Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023 Ran by magko (02-10-2023 10:20:59) Running from C:\Users\magko\Downloads Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) (2023-02-11 03:06:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-118935755-630862155-2444804460-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-118935755-630862155-2444804460-503 - Limited - Disabled) Guest (S-1-5-21-118935755-630862155-2444804460-501 - Limited - Disabled) magko (S-1-5-21-118935755-630862155-2444804460-1004 - Administrator - Enabled) => C:\Users\magko WDAGUtilityAccount (S-1-5-21-118935755-630862155-2444804460-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ARCHICAD 25 R1 USA (HKLM\...\ARCHICAD 25.0 USA FULL R1 1) (Version: 25.0.0.4013 - GRAPHISOFT SE) AutoCAD LT 2023 Shared Language Pack - English (HKLM\...\{28B89EEF-6109-0409-5102-CF3F3A09B77D}) (Version: 24.2.53.0 - Autodesk) Hidden AutoCAD Open in Desktop (HKLM\...\{2B8E195A-0082-4B8F-9284-0FCCB6017C23}) (Version: 1.0.26.0 - Autodesk) Autodesk AutoCAD LT 2022 - English (HKLM\...\{3E4FF57B-0533-3C99-A29F-C9E2838E11E5}) (Version: 24.1.162.0 - Autodesk, Inc.) Autodesk AutoCAD LT 2022.1.2 Update (HKLM\...\{0942B8C1-085D-3668-B1AB-3EFE10D84D80}) (Version: 24.1.162.0 - Autodesk, Inc.) Autodesk AutoCAD LT 2023 - English (HKLM\...\{C8DC0A93-1BFB-3C0D-B3B6-1BD06D06CCC2}) (Version: 24.2.53.0 - Autodesk, Inc.) Autodesk Genuine Service (HKLM\...\{C36DAB09-CD11-47AE-8489-78062240CDB3}) (Version: 7.2.0.215 - Autodesk) Autodesk Identity Manager (HKLM\...\Autodesk Identity Manager) (Version: 1.9.18.0 - Autodesk) Autodesk Material Library 2022 (HKLM-x32\...\{A9221A68-5AD0-4215-B54F-CB5DBA4FB27C}) (Version: 20.3.7.0 - Autodesk) Autodesk Material Library 2023 (HKLM-x32\...\{8E133591-B0FD-4DB0-B60E-FB593CAF72B0}) (Version: 21.0.1.1 - Autodesk) Autodesk Material Library Base Resolution Image Library 2022 (HKLM-x32\...\{6256584F-B04B-41D4-8A59-44E70940C473}) (Version: 20.3.7.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2023 (HKLM-x32\...\{3B564A94-BA47-4E42-ACD6-B5C35291210B}) (Version: 21.0.1.1 - Autodesk) Autodesk Save to Web and Mobile (HKLM\...\{5AB49421-ADA1-4512-9E47-0AE9906F6A28}) (Version: 3.0.30 - Autodesk) Autodesk Single Sign On Component (HKLM\...\{88003D19-C1C3-402D-A162-42D9B924266C}) (Version: 13.3.3.1803 - Autodesk) CodeMeter Runtime Kit v7.21a (HKLM\...\{7DD757C8-9C11-4B01-B105-F6010273C67D}) (Version: 7.21.4611.501 - WIBU-SYSTEMS AG) CPUID CPU-Z 2.08 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.08 - CPUID, Inc.) Documentation Manager (HKLM\...\{BBADC524-5F32-4DF2-AF23-81B4D10FAA4E}) (Version: 22.90.0.5 - Intel Corporation) Hidden DreamPlan Home Design Software (HKLM-x32\...\DreamPlan) (Version: 7.32 - NCH Software) Dynamic Application Loader Host Interface Service (HKLM\...\{A28339C8-E641-4CCE-A316-56F405D1C245}) (Version: 1.0.0.0 - Intel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 117.0.5938.92 - Google LLC) GoTo Opener (HKLM-x32\...\{7659273F-0EB6-4ECB-BC7D-5889F3FD3075}) (Version: 1.0.562 - LogMeIn, Inc.) GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 25.0 GEN FULL R1 1) (Version: 2021.3441.0 - GRAPHISOFT SE) GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 INT FULL R1 1) (Version: 20.0.0.4800 - GRAPHISOFT SE) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{04D46EAF-2FB6-4F8A-B801-9B17CF7E6357}) (Version: 18.0.274 - Intel Corporation) Intel(R) Chipset Device Software (HKLM\...\{06D713D6-9845-436D-B857-5BF2596B4554}) (Version: 10.1.18634.8254 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{99926fb7-5da9-4101-b79f-eec3674ca64b}) (Version: 10.1.18634.8254 - Intel(R) Corporation) Intel(R) LMS (HKLM\...\{A0983640-26D2-4CD8-A512-747BF3CF3F82}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{21468D61-6A78-4358-B346-F4D37C6D55CC}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{788371EA-0B02-40AD-85D0-21BE107E3628}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{2F171580-9C56-4A25-A5D5-CBBAA025BFA6}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00002090-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.90.2.1 - Intel Corporation) Intel® Software Installer (HKLM-x32\...\{bc0ed593-235e-47bf-9b81-bb287a4eea34}) (Version: 22.90.0.5 - Intel Corporation) Hidden Microsoft .NET Core Host - 3.1.10 (x64) (HKLM\...\{52B42932-15C1-45D4-8904-FC3117EEE69B}) (Version: 24.104.29419 - Microsoft Corporation) Hidden Microsoft .NET Core Host FX Resolver - 3.1.10 (x64) (HKLM\...\{752B4412-A129-4CB2-AD96-B6D97EAD3090}) (Version: 24.104.29419 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM\...