Devices) [File not signed] C:\Program Files\AMD\CNext\CNext\Platform.dll 2022-04-02 02:46 - 2022-04-02 02:46 - 001764864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll 2017-09-04 23:15 - 2017-09-04 23:15 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\AMD\CNext\CNext\D3DCOMPILER_47.dll 2022-01-12 01:53 - 2022-01-28 00:05 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll 2021-04-21 02:29 - 2021-04-21 02:29 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2021-04-21 02:30 - 2021-04-21 02:30 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5336] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2022-04-11] (LogMeIn, Inc. -> LastPass) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2022-04-11] (LogMeIn, Inc. -> LastPass) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2022-04-11] (LogMeIn, Inc. -> LastPass) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2022-04-11] (LogMeIn, Inc. -> LastPass) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts 2021-05-17 02:30 - 2022-04-24 22:48 - 000000533 _____ C:\Windows\system32\drivers\etc\hosts.ics 172.28.128.1 DESKTOP-KPERUJC.mshome.net # 2027 4 5 23 20 48 22 260 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2582668551-3615273048-1737077342-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2582668551-3615273048-1737077342-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= vEthernet (Ethernet 2): NordVPN LightWeight Firewall -> NordLwf (enabled) vEthernet (Ethernet 3): NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) vEthernet (Ethernet): NordVPN LightWeight Firewall -> NordLwf (enabled) vEthernet (Wi-Fi): NordVPN LightWeight Firewall -> NordLwf (enabled) vEthernet (Default Switch): NordVPN LightWeight Firewall -> NordLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3767E384-E232-48BB-A234-6D90A5A2A6ED}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxplayer.bin (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{01239250-A61B-4C04-A0F4-B53919CDDC48}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxplayer.bin (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{EFA9CDDE-05C6-479C-95F3-71EF444EACFB}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxd.exe (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{A9C566AD-FCD2-4EDA-A9E5-0754E8D9D4E3}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxd.exe (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{9591547B-F787-4220-A7DB-EED9F8CBD161}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxserver.bin (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{03E331D6-BED4-43F9-ACAC-BFFCF211A023}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxserver.bin (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{06AE58D1-5097-42D6-BB22-D09EF340DD87}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxnode.bin (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{4F00DA8E-ACCE-4ABB-9028-80AEA710844E}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxnode.bin (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{1896B203-1326-4880-B921-763B61ED6E25}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxclient.bin (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [{FAB5BD5A-9B85-4903-BCF3-DF4AFA8D5399}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxclient.bin (NoMachine S.a.r.l. -> NoMachine) FirewallRules: [TCP Query User{174CA3CF-DBB5-453D-A49F-D4B3418938DC}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{C76481DF-DA6B-42AE-AA87-077958601D0A}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{CE341248-6AB3-4CD7-A253-55A9BCBB7616}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{8FE1D1A2-A569-4F66-8E17-153E7C229335}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{C6DCD359-E6F9-4EF5-85BF-352AF89598EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{BBF68A0B-BDA2-401A-B31F-A2C7923E9544}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{D395F007-7C08-433E-82D8-0125CEAD5932}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [{48B959E0-AAF0-4055-B9A5-C1C4075D9CEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [TCP Query User{33B8E58F-4BB1-4C41-B213-E876FB410D31}C:\users\dan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{672B6F8B-898B-40C3-B5C6-A70CA44F7309}C:\users\dan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{6892846C-BFEF-471C-B40A-4E1FD4B5B88B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mesa\bms.exe => No File FirewallRules: [{96475C58-DE32-43C0-A10D-D3F3182DCC1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mesa\bms.exe => No File FirewallRules: [{EBEDA41B-C453-41F3-B34E-1DE0775C65C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellblade\HellbladeGame.exe => No File FirewallRules: [{FB2DAD8D-F00D-4F12-8E28-4D1914E9E960}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellblade\HellbladeGame.exe => No File FirewallRules: [{AD43CD03-110A-4CCF-919A-81DC7D736329}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellblade\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe => No File FirewallRules: [{144AE11A-8E8F-48DF-BEE9-9CFBC789B870}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellblade\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe => No File FirewallRules: [{8FAF8067-8567-4F5C-863D-C2EA143EEE00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{ED6B0C19-E1F9-474E-8826-7D90EC5CB8F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{DBA861B9-580E-49C3-B0AA-48E8A930B7CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File FirewallRules: [{26654DF8-ED4C-424E-95D0-17AF6F352614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File FirewallRules: [{379611C1-418F-46D9-8DDE-A0F00F670723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe => No File FirewallRules: [{AECDDDEC-65F4-4B9A-A4FC-AAA5A2475513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe => No File FirewallRules: [{92E585D7-7ED9-46ED-B191-80CCBBD3EEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe => No File FirewallRules: [{B1D61355-6CC4-4F68-8EEE-D962BABB46A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe => No File FirewallRules: [{45F0A8D1-99E7-4008-BF05-7627A0CB9A31}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{9E6BF1BB-D53E-463E-8C9A-E91B129D1644}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [TCP Query User{8C936D15-455B-412D-B1FF-B4B15A907560}C:\program files\predictive solutions\ps imago pro\6\ibm\spss\statistics\26\stats.exe] => (Allow) C:\program files\predictive solutions\ps imago pro\6\ibm\spss\statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.) FirewallRules: [UDP Query User{F3A5E903-E8C2-4EF0-AD4D-E4683C7FA3C8}C:\program files\predictive solutions\ps imago pro\6\ibm\spss\statistics\26\stats.exe] => (Allow) C:\program files\predictive solutions\ps imago pro\6\ibm\spss\statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.) FirewallRules: [{9FCDADE8-47E6-48CE-8DF7-187A27DBA82C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ghostrunner Demo\Ghostrunner.exe => No File FirewallRules: [{889775C9-7E2B-49CE-B8BC-ECEC265344F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ghostrunner Demo\Ghostrunner.exe => No File FirewallRules: [{A1FEC935-407D-4345-8AD3-30E2B523C31F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe => No File FirewallRules: [{BDDCBA63-0B04-47A3-A08C-FB11B987BA29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe => No File FirewallRules: [{63CF18A0-7B19-4D6E-B14A-AD5581CE1716}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe => No File FirewallRules: [{AB071519-8A49-41A8-A50A-735331B2A484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe => No File FirewallRules: [TCP Query User{77F55DBF-8A67-4D82-A283-DCA684925F1D}C:\program files (x86)\steam\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe => No File FirewallRules: [UDP Query User{D7158223-8B66-4E93-817E-80B39E87617A}C:\program files (x86)\steam\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe => No File FirewallRules: [TCP Query User{914FEBCA-604F-4FAC-975B-B35B35687E84}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{9DB6D3B0-C4CB-46BB-833E-E33066661208}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{07BBBAF4-D8A5-4684-A447-F3E587FFF093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe => No File FirewallRules: [{8D3D481B-379F-40D4-ABF3-BC6E50A312CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe => No File FirewallRules: [TCP Query User{770D8E00-FAB4-4308-AADF-04A6BDBDC5EC}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [UDP Query User{532A60E3-AFB4-4B06-9F2F-DA32313D73E7}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{7D615369-11FF-462D-8DFC-4E9C407455CA}] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{315717C8-BD99-4AF9-B433-8B77FAF21C16}] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [TCP Query User{78341AB3-B0A0-4F17-96E2-D1507986664C}C:\program files (x86)\starcraft ii\versions\base86383\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base86383\sc2_x64.exe => No File FirewallRules: [UDP Query User{4DF08F0D-509D-4AA6-9735-70F4A476DBA1}C:\program files (x86)\starcraft ii\versions\base86383\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base86383\sc2_x64.exe => No File