security problem

Hi all I have a really odd and very annoying problem,to start at the beginning,a little while back I downloaded a program called VLC media player,just to play some dvds via a external drive I have.

Now I hardly ever dl anything and I'm always careful,I used what I was sure what their legit site,and it seems,although I can't be sure but as this is the only program I have dl,recently I picked up a unwanted passenger,namely reason labs,and it installed without me knowing, and took over as the main "protection" I took ages to try and get rid of it,I stopped all the services and managed,at least I thought to get rid of it!

Now here is the problem,I just noticed today that under security on boot everything is fine,but after about ten mins or so virus is greyed out,and firewall says it is using setting that make this device unsafe,now just to make it more interesting,I left it alone,closed the security window and then retried the security page,and everything was back,firewall was up and virus was working,does anyone have any ideas as to why this is happening?

I have checked my win dri drive and everything regarding reason is now gone,BUT I have found two folder related,one is RAVPNBackup in c prpgram data and the other is RAV endpoint protection in c users username appdata roaming,is it safe for me to just delete these folders?

Run AdwCleaner from Malwarebytes HERE.
I would also follow this guide to check what is leftover.

Just a word of caution for anyone not familiar with the process, sometimes a free utility will have extras bundled with the installer, everything from browser extensions to AV solutions, they rely on the end user not paying attention when running the downloaded utilities install and just clicking 'I Accept' 'Default Install' and 'Next'.
Most of the time these bundled extras are harmless but not wanted and can be extremely difficult to track down and uninstall cleanly.
Of course the installer can also harbour malware/ ransomware/ keyloggers etc, so it pays to only download from the developers site if possible and check a download with Virus Total/ review sites or similar before running it.

@Harleygjc ,
Malwarebytes AdwCleaner >>> Download AdwCleaner

Please download AdwCleaner and save it to your Desktop

• Close all open programs and browsers
• Right click on the icon and select Run as administrator
• Click Scan now
• Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
• When completed click View Scan Log File
• Copy and paste the contents in your reply
• Click Skip Basic Repair if it appears then close the program

====================================

Full System Scan with Malwarebytes Antimalware >>> Malware Removal 2023 | Free Antivirus | 100% Free & Easy Install

• If not existing, please download Malwarebytes' Anti-Malware to your desktop.
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

• If the program is already installed:
• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
* Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
*** Post that log back here or just tell me what it found ?
If it is to long then you will have to zip it or find a site to download it to & let me know where !

You can just tell me if either programs found anything ??

ok I booted up today,left it for a few mins as was feeding the dogs,came back and looked,same issue,virus wasn't working and the same message with the firewall,closed it and tried again and it was back running as "normal"
@flash4 log for adw is here
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-04-2023
# Duration: 00:00:03
# OS: Windows 11 (Build 22621.1778)
# Scanned: 32074
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1454 octets] - [03/06/2023 21:43:13]
AdwCleaner[C00].txt - [1624 octets] - [03/06/2023 21:43:44]
AdwCleaner[S01].txt - [1542 octets] - [03/06/2023 21:48:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

ran malware also,didn't give me a log though,nor could I find one but came back saying I was squeaky clean! one other thing I have noticed if I start up a program called steam it throws a major wobbler on the security, the virus will stop and the firewall will give me the same message again,when I close steam it will go back to normal! I have no idea why it would affect the security that way as they are on separate drives,windows is on the C drive and steam is HDD drive designated E.

A rough guess would be that your firewall settings have been changed to off for public and private networks & also your Defender has been disabled at start up. It seems like both firewall and Defender are only starting on demand, hence the message about being at risk.
You need to give some more detailed information about the firewall and anti virus you use by default as I am just assuming they are the Microsoft Windows defaults.
Can you provide a screenshot of your Taskmanager Startup tab showing the status of any listed anti virus and the general settings for your firewall, you can use Paint or similar to mask out any personal information you want to obscure.

For your reference if you are using Windows Defender and Windows default settings your firewall page might look like this:

Attached is the startup in task manager,I am using the built in windows virus and firewallas default,never used anything else,and yes my security page looks like the image you posted, for the last few hrs today everything seems to be working as normal,no message and virus is working fine,I did notice in the startup tab that it says defender is disabled,not something I have done as I never fiddle with anything,should I set that as enabled?

It is possible that another anti virus has disabled Defender (you can run more than one anti virus at a time, Defender is designed to take a back seat when another anti virus solution is in use).
If you only want to use Defender then you can set that entry back to enabled but I would also check to see if any ohter anti virus app has been installed, maybe without your knowledge, as part of another apps install package and uninstall it.
Control panel and/ or System settings, Apps should show any on your system.