\{396D7BC8-E3C8-4B3E-8C60-D50D94FDF09D}) (Version: 24.104.29419 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM-x32\...\{4714dd0a-ebab-4f59-a708-f8d7a793b3f5}) (Version: 3.1.10.29419 - Microsoft Corporation) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft ASP.NET Core 3.1.10 - Shared Framework (HKLM-x32\...\{6efe3294-03d8-4977-9c67-9f57ab075130}) (Version: 3.1.10.20520 - Microsoft Corporation) Microsoft ASP.NET Core 3.1.10 Shared Framework (x64) (HKLM\...\{7BEAA207-E3EB-3948-BBB3-336B04D8A2F1}) (Version: 3.1.10.20520 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.194.0917.0001 - Microsoft Corporation) Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-118935755-630862155-2444804460-1004\...\Teams) (Version: 1.6.00.20074 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30133 (HKLM-x32\...\{42667D2E-B054-46C1-9D46-2EE1332C14C1}) (Version: 14.29.30133 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30133 (HKLM-x32\...\{EC9807DE-B577-47B1-A024-0251805ACF24}) (Version: 14.29.30133 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 - NVIDIA Corporation) NVIDIA GeForce Experience 3.24.0.123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.123 - NVIDIA Corporation) NVIDIA Graphics Driver 511.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.23 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.39.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 9.20 - NCH Software) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9088.1 - Realtek Semiconductor Corp.) Verti-Crete Analysis and Layout (HKLM-x32\...\{51297106-7140-4264-A7FA-1C24222F7216}) (Version: 1.0.0.0 - Race Engineering Associates, LLC) WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.40 of 2016-Dec-22 (Build 2402) (Setup) - WIBU-SYSTEMS AG) Zoom (HKU\S-1-5-21-118935755-630862155-2444804460-1004\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation) Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.62.8.0_x64__6rarf9sa4v8jt [2023-09-25] (Disney) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-12] (HP Inc.) Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2309.1002.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corporation) [Startup Task] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-18] (Microsoft Corp.) Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-13] (Microsoft Corporation) Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation) Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-18] (Microsoft Corporation) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-09] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.22.240.0_x64__dt26b99r8h8gj [2023-08-24] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-28] (Spotify AB) [Startup Task] Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-18] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-118935755-630862155-2444804460-1004_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\magko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23199.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-118935755-630862155-2444804460-1004_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD LT 2022\acadlt.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-118935755-630862155-2444804460-1004_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2022\en-US\acadltficn.dll (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-118935755-630862155-2444804460-1004_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\magko\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2022-01-31] (Autodesk, Inc. -> Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2022-01-31] (Autodesk, Inc. -> Autodesk) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.194.0917.0001\FileSyncShell64.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_015fa42d67826549\nvshext.dll [2022-01-11] (Nvidia Corporation -> NVIDIA Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2023-10-02 08:58 - 2023-10-02 08:58 - 000357888 _____ () [File not signed] \\?\C:\Users\magko\AppData\Local\Temp\3aac16c4-872f-47f1-bb6a-6e3af469d2b7.tmp.node 2023-10-02 08:58 - 2023-10-02 08:58 - 000915456 _____ () [File not signed] \\?