FirewallRules: [{83FC9697-5DBD-46B3-AC1E-522C5BE0F535}] => (Block) C:\program files (x86)\starcraft ii\versions\base86383\sc2_x64.exe => No File FirewallRules: [{663F92B5-2502-44E3-9D99-27E1B7D4C5FC}] => (Block) C:\program files (x86)\starcraft ii\versions\base86383\sc2_x64.exe => No File FirewallRules: [TCP Query User{6EE13F18-AF41-4EC8-8EF5-815E7A250D88}E:\cd\cfg\ieembed.exe] => (Allow) E:\cd\cfg\ieembed.exe (JDesktop Integration Components (JDIC) Project) [File not signed] FirewallRules: [UDP Query User{8FF7F840-A140-4B4C-8368-01E8C0A04801}E:\cd\cfg\ieembed.exe] => (Allow) E:\cd\cfg\ieembed.exe (JDesktop Integration Components (JDIC) Project) [File not signed] FirewallRules: [{89B24717-3FE6-40C2-966C-06E2750043E7}] => (Block) E:\cd\cfg\ieembed.exe (JDesktop Integration Components (JDIC) Project) [File not signed] FirewallRules: [{8517516B-213E-4609-971C-DBBD1AB0FDD3}] => (Block) E:\cd\cfg\ieembed.exe (JDesktop Integration Components (JDIC) Project) [File not signed] FirewallRules: [TCP Query User{14C2C966-F3E7-410D-B769-733400BDBB65}C:\program files\jetbrains\intellij idea 2019.2.4\bin\idea64.exe] => (Allow) C:\program files\jetbrains\intellij idea 2019.2.4\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [UDP Query User{06A31840-98CF-4630-ADDE-36F2499F0799}C:\program files\jetbrains\intellij idea 2019.2.4\bin\idea64.exe] => (Allow) C:\program files\jetbrains\intellij idea 2019.2.4\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [{6192C9C4-8632-45AA-A5AF-85F0CBE6409D}] => (Block) C:\program files\jetbrains\intellij idea 2019.2.4\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [{73FDFF1B-69BB-449C-8736-D007F77763B1}] => (Block) C:\program files\jetbrains\intellij idea 2019.2.4\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [{641DDF51-8126-4E7E-9EED-DF18D101C77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellish Quart Demo\Hellish Quart Demo.exe => No File FirewallRules: [{27D676D4-4AB6-4908-A9EC-0C79958C68FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellish Quart Demo\Hellish Quart Demo.exe => No File FirewallRules: [{41CBCF90-5555-4F06-B24B-086E44D8E3AB}] => (Allow) C:\Users\Dan\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{4EA26D2B-EF3D-4F60-9F9E-2229522446DA}] => (Allow) C:\Users\Dan\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{B0EE8530-9658-41E5-8195-9D0222BC65FF}] => (Allow) C:\Users\Dan\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [TCP Query User{D2936DAA-FB7A-4DE7-909C-156CD6D66C49}C:\program files\monero gui wallet\monerod.exe] => (Allow) C:\program files\monero gui wallet\monerod.exe () [File not signed] FirewallRules: [UDP Query User{432501D4-A111-4B1D-94BA-02AF8942C6A1}C:\program files\monero gui wallet\monerod.exe] => (Allow) C:\program files\monero gui wallet\monerod.exe () [File not signed] FirewallRules: [{B077703B-020C-45F0-AD2F-9FFD0998DD47}] => (Block) C:\program files\monero gui wallet\monerod.exe () [File not signed] FirewallRules: [{AE32BD40-AD39-4ABA-9D3B-C0A4AF33C262}] => (Block) C:\program files\monero gui wallet\monerod.exe () [File not signed] FirewallRules: [TCP Query User{A3D9DC10-9439-408A-98F4-B6EDA7821AD9}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe () [File not signed] FirewallRules: [UDP Query User{1E7A8A8F-7C55-42E9-B37F-F60B29E0101A}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe () [File not signed] FirewallRules: [{728DB894-7598-47D7-97E8-EC2703D2B744}] => (Block) C:\program files\monero gui wallet\monero-wallet-gui.exe () [File not signed] FirewallRules: [{C4FD890E-D8F0-4B99-ACC0-AF031D923396}] => (Block) C:\program files\monero gui wallet\monero-wallet-gui.exe () [File not signed] FirewallRules: [{DB3892EB-37C0-43B8-A5CF-24E9761DC617}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ENCHAIN Demo\ENCHAIN.exe => No File FirewallRules: [{47797D2F-5A1F-4347-8559-51397F7E4E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ENCHAIN Demo\ENCHAIN.exe => No File FirewallRules: [{185CB697-655B-405A-B076-F930FA437E4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Riftbreaker Demo\bin\Launcher.exe => No File FirewallRules: [{C72D0DFC-8A53-4218-94EE-DD8803A65BFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Riftbreaker Demo\bin\Launcher.exe => No File FirewallRules: [{21BCFD1C-0BC3-4166-8241-B297BFB349BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Riftbreaker Demo\bin\riftbreaker_win_release.exe => No File FirewallRules: [{0A0C1DF9-902A-43C0-A722-CBA1BBCCA165}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Riftbreaker Demo\bin\riftbreaker_win_release.exe => No File FirewallRules: [{48660262-1038-4A69-B499-09CCCBB9F7E0}] => (Allow) C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) [File not signed] FirewallRules: [{0287C6F9-8B1F-4F5F-BF83-46133B56830E}] => (Allow) C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) [File not signed] FirewallRules: [TCP Query User{AB6AB726-B487-4E52-AF02-A8D83CEE9EF7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{269AA0D9-5869-4BAB-BAB3-46BB51BFD6F7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{47E756F7-C19D-49BE-9C7A-5825329B094E}C:\program files\epic games\ue_5.0ea\engine\binaries\win64\unrealeditor.exe] => (Allow) C:\program files\epic games\ue_5.0ea\engine\binaries\win64\unrealeditor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{17C349E0-2CFA-4ED1-9C8E-E8B698429BB0}C:\program files\epic games\ue_5.0ea\engine\binaries\win64\unrealeditor.exe] => (Allow) C:\program files\epic games\ue_5.0ea\engine\binaries\win64\unrealeditor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{E1498FB5-B356-461B-B4AC-3F4A92348DBB}] => (Block) C:\program files\epic games\ue_5.0ea\engine\binaries\win64\unrealeditor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{582AB53F-8B94-4129-B253-59161722C888}] => (Block) C:\program files\epic games\ue_5.0ea\engine\binaries\win64\unrealeditor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{13F5FBFB-1CD8-49A6-ABF0-71CB97E9749D}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{AD89C27A-AC0A-43F8-AC53-0A6E2D21EAF2}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9BC42C29-4553-46BB-B077-ABFC6F84868E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{0A38B331-E170-4B19-9C57-7110683F07C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{21481C96-1C0D-4AB6-93BA-9DFD64FF71D0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2A62E8BA-37C2-4B2B-AB5F-F9A2F8741F72}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2A8B044A-76A1-4240-9F21-3910A5A08993}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E94E5570-2C09-486A-8D2E-681294091BAD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [TCP Query User{77F5AB3C-B09C-4114-9879-E5B602EA6DC5}C:\users\dan\.vscode\extensions\ms-vsliveshare.vsliveshare-1.0.5200\dotnet_modules\vsls-agent.exe] => (Allow) C:\users\dan\.vscode\extensions\ms-vsliveshare.vsliveshare-1.0.5200\dotnet_modules\vsls-agent.exe => No File FirewallRules: [UDP Query User{375A7B2A-65B4-4E04-9D20-3F86E333B152}C:\users\dan\.vscode\extensions\ms-vsliveshare.vsliveshare-1.0.5200\dotnet_modules\vsls-agent.exe] => (Allow) C:\users\dan\.vscode\extensions\ms-vsliveshare.vsliveshare-1.0.5200\dotnet_modules\vsls-agent.exe => No File FirewallRules: [{43973A1D-7B30-48C5-B5E0-9D9FFAD997F3}] => (Block) C:\users\dan\.vscode\extensions\ms-vsliveshare.vsliveshare-1.0.5200\dotnet_modules\vsls-agent.exe => No File FirewallRules: [{B3ED9E81-5319-43EF-8E39-B8EA06A0406F}] => (Block) C:\users\dan\.vscode\extensions\ms-vsliveshare.vsliveshare-1.0.5200\dotnet_modules\vsls-agent.exe => No File FirewallRules: [{0B066ED9-6D45-4A52-80E8-6D0F249934F0}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.) FirewallRules: [{20D9DC3E-42AE-49DF-BD5E-E3FF202BEE06}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.) FirewallRules: [{B15C0D11-A638-46F2-8D83-A8F4ED446FAF}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems) FirewallRules: [TCP Query User{0FA566CC-DF7C-4C26-97F3-5C444F2BDDCA}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{E6F53D97-6623-4520-B1A8-B50E39FA8938}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{A3AAB754-DBB7-47A7-BAA7-521150632962}C:\program files\epic games\godfall\aperion\binaries\win64\aperion-win64-shipping.exe] => (Allow) C:\program files\epic games\godfall\aperion\binaries\win64\aperion-win64-shipping.exe => No File FirewallRules: [UDP Query User{E4032DFD-CAE8-4CA2-8B70-4C2A92B725D1}C:\program files\epic games\godfall\aperion\binaries\win64\aperion-win64-shipping.exe] => (Allow) C:\program files\epic games\godfall\aperion\binaries\win64\aperion-win64-shipping.exe => No File FirewallRules: [{82E3ED69-65A4-468B-A3EF-833A03656DE2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5D463270-32F5-45BE-B9FC-4E2ED564ABED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D08E4725-4719-472C-B578-E4A0ED14D983}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7A5BECBE-10F9-440D-A796-994EC1A53284}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{0917E090-20C1-4A33-95DA-ACB28B434EDC}] => (Allow) C:\Program Files\AMD\CNext\CNext\amddvr.exe => No File FirewallRules: [{4B86A2C4-ED7B-4F82-BB05-3A6E26B95DA0}] => (Allow) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) FirewallRules: [{AD12AAB7-FEA3-45E3-9EA0-4A330245D221}] => (Allow) C:\Program Files\AMD\CNext\CNext\Radeonsoftware.