Far as I can see,all I have listed under add/remove and system setting is prgrams I have installed,nothing else is listed other than Malwareabytes which is turned off,it's odd if I open the security panel one minute it will show me the firewall errer message,then close and reopen and it's back to normal! perhaps I have a glitch.

I searched RAV Endpoint Protection and came across this article:


It could be that you have parts of this running after installing VLC Media Player. If you haven't, I'd uninstall VLC to see if that resolves the issue.

There could be some registry entries causing this.

@Harleygjc , do not have more than 1 antivirus running at the same time, they wiil & have been known to fight with each other ! Thanks for the "log" yeah that shows you are clean & if Malwarebytes said you were them it's usually good. I could have you do a more complete scan with a different program but i think you are good to go ! Just make sure your firewall & Defender are turned on.

@Flash4 I read about that years ago, and have never had two running at once,I still have no idea where I picked this rubbish up from,I asked vlc about it and they said they do not bundle software with the download,I'm still having the odd blip where one min it's working next it's not and then it is again,I've noticed that everytime I start up and then shutdown steam it happens! no idea why but as it seems to come back to normal after a while I guess I'll just have to ignore it!

@Harleygjc have you deleted steam & then installed it again ?

Harleygjc said:

I still have no idea where I picked this rubbish up from,I asked vlc about it and they said they do not bundle software with the download,

Click to expand...

I have used VLC for awhile without issues. Never noticed any attempted addons for bundled software. Best to download from the official VLC site in lieu of 3rd party if you did not.

Would a System Restore help the issue ?

@flashh4 I booted up the other day and left the system idle for a few mins,came back and checked and it had done it without steam running,so it can't be that! not really wanting to remove/reinstall steam I always find it plays up with me.

@csun I used vlc on my old system for years and never had any issues,I always make sure I d/l from the offical site so I have no idea how I got this crap,I very rarely d/l anything and am always careful,not keen on a restore,I tried it years ago on a old 95 system and it was never stable afterwards!

@Harleygjc if you would like for me to take a deep look at your system you can run Farbar this must be downloaded to your desk top ! These logs will be very long, you may have to zip them up or just send to my email at [email protected] !!

Download Farbar Recover Scan Tool for 64 bit systems <<<< Downloading Farbar Recovery Scan Tool >>> and save it to your Desktop. <<< Important
If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
Right click on the icon and select Run as administrator
Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
Click Yes to the disclaimer
Click Scan and allow the program to run
Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
2 Notepad documents should now be open on your desktop.
Please copy and paste the contents of each report in separate reply windows

Follow @flashh4 's advice, this is just a note to consider.

