Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01 Ran by amiko (21-07-2021 15:22:31) Running from C:\Users\amiko\Desktop Windows 10 Education Version 21H1 19043.1110 (X64) (2021-07-21 11:52:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3236640263-339137666-2643196761-500 - Administrator - Disabled) amiko (S-1-5-21-3236640263-339137666-2643196761-1001 - Administrator - Enabled) => C:\Users\amiko DefaultAccount (S-1-5-21-3236640263-339137666-2643196761-503 - Limited - Disabled) furma (S-1-5-21-3236640263-339137666-2643196761-1004 - Administrator - Enabled) => C:\Users\furma Guest (S-1-5-21-3236640263-339137666-2643196761-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3236640263-339137666-2643196761-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation) Hidden Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated) Aplikacje Microsoft 365 dla przedsiębiorstw - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.14131.20320 - Microsoft Corporation) Apple Mobile Device Support (HKLM\...\{7D606B87-0AEB-4C27-ABCE-1138EE09777B}) (Version: 13.0.0.41 - Apple Inc.) AutoHotkey 1.1.33.09 (HKLM\...\AutoHotkey) (Version: 1.1.33.09 - Lexikos) Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.8.01090 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{C1F2A6F4-89D5-459A-B39A-EF5BE4472CB9}) (Version: 4.8.01090 - Cisco Systems, Inc.) Hidden ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden Dell SupportAssist (HKLM\...\{270DE507-0182-4444-AAC8-FDD6689A92B0}) (Version: 3.10.0.47 - Dell Inc.) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.) DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3236640263-339137666-2643196761-1004\...\Discord) (Version: 0.0.306 - Discord Inc.) ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.) ESET Security (HKLM\...\{6B1BBDBF-507A-4736-82B0-DE772C1D2AFE}) (Version: 14.2.19.0 - ESET, spol. s r.o.) Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio) GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team) Git version 2.28.0 (HKLM\...\Git_is1) (Version: 2.28.0 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC) IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp) IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp) icecap_collection_neutral (HKLM-x32\...\{EEF3770F-1EEF-4AA4-94E7-4B1DEBEED8B6}) (Version: 16.7.30310 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{1E36C98F-0653-495C-B28E-433A6740ADB0}) (Version: 16.7.30310 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{60C5BEEB-0865-45D8-AB7F-7F2E916EBEE4}) (Version: 16.7.30310 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{7525DBB9-50C3-4924-BA87-CD21910F3DA3}) (Version: 16.7.30309 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{0307C98E-AE82-4A4F-A950-A72FBD805338}) (Version: 10.0.04403 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) K-Lite Mega Codec Pack 15.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.0.0 - KLCP) Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes) Microsoft .NET Core SDK 3.1.401 (x64) from Visual Studio (HKLM\...\{3C9F2C0F-9936-4893-9266-0A21E6D301C5}) (Version: 3.1.401.015229 - Microsoft Corporation) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14131.20320 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.10 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.10) (Version: 5.10.19227.2113 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.71 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.71 - Microsoft Corporation) Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{8D98AC2C-FC5C-440D-A2D3-6C9655F957D8}) (Version: 17.2.0.1 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{BAF67399-85CD-4555-9B49-1F80EB921C35}) (Version: 12.3.6024.0 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\Teams) (Version: 1.4.00.16575 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3236640263-339137666-2643196761-1004\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{D06A5649-3BDB-4F2C-9C38-AB25CD5102E2}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.7.3064.805 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 - Microsoft Corporation) Mozilla Firefox 89.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-GB)) (Version: 89.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.1 - Mozilla) NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.32.24.0 - TEFINCOM S.A.) NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN) NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1 - Notepad++ Team) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) NVivo 12 (HKLM\...\{28ADDB93-754C-4AB8-AAE5-851DBCBA2C1E}) (Version: 12.6.0.959 - QSR International Pty Ltd) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20320 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20320 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.5.1 - pdfforge GmbH) R for Windows 4.0.2 (HKLM\...\R for Windows 4.0.2_is1) (Version: 4.0.2 - R Core Team) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) RStudio (HKLM-x32\...