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) FirewallRules: [{6A4B6C74-63FE-4FD0-B555-8EDA82D47BE4}] => (Allow) C:\Program Files\AMD\CNext\CNext\AMDLink.exe => No File FirewallRules: [{B92F992E-D396-40F5-B241-8F7543A1C034}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Xpand Rally\xpandrally.exe (Techland) [File not signed] FirewallRules: [{020B3B23-D9B2-4943-8436-B6744D1865BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Xpand Rally\xpandrally.exe (Techland) [File not signed] FirewallRules: [{3181F749-81C2-433B-90B0-67A6B98C918C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Xpand Rally\ChromEd.exe (Techland) [File not signed] FirewallRules: [{11985424-50C6-479A-96BE-B557DED62766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Xpand Rally\ChromEd.exe (Techland) [File not signed] FirewallRules: [{9A6988FA-6398-40C9-AFC0-4E7FAF27DA7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed] FirewallRules: [{22D11EB3-3F95-44A1-97A8-7B928BB482F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed] FirewallRules: [{A0B52CD2-ECEA-4B49-AA3D-3F8F9D8D53B8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{B9539980-3EFF-44D2-93A4-26A5CE08CE00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Teardown\teardown.exe () [File not signed] FirewallRules: [{87807EEE-37B1-4DE2-8AEC-0716DF05802E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Teardown\teardown.exe () [File not signed] FirewallRules: [{5836AC24-D9B4-40D0-9F45-E9E5023E9504}] => (Allow) C:\Program Files (x86)\Overwolf\0.194.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{A0BC6CE1-5F06-4196-9D56-F224B3C48707}] => (Allow) C:\Program Files (x86)\Overwolf\0.194.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{84F311D1-8F4A-4D36-9629-91173EB0C0B1}] => (Block) C:\Program Files (x86)\Overwolf\0.194.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{B34DF1D9-61DE-4CC2-BE86-83B29CD3FC58}] => (Block) C:\Program Files (x86)\Overwolf\0.194.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{1159EE8A-46DE-456A-AB85-EAE5B94953D5}] => (Allow) C:\Program Files (x86)\Overwolf\0.184.0.35\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{84474A23-6103-4202-BBA0-114023728E7F}] => (Allow) C:\Program Files (x86)\Overwolf\0.184.0.35\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{90C8EBCF-DE9B-469C-9FE7-8E35290A088C}] => (Block) C:\Program Files (x86)\Overwolf\0.184.0.35\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{A4AB969E-EB48-4B30-ACB9-9B596C5CC774}] => (Block) C:\Program Files (x86)\Overwolf\0.184.0.35\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{299D249B-B4AB-4D7F-A511-8576D2E69DC1}] => (Allow) C:\Program Files (x86)\Overwolf\0.195.0.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{1C95A420-4DA1-4F6D-B468-E8A08E346037}] => (Allow) C:\Program Files (x86)\Overwolf\0.195.0.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) ==================== Restore Points ========================= 02-04-2022 01:15:45 Installed AMD_Chipset_Drivers. 10-04-2022 21:54:57 Zaplanowany punkt kontrolny 13-04-2022 11:11:36 Instalator modułów systemu Windows 24-04-2022 21:43:01 Zaplanowany punkt kontrolny ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/20/2022 10:00:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete ograniczenie ponowne on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\934c9e5c-c5b1-48bf-afa7-6d38eff4f8a5\BaseLayer) because: Przeniesienie pliku nie powiodło się. (0x89000016) Error: (04/20/2022 10:00:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete konsolidacja slabów on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\934c9e5c-c5b1-48bf-afa7-6d38eff4f8a5\BaseLayer) because: Operacja konsolidacji slabów została przerwana, ponieważ można odzyskać zbyt małą liczbę slabów (na podstawie limitów określonych w rejestrze). (0x89000028) Error: (04/13/2022 10:12:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete ograniczenie ponowne on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\6367990b-0914-4acf-bdf4-2e8af25e18b3\BaseLayer) because: Przeniesienie pliku nie powiodło się. (0x89000016) Error: (04/13/2022 10:12:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete konsolidacja slabów on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\6367990b-0914-4acf-bdf4-2e8af25e18b3\BaseLayer) because: Operacja konsolidacji slabów została przerwana, ponieważ można odzyskać zbyt małą liczbę slabów (na podstawie limitów określonych w rejestrze). (0x89000028) Error: (04/12/2022 05:55:01 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Trwa proces zamykania systemu. ] Error: (04/12/2022 02:31:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RescueTime.exe, version: 2.16.8.2, time stamp: 0x618010de Faulting module name: ntdll.dll, version: 10.0.19041.1566, time stamp: 0xbde09443 Exception code: 0xc00000fd Fault offset: 0x0004d58e Faulting process id: 0x4ab0 Faulting application start time: 0x01d84df6bdec1dbd Faulting application path: C:\Program Files (x86)\RescueTime\RescueTime.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 92b3abb8-44b9-4427-b36a-03bdaa96532a Faulting package full name: Faulting package-relative application ID: Error: (04/07/2022 07:32:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete ograniczenie ponowne on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\6367990b-0914-4acf-bdf4-2e8af25e18b3\BaseLayer) because: Przeniesienie pliku nie powiodło się. (0x89000016) Error: (04/07/2022 07:32:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete konsolidacja slabów on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\6367990b-0914-4acf-bdf4-2e8af25e18b3\BaseLayer) because: Operacja konsolidacji slabów została przerwana, ponieważ można odzyskać zbyt małą liczbę slabów (na podstawie limitów określonych w rejestrze). (0x89000028) System errors: ============= Error: (04/24/2022 10:46:31 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 22:20:44 on ‎24.‎04.‎2022 was unexpected. Error: (04/24/2022 03:15:20 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-KPERUJC) Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_5829e with arguments "Niedostępny" in order to run the server: Windows.Media.Capture.Internal.AppCaptureShell Error: (04/24/2022 03:15:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BcastDVRUserService_5829e service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/24/2022 03:15:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the BcastDVRUserService_5829e service to connect. Error: (04/24/2022 12:03:03 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.39. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (04/20/2022 09:53:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (04/20/2022 09:50:40 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.39. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (04/13/2022 10:12:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NW33J738BL0-10186emoacht.Monitorian. Windows Defender: ================ Date: 2022-04-24 19:42:18 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {775E3891-8046-4CCE-AD19-562EA3B6A182} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2022-04-23 21:39:29 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {098C3F60-A7D5-4CCD-8A0B-601D54FE1258} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2022-04-22 03:14:50 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {E2496C7E-7283-433A-A759-770C1E9B18AF} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2022-04-22 01:41:32 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {9E2AAE0A-4E88-4A9A-B7FC-8067EB0BB57C} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2022-04-20 10:00:54 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {241D4624-50FE-44F6-A8C0-E6ACA54FB26B} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM  CodeIntegrity: =============== Date: 2022-04-03 05:04:41 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2022-04-01 22:48:48 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends International, LLC. 1.50 01/20/2021 Motherboard: Micro-Star International Co., Ltd. MAG X570 TOMAHAWK WIFI (MS-7C84) Processor: AMD Ryzen 9 5900X 12-Core Processor Percentage of memory in use: 30% Total physical RAM: 32693.06 MB Available physical RAM: 22712.5 MB Total Virtual: 37557.06 MB Available Virtual: 24520.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.9 GB) (Free:53.13 GB) NTFS Drive e: () (Fixed) (Total:299.11 GB) (Free:57.7 GB) NTFS \\?\Volume{1e515c49-2928-4cc8-96f7-491f655c9042}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS \\?\Volume{2d5460b5-1b15-4b18-90cf-18438ac0e43c}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS \\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.5 GB) NTFS \\?\Volume{69cafd7c-add4-4cb2-b101-51ae4055511c}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 \\?\Volume{96d6ecb3-a65f-4909-8257-d373aff01b0a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 6C1FCA1A) Partition: GPT. ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4) Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================