Had similar issues with pre-installed McAfee and even though I removed it with it's own removal tool it still affected the way Defender worked.
The Fix for me was to install Everything by Voidtools and do a search with it for McAfee and I removed everything connected with it that's allowed to be removed. You could do the same using 'Rav antivirus' or 'Reason Security' as search examples.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023
Ran by Harle (administrator) on GMAINPC (PCSpecialist Cypher G70) (08-06-2023 14:40:13)
Running from C:\Users\Harle\Desktop\FRST64.exe
Loaded Profiles: Harle
Platform: Microsoft Windows 11 Home Version 22H2 22621.1778 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
(explorer.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\System32\GigabyteUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c984e9ce714075ab\RtkAudUService64.exe <2>
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.11600.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c984e9ce714075ab\RtkAudUService64.exe [1345104 2021-09-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [13137232 2023-05-30] (SteelSeries ApS -> SteelSeries ApS)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-267369651-1272909813-2013845668-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-267369651-1272909813-2013845668-1001\...\MountPoints2: {f91fda1b-73fa-11ed-a26b-00d49e638ff2} - "F:\iLinker.exe"
HKU\S-1-5-21-267369651-1272909813-2013845668-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [253952 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-07] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15CCF5DA-805C-436E-BEE3-D776E1A4D538} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C2ABD61-EFF4-4B0D-B5E1-FB0567446A20} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3463061D-75E4-4F15-994D-576ADFFFE56D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4857F7A5-22A2-48F2-B5BD-4FB0CFA1C3FB} - System32\Tasks\GoogleUpdateTaskMachineUA{DDA872D6-1712-41A1-96A0-EEDFF730CEC2} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-27] (Google LLC -> Google LLC)
Task: {51E4BF9B-1CF2-4FA7-B613-041FAAB91B2D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {535BAA4F-2FCB-42DB-B76A-864573F8F952} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {572A72AF-866C-4524-81D6-F31F4CF11E85} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DBA1C91-6395-46A3-A249-EFDADCCF3068} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {603A3B70-A7B9-403B-ADED-AEE474B51C55} - System32\Tasks\GoogleUpdateTaskMachineCore{BC30DC77-88D1-45AF-AB62-89DAEF0062B3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-27] (Google LLC -> Google LLC)
Task: {6076EBB2-54DA-4FBC-954A-50BFD1D917C8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6124EE08-73AD-4BF7-9D59-4B9FCB1CC803} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6EA547A6-0D4D-4D2F-A210-AF7277A00B78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {81BF9E79-ED43-46B1-ADEF-9782193FDE28} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {941A4EC2-BBE9-439B-8077-793F98F7C0CB} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170456 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {96C6CBA1-E490-413F-8486-4671740BACB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9850ED97-BF90-4AA0-9633-93FF14C0152A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157544 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC2ADAF3-7418-43F2-9F01-A38E1DAF5E7A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC61F615-305A-4C2B-B2E7-39D0BD41D00E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF316225-4343-41A8-8DA6-69D2E9EF8DAD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {F02B3173-B314-4238-9992-ACE2C77842E3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157544 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{eff7c411-1540-4c62-86f3-926c6a33fbee}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\Harle\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-03]
Edge HomePage: Default -> hxxps://www.google.co.uk/
Edge StartupUrls: Default -> "hxxps://talktalk.co.uk/"
Edge NewTab: Default -> Active:"chrome-extension://onagfgjlokaciajhjmajljcfanonbmia/index.html"
Edge Extension: (Edge relevant text changes) - C:\Users\Harle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-24]
Edge Extension: (Custom New Tab) - C:\Users\Harle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\onagfgjlokaciajhjmajljcfanonbmia [2023-03-31]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-11-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-11-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-28] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Harle\AppData\Local\Google\Chrome\User Data\Default [2023-06-08]
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.talktalk.co.uk/"
CHR NewTab: Default -> Active:"chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Harle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-04-26]
CHR Extension: (Adblock for Youtube™) - C:\Users\Harle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2023-05-25]
CHR Extension: (Google Docs Offline) - C:\Users\Harle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-18]
CHR Extension: (New Tab Redirect) - C:\Users\Harle\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2022-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Harle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-27]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2022-11-26] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11774392 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11574888 2023-05-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-12-01] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2022-11-26] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2023-04-19] (Epic Games Inc. -> Epic Games, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [347408 2022-10-03] (Underwriters Laboratories Inc. -> Futuremark)
S3 GalaxyClientService; E:\GOG Galaxy\GalaxyClientService.exe [2348000 2023-05-06] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7178720 2023-05-06] (GOG sp. z o.o -> GOG.com)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9255384 2023-06-04] (Malwarebytes Inc. -> Malwarebytes)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35152 2023-05-30] (SteelSeries ApS -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 GigabyteUpdateService; C:\windows\system32\GigabyteUpdateService.exe [869032 2023-06-03] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 NVDisplay.ContainerLocalSystem; C:\windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 rsDNSClientSvc; C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe [X]
S2 rsDNSResolver; "C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe" [X]
S2 rsDNSSvc; "C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 BTWUSB; C:\windows\System32\Drivers\btwusb.sys [75560 2022-11-26] (Broadcom Corporation -> Broadcom Corporation.)
R1 CTIIO; C:\windows\system32\drivers\CtiIo64.sys [32296 2022-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S3 gdrv3; C:\windows\System32\drivers\gdrv3.sys [45248 2022-11-23] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [18432 2019-12-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 iaLPSS2_GPIO2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_e11257f05c0c2f89\iaLPSS2_GPIO2_ADL.sys [139928 2021-07-29] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_778b19a5f4d49cba\iaLPSS2_I2C_ADL.sys [202896 2021-07-29] (Intel Corporation -> Intel Corporation)
S0 iaStorVD; C:\windows\System32\drivers\iaStorVD.sys [1587944 2021-12-15] (Intel Corporation -> Intel Corporation)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2023-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239544 2023-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKslac18e25d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9F503948-1D9C-45B2-9654-B8F7529310C2}\MpKslDrv.sys [213288 2023-06-08] (Microsoft Windows -> Microsoft Corporation)
R3 NvModuleTracker; C:\windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-10-26] (Nvidia Corporation -> NVIDIA Corporation)
S3 rsDwf; C:\windows\system32\DRIVERS\rsDwf.sys [54144 2023-04-27] (Reason CyberSecurity Inc. -