\RStudio) (Version: 1.3.1073 - RStudio) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.23.0 - Samsung Electronics Co., Ltd.) Spotify (HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\Spotify) (Version: 1.1.9.383.g9f48828e - Spotify AB) Syncios Data Transfer 3.1.3 (HKLM-x32\...\Syncios Data Transfer) (Version: 3.1.3 - Syncios) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.7174 - Microsoft Corporation) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.19.5 - TeamViewer) TypeScript SDK (HKLM-x32\...\{A6485A79-9A1B-4EEF-8BD2-658157F68355}) (Version: 3.9.6.0 - Microsoft Corporation) Hidden vcpp_crt.redist.clickonce (HKLM-x32\...\{9807AE60-E138-4CB1-BD3C-679F23121DA0}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Visual Studio Community 2019 (HKLM-x32\...\ae39913e) (Version: 16.7.30413.136 - Microsoft Corporation) VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{CC46F5AE-F0CA-400C-A557-A95D742D4EE0}) (Version: 16.7.30310 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{804E218D-A59D-48B9-AD2A-13BF6F1C9DA0}) (Version: 16.7.30309 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{3A735826-F946-4348-8DE2-0B9FF750F77D}) (Version: 16.7.30309 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{EF1AD9BC-8273-4B78-ACB6-A35DF4CE4447}) (Version: 16.7.30309 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{760FF3F5-A7F3-4079-92DD-9AEB0344D13E}) (Version: 16.7.30310 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{937CD512-3142-4F3E-93CD-5F86203ED24B}) (Version: 16.7.30309 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_vswebprotocolselectormsi (HKLM-x32\...\{178ED1EA-BAFA-489D-873D-F5FB72EA69B9}) (Version: 16.7.30309 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3236640263-339137666-2643196761-1004\...\WhatsApp) (Version: 2.2027.10 - WhatsApp) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation) Zoom (HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\ZoomUMX) (Version: 5.5.0 (12454.0131) - Zoom Video Communications, Inc.) Packages: ========= Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.2.0_x64__htrsf667h5kn2 [2021-07-21] (Dell Inc) Dodatek Aparat multimediów dla aplikacji Zdjęcia -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-21] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-21] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3236640263-339137666-2643196761-1001_Classes\CLSID\{04271989-C4D2-F3CB-B5B9-23FF39257EA2} -> [OneDrive - University College London] => C:\Users\amiko\OneDrive - University College London [2019-07-02 22:17] CustomCLSID: HKU\S-1-5-21-3236640263-339137666-2643196761-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\amiko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-06-17] (Notepad++ -> ) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-15] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-04] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-06-30 21:34 - 2015-06-26 04:15 - 001975016 _____ (Creative Technology Ltd -> Creative Technology Ltd.) [File not signed] C:\WINDOWS\system32\MBAPO264.dll 2019-06-30 22:14 - 2019-06-30 22:14 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll 2021-05-23 02:06 - 2021-05-23 02:06 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-3236640263-339137666-2643196761-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-gb/?ocid=iehp BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-05] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\sharepoint.com -> hxxps://liveuclac-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 05:49 - 2021-04-30 08:48 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3236640263-339137666-2643196761-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\amiko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-3236640263-339137666-2643196761-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\furma\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-3236640263-339137666-2643196761-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKLM\...\StartupApproved\Run32: => "Discord" HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows" HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\StartupApproved\Run: => "MP3 Skype recorder" HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\StartupApproved\Run: => "GoogleDriveSync" HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3236640263-339137666-2643196761-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-3236640263-339137666-2643196761-1004\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3236640263-339137666-2643196761-1004\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3236640263-339137666-2643196761-1004\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-3236640263-339137666-2643196761-1004\...\StartupApproved\Run: => "OneDriveSetup" HKU\S-1-5-21-3236640263-339137666-2643196761-1008\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5DA1C389-9267-4041-A349-B938CF8D12C8}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed] FirewallRules: [{94BFCD29-F298-4C8C-B346-D242EA81DAFA}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed] FirewallRules: [{B38A4736-E97C-43E1-9714-7BF4E97B7201}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed] FirewallRules: [{7B3FB045-C4DB-4B90-A464-3598CC7E85B5}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed] FirewallRules: [{34B1805D-A351-4001-B111-474CC8DC6834}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed] FirewallRules: [{C3A380CE-7FD6-4863-9D39-616E76A6FFC8}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed] FirewallRules: [{55AB255A-0FA4-4B17-A52A-125731DFF866}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{28268C62-6383-4950-9B99-73D9B10F5454}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{92CB71C1-C196-466D-A321-09BA990B4647}C:\users\amiko\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\amiko\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{E2AE0EE1-8EC4-431C-A05B-D6DD6FC97FEA}C:\users\amiko\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\amiko\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{795DCD20-F420-440D-ADD2-7A54B8883910}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.) FirewallRules: [{17B59BDF-AA0E-425A-8746-5889FEF950D8}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.) FirewallRules: [{FC46B3F0-441E-4F25-8065-D69FFA4A4A27}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.) FirewallRules: [{C71D1951-0DDE-47D5-AA12-ACE9F75B7F6E}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.) FirewallRules: [{121CB5E4-A28D-4E31-A7AE-F2DE00112523}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) FirewallRules: [{8D39128D-EE5E-47E9-B43A-514CCE061140}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) FirewallRules: [TCP Query User{8C78A24B-C6BD-4293-895D-E47279B23678}C:\users\furma\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\furma\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{9B73D595-12A2-41C0-81FA-0EDF90A166F8}C:\users\furma\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\furma\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{53A90C29-7627-410E-9F6C-5D1F167CC898}] => (Block) C:\users\furma\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C0B96FA5-7A94-4388-B788-0E88ECFC6F6D}] => (Block) C:\users\furma\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6BEF7688-80F8-409A-B5EF-413ED310044B}] => (Allow) C:\Users\amiko\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{A72C3D09-6844-4ED7-B152-4718C7C2101C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{910C827D-6EA6-466F-8327-2EB9FA8F64EA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{0E8970FC-E3CE-41D2-BAC0-3534660E2D85}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{1D315E2A-2CFA-4732-9AB3-4DBC74C5550D}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{091CD4AE-2248-4F16-9513-E39733E97AF9}C:\program files\rstudio\bin\rsession.exe] => (Allow) C:\program files\rstudio\bin\rsession.exe (RStudio, PBC) [File not signed] FirewallRules: [UDP Query User{EF535A6D-6EB7-4B7C-AF0D-A350875C55E5}C:\program files\rstudio\bin\rsession.exe] => (Allow) C:\program files\rstudio\bin\rsession.exe (RStudio, PBC) [File not signed] FirewallRules: [{80C97968-CD56-4808-BEB5-2589AB6F3FD5}] => (Block) C:\program files\rstudio\bin\rsession.exe (RStudio, PBC) [File not signed] FirewallRules: [{C42FD490-8A53-482B-BEA6-E66F5380E723}] => (Block) C:\program files\rstudio\bin\rsession.exe (RStudio, PBC) [File not signed] FirewallRules: [{949C5056-826A-4DB0-B6F6-904B1CF58085}] => (Allow) C:\Program Files (x86)\Syncios\Syncios Data Transfer\Syncios Data Transfer.exe (ANVSOFT TECHNOLOGY CO., LIMITED -> Syncios) FirewallRules: [TCP Query User{5F1EB706-552F-49EA-BC42-689028392EA6}C:\users\amiko\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\amiko\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{7384A7EE-9AB9-49B9-AADC-534E24F66C4A}C:\users\amiko\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\amiko\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{0FA670C4-5B2A-457C-AB0E-94F96B19B306}C:\program files\ibm\spss\statistics\23\stats.exe] => (Block) C:\program files\ibm\spss\statistics\23\stats.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed] FirewallRules: [UDP Query User{EA633726-8C31-4416-A21F-479B8B4B9494}C:\program files\ibm\spss\statistics\23\stats.exe] => (Block) C:\program files\ibm\spss\statistics\23\stats.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed] FirewallRules: [{DDCAEF05-AD66-4510-A6EA-A17EB6E6AD66}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C5919CAD-EA93-494F-969F-56A0CCA339BF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BDA40001-5936-4CD0-AC28-FB5EFF6E8313}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{760CC808-F813-4C82-93A8-71B5043C18F9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D167771C-1E82-4442-A887-B8F3BB9FAB16}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B5C49773-5B1B-47EC-99D9-9138043E3207}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B8231ED9-0F25-49A7-B772-72D7ADAF7528}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{27A8993C-5A02-42E1-8CDB-BEF1FA2980EF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{ED48FF22-1C97-4689-862F-506D0FB7D4B4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C22204CC-D226-425A-BD75-D300716A3E27}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{090CF1F0-832D-478B-BCE6-3C074289EAC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{89865B91-ADEC-452B-AC0D-7BCD6FCCF007}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{A8146BCE-AEFD-4086-AE0D-B3313BC1C6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{9F7C3DE1-5EE6-4890-8E8E-8EA2EBB583DA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F68356F4-904D-4412-B202-2E852237E7AC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8E598D7B-A3A9-400E-8606-9944386665FD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{0005721B-C2BD-4C2A-BF33-EF8292A6643E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D5D18922-A987-48FB-A2FB-72A1EE1A2D55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{6D441668-8DD6-4AF9-82AA-73108C404EC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{00123FD9-8201-49D5-9D6E-DDE3ED281D82}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.71\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6BBBB8BA-EE3B-4DEC-AD3A-02B7C66E3ECD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:222.94 GB) (Free:22.53 GB) (10%) ==================== Faulty Device Manager Devices ============ Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (07/21/2021 03:04:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 10.0.19041.546, time stamp: 0x5da7ab91 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x80131623 Fault offset: 0x00007ffdbd17200f Faulting process id: 0x318 Faulting application start time: 0x01d77e395201a084 Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe Faulting module path: unknown Report Id: 13988c98-d7bf-42e4-a85c-af2b9df9d547 Faulting package full name: Faulting package-relative application ID: Error: (07/21/2021 03:04:29 PM) (Source: .NET Runtime) (EventID: 1025) (User: ) Description: Application: wmiprvse.exe Framework Version: v4.0.30319 Description: The application requested process termination through System.Environment.FailFast(string message). Message: Unexpected exception thrown from the provider: System.IO.FileLoadException: File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers() Stack: at System.Environment.FailFast(System.String) at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink) Error: (07/21/2021 03:04:28 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: ) Description: Event-ID 3002 Error: (07/21/2021 03:04:28 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: ) Description: Event-ID 2002 Error: (07/21/2021 03:04:28 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: ) Description: Event-ID 2003 Error: (07/21/2021 01:58:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 10.0.19041.546, time stamp: 0x5da7ab91 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x80131623 Fault offset: 0x00007ffdbd1741cf Faulting process id: 0x1634 Faulting application start time: 0x01d77e30289709c4 Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe Faulting module path: unknown Report Id: d89b55fc-6d0e-4718-8bc0-4f476353062f Faulting package full name: Faulting package-relative application ID: Error: (07/21/2021 01:58:56 PM) (Source: .NET Runtime) (EventID: 1025) (User: ) Description: Application: wmiprvse.exe Framework Version: v4.0.30319 Description: The application requested process termination through System.Environment.FailFast(string message). Message: Unexpected exception thrown from the provider: System.IO.FileLoadException: File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers() Stack: at System.Environment.FailFast(System.String) at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink) Error: (07/21/2021 01:58:52 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: ) Description: Event-ID 3002 System errors: ============= Error: (07/21/2021 02:40:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Folder Size service terminated unexpectedly. It has done this 1 time(s). Error: (07/21/2021 01:51:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (07/21/2021 01:51:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. Error: (07/21/2021 01:50:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. Error: (07/21/2021 01:44:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (07/21/2021 01:44:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. Error: (07/21/2021 12:47:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (07/21/2021 12:47:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. CodeIntegrity: =============== Date: 2021-07-21 13:50:28 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements. Date: 2021-07-21 13:50:21 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. A12 11/05/2015 Motherboard: Dell Inc. 0JW8BU Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Percentage of memory in use: 41% Total physical RAM: 8096.94 MB Available physical RAM: 4776.84 MB Total Virtual: 10656.94 MB Available Virtual: 6951.58 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.94 GB) (Free:22.53 GB) NTFS \\?\Volume{dcb4566a-c09c-4641-a7fa-8cd14de17e7d}\ () (Fixed) (Total:0.52 GB) (Free:0.03 GB) NTFS \\?\Volume{d99f0e6e-7696-4763-ac90-7875b48f1604}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: E1D3763B) Partition: GPT. ==================== End of Addition.txt =======================