\C:\Users\magko\AppData\Local\Temp\822bba17-7801-49d2-b473-0af4de368abd.tmp.node 2022-02-17 00:05 - 2022-02-17 00:05 - 008952832 _____ (Autodesk) [File not signed] C:\Program Files\Autodesk\AutoCAD LT 2022\acadltbtn.xmx 2023-09-18 10:59 - 2023-09-18 10:59 - 002304000 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\accoremgd\4015b50bf1504bed0c37045254e74ba8\accoremgd.ni.dll 2023-09-18 10:59 - 2023-09-18 10:59 - 002063872 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AcCui\f9cc4472d64ee1e17fb31e95d77a33b3\AcCui.ni.dll 2023-09-18 10:59 - 2023-09-18 10:59 - 014115840 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Acdbmgd\c2b1e1f9b152eaa111a6c0e958594f66\Acdbmgd.ni.dll 2023-09-18 10:59 - 2023-09-18 10:59 - 002419712 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AcLayer\1fbd55d22f9f89e8b012e699ca0c9036\AcLayer.ni.dll 2023-09-18 10:59 - 2023-09-18 10:59 - 008144896 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Acmgd\69d2cd22eb3b6ab77a12527e7c6ad2af\Acmgd.ni.dll 2023-09-18 10:59 - 2023-09-18 10:59 - 012231168 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AcWindows\a431fa07370d0ba0345a41906b8599d5\AcWindows.ni.dll 2023-09-18 10:59 - 2023-09-18 10:59 - 000870400 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AdApplicationFrame\0c851ed1cee32c6d70f86796366af86e\AdApplicationFrame.ni.dll 2023-09-18 10:59 - 2023-09-18 10:59 - 006131712 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AdWindows\c56df987d95e4f40fbdc82c10f4b8389\AdWindows.ni.dll 2023-09-18 10:59 - 2023-09-18 10:59 - 000797184 _____ (Autodesk, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AppHomeInterop\4cbc1bcdc122ba0f3350ce44cc14c41c\AppHomeInterop.ni.dll 2022-04-09 08:23 - 2021-09-27 23:23 - 000204800 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\AlgMath.dll 2022-04-09 08:23 - 2021-09-27 23:23 - 000015872 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\BasicMath.dll 2022-04-09 08:24 - 2021-09-27 23:26 - 001650176 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GDL.dll 2022-04-09 08:24 - 2021-09-27 23:24 - 002861056 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\Geometry.dll 2022-04-09 08:24 - 2021-09-27 23:25 - 000994816 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\Graphix.dll 2022-04-09 08:23 - 2021-09-27 23:25 - 000037888 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GSProfiler.dll 2022-04-09 08:24 - 2021-09-27 23:23 - 001648128 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GSRoot.dll 2022-04-09 08:24 - 2021-09-28 00:32 - 003578368 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GSShellX64.dll 2022-04-09 08:23 - 2021-09-27 23:25 - 000024576 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GSTestEnvironment.dll 2022-04-09 08:24 - 2021-09-27 23:24 - 000538624 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GSUtils.dll 2022-04-09 08:24 - 2021-09-27 23:24 - 002357248 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GSXML.dll 2022-04-09 08:23 - 2021-09-27 23:24 - 000256512 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GSXMLUtils.dll 2022-04-09 08:23 - 2021-09-27 23:23 - 000076288 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GSZLib.dll 2022-04-09 08:23 - 2021-09-27 23:24 - 000059392 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GX.dll 2022-04-09 08:23 - 2021-09-27 23:24 - 000057344 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\GXImageBase.dll 2022-04-09 08:24 - 2021-09-27 23:24 - 000607744 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\InputOutput.dll 2022-04-09 08:24 - 2021-09-27 23:26 - 000561152 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\JACK.dll 2022-04-09 08:23 - 2021-09-27 23:23 - 000233984 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\JSON.dll 2022-04-09 08:23 - 2021-09-27 23:23 - 000073216 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\JSONConversion.dll 2022-04-09 08:23 - 2021-09-27 23:24 - 000091648 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\Measure.dll 2022-04-09 08:23 - 2021-09-27 23:23 - 000137216 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\Network.dll 2022-04-09 08:24 - 2021-09-27 23:24 - 003322880 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\ObjectDatabase.dll 2022-04-09 08:23 - 2021-09-27 23:28 - 000105472 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\ProjectFile.dll 2022-04-09 08:24 - 2021-09-27 23:40 - 000285696 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\ProjectInfo.dll 2022-04-09 08:24 - 2021-09-27 23:40 - 000444416 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\ProjectIO.dll 2022-04-09 08:23 - 2021-09-27 23:23 - 000151552 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\RS.dll 2022-04-09 08:24 - 2021-09-27 23:24 - 000544256 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\TextEngine.dll 2022-04-09 08:23 - 2021-09-27 23:28 - 000227328 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\TWRoot.dll 2022-04-09 08:24 - 2021-09-27 23:28 - 000561152 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 25\VBUtils.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:CM_3aa62f6beb03b0e5e50255b47323aa6071df655a747e8615027af28695e3e191 [74] AlternateDataStreams: C:\Windows:CM_f6e86f7d436a28482b53eb66f73b801cf8a8cc5957b8ae9d72647b1dcd666493 [74] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-118935755-630862155-2444804460-1004\Software\Classes\.scr: AutoCADLTScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKU\S-1-5-21-118935755-630862155-2444804460-1004 -> DefaultScope {50B860D9-570B-4CE8-9AB2-F2EED4D4DCB2} URL = SearchScopes: HKU\S-1-5-21-118935755-630862155-2444804460-1004 -> {50B860D9-570B-4CE8-9AB2-F2EED4D4DCB2} URL = BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-18] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-18] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-18] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-18] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-06-05 05:08 - 2021-06-05 05:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-118935755-630862155-2444804460-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{2C767FF4-D6F2-4367-9085-D5094073EBF6}C:\users\magko\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\magko\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{245D7B4C-6CCF-486D-85B1-11077847826D}C:\users\magko\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\magko\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BB99187D-FC65-404C-9F86-A084703D9280}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) FirewallRules: [{934124E4-A9BD-4B50-A41D-0EA744192EAA}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) FirewallRules: [{DD9057F1-B332-414E-A550-B1C1B648353D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) FirewallRules: [{81D48264-CE4E-455B-B6F1-EF120BB65E30}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) FirewallRules: [{73C2202A-BECE-4078-8FC9-111213F1E33A}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 25\OverwatchServer.exe (GRAPHISOFT SE) [File not signed] FirewallRules: [{DD2FCED1-3C23-42F2-873A-46B6EB3E9084}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 25\BIMxUploader.exe (GRAPHISOFT SE) [File not signed] FirewallRules: [{BDB9B363-FEA7-4CFF-8CD0-448FBB17C3A1}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 25\Cineware\Cineware.exe (MAXON Computer GmbH -> MAXON Computer GmbH) FirewallRules: [{E170EBA4-6B9F-48C6-B2A5-88E08CE0E508}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 25\ARCHICAD Starter.exe (GRAPHISOFT SE) [File not signed] FirewallRules: [{C3BC167E-807E-4DD9-9968-9F16E8F6EEF7}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 25\ARCHICAD.exe (GRAPHISOFT SE) [File not signed] FirewallRules: [{B84F9864-1A11-4949-818E-A1AD273AC37B}] => (Allow) C:\Users\magko\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{493E2D3A-7508-483E-95DD-2F8EB1D8B04B}] => (Allow) C:\Users\magko\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{079B41BF-5EA9-4A54-ADF5-A9F2773B1CDC}] => (Allow) C:\Users\magko\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{19F64E5F-7841-4FB1-BF21-27615559542E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{0EB26885-AB79-4FB0-94EA-1361AFAAAC99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{EF416A29-29DC-4E3A-A49D-9C63FE5EB20A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E1F20A7C-3CA6-49C5-B65E-66399A43FF50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6276F1FE-8519-47D2-B135-27E8200118E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{60ADC6C5-11FE-4710-B537-A615EF048E24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{62D47B27-9E4C-4346-B838-1D90ADEA4E93}C:\program files\autodesk\autodesk adsso\qtwebengineprocess.exe] => (Block) C:\program files\autodesk\autodesk adsso\qtwebengineprocess.exe (The Qt Company Oy -> The Qt Company Ltd.) FirewallRules: [UDP Query User{EE849BF3-F851-4599-90B8-E3E9F3B7FC27}C:\program files\autodesk\autodesk adsso\qtwebengineprocess.exe] => (Block) C:\program files\autodesk\autodesk adsso\qtwebengineprocess.exe (The Qt Company Oy -> The Qt Company Ltd.) FirewallRules: [{A46D9405-A443-43FA-BADC-686975990990}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2988D1FB-1902-451B-9B2F-0E13ABEF2D12}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{12086BD3-6A4D-4B18-91B1-331BD40C9E5C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A108022D-F806-4E18-A516-F0F0F583D63E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{91B207E3-A276-4527-A545-0EF4AAE3D268}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4D909924-18ED-451F-8C37-BFA4A537EBC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{11100D70-B827-45DE-9476-DA7BC6F0C404}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{42748DD1-4927-4577-9712-C314BF1F1325}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{5265AECD-463B-4E90-BCE3-A9F5AA2EEA78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{19C1CF96-B014-4F3A-9CE8-EC473BFDFE73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E4B75161-AF65-4073-888D-6E4D9F7AF65D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E2E844CC-DE76-497A-A312-BFF96AD77C6C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{8F966F4C-0F9D-4A7A-9468-F4B240811496}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{5F36F487-EA48-4C65-A106-44F2FA8776C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F2AEAE02-0386-4FE3-B5E7-628E907A35CE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server ==================== Restore Points ========================= 19-09-2023 21:18:17 Windows Update 23-09-2023 09:37:18 Windows Update 27-09-2023 11:17:20 Windows Update 01-10-2023 09:37:28 Windows Update ==================== Faulty Device Manager Devices ============ Name: USB AUDIO Description: USB Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: (Generic USB Audio) Service: usbaudio Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (09/30/2023 06:55:41 PM) (Source: Application Error) (EventID: 1000) (User: MAGDALENA) Description: Faulting application name: msteamsupdate.exe, version: 23247.1113.2398.2671, time stamp: 0x650d683e Faulting module name: msteamsupdate.exe, version: 23247.1113.2398.2671, time stamp: 0x650d683e Exception code: 0xc0000005 Fault offset: 0x0000000000063ddb Faulting process id: 0x0x2cc8 Faulting application start time: 0x0x1d9f40a612fd869 Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe Faulting module path: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe Report Id: f175bc36-d91b-4fcc-8eb5-c8133278c1fe Faulting package full name: MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe Faulting package-relative application ID: msteamsupdate Error: (09/29/2023 09:30:28 AM) (Source: Application Error) (EventID: 1000) (User: MAGDALENA) Description: Faulting application name: GameBar.exe, version: 5.823.7272.0, time stamp: 0x64c2ed0d Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000005 Fault offset: 0x000000000002d95e Faulting process id: 0x0x35ac Faulting application start time: 0x0x1d9f2f23495d5e8 Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 7ff09b40-94b3-4508-8cef-a0a00dacc553 Faulting package full name: Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (09/27/2023 03:13:40 PM) (Source: Application Error) (EventID: 1000) (User: MAGDALENA) Description: Faulting application name: msteamsupdate.exe, version: 23231.415.2374.2125, time stamp: 0x65000854 Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000409 Fault offset: 0x000000000007f61e Faulting process id: 0x0x6670 Faulting application start time: 0x0x1d9f18fdcdc41ed Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.415.2374.2125_x64__8wekyb3d8bbwe\msteamsupdate.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 405dea69-3062-4374-981b-8c66fd46cc87 Faulting package full name: MicrosoftTeams_23231.415.2374.2125_x64__8wekyb3d8bbwe Faulting package-relative application ID: msteamsupdate Error: (09/27/2023 02:30:08 PM) (Source: Application Error) (EventID: 1000) (User: MAGDALENA) Description: Faulting application name: GameBar.exe, version: 5.823.7272.0, time stamp: 0x64c2ed0d Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000005 Fault offset: 0x000000000002d95e Faulting process id: 0x0x5af0 Faulting application start time: 0x0x1d9f189c8acc2e8 Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: f7ea54e2-e2bf-42b5-ab37-5d7170a06fa2 Faulting package full name: Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (09/27/2023 10:41:02 AM) (Source: Application Error) (EventID: 1000) (User: MAGDALENA) Description: Faulting application name: GameBar.exe, version: 5.823.7272.0, time stamp: 0x64c2ed0d Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000005 Fault offset: 0x000000000002d92d Faulting process id: 0x0x163c Faulting application start time: 0x0x1d9ea49054bdc61 Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 91f58096-5c9e-4228-81ea-858ec885dd99 Faulting package full name: Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (09/27/2023 09:08:28 AM) (Source: Application Error) (EventID: 1000) (User: MAGDALENA) Description: Faulting application name: msteamsupdate.exe, version: 23231.415.2374.2125, time stamp: 0x65000854 Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000409 Fault offset: 0x000000000007f61e Faulting process id: 0x0x834 Faulting application start time: 0x0x1d9f15cd9dcb821 Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.415.2374.2125_x64__8wekyb3d8bbwe\msteamsupdate.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 7117f0c8-1c51-4c93-b8fc-91a8fc608873 Faulting package full name: MicrosoftTeams_23231.415.2374.2125_x64__8wekyb3d8bbwe Faulting package-relative application ID: msteamsupdate Error: (09/26/2023 04:26:01 PM) (Source: Application Error) (EventID: 1000) (User: MAGDALENA) Description: Faulting application name: msteamsupdate.exe, version: 23231.415.2374.2125, time stamp: 0x65000854 Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000409 Fault offset: 0x000000000007f61e Faulting process id: 0x0x2fb4 Faulting application start time: 0x0x1d9f0d0ce5cabbf Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.415.2374.2125_x64__8wekyb3d8bbwe\msteamsupdate.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 7a09245f-1092-4101-b934-af1471a36f68 Faulting package full name: MicrosoftTeams_23231.415.2374.2125_x64__8wekyb3d8bbwe Faulting package-relative application ID: msteamsupdate Error: (09/26/2023 10:25:22 AM) (Source: Application Error) (EventID: 1000) (User: MAGDALENA) Description: Faulting application name: msteamsupdate.exe, version: 23231.415.2374.2125, time stamp: 0x65000854 Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000409 Fault offset: 0x000000000007f61e Faulting process id: 0x0x6850 Faulting application start time: 0x0x1d9f09e6c5df6cf Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.415.2374.2125_x64__8wekyb3d8bbwe\msteamsupdate.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 8804fb97-0323-4da5-81ac-530d89aeec24 Faulting package full name: MicrosoftTeams_23231.415.2374.2125_x64__8wekyb3d8bbwe Faulting package-relative application ID: msteamsupdate System errors: ============= Error: (10/01/2023 09:37:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MZ95KL8MR0L-Microsoft.ScreenSketch. Error: (09/30/2023 09:02:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MZ95KL8MR0L-Microsoft.ScreenSketch. Error: (09/29/2023 07:41:27 AM) (Source: Tcpip) (EventID: 4199) (User: ) Description: The system detected an address conflict for IP address 2600:1700:ccc0:1180::49 with the system having network hardware address 36-57-B4-63-85-45. Network operations on this system may be disrupted as a result. Error: (09/28/2023 01:14:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (09/27/2023 11:18:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (09/23/2023 09:37:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS. Error: (09/21/2023 10:15:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS. Error: (09/20/2023 07:53:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS. Windows Defender: ================ Date: 2023-10-01 09:42:23 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-09-30 09:01:28 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-09-29 08:00:20 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-09-28 08:02:08 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-09-27 11:16:52 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0] Date: 2023-04-05 08:36:52 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.387.22.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.20200.4 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =============== Date: 2023-09-18 10:59:43 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-08-14 07:25:32 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-07-25 08:37:04 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-07-24 13:21:17 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 0401 07/22/2021 Motherboard: Asus PRIME B560-PLUS AC-HES Processor: 11th Gen Intel(R) Core(TM) i5-11600KF @ 3.90GHz Percentage of memory in use: 95% Total physical RAM: 16217.41 MB Available physical RAM: 723.6 MB Total Virtual: 53031.18 MB Available Virtual: 28535.73 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:464.97 GB) (Free:134.67 GB) (Model: WD Blue SN570 500GB) NTFS \\?\Volume{bdc6fa4e-c229-4568-ac24-6cec9941b1e8}\ () (Fixed) (Total:0.67 GB) (Free:0.08 GB) NTFS \\?\Volume{ae97ed2b-859d-4c21-b7c8-f69359d2a2bd}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 4B7400D7) Partition: GPT. ==================== End of Addition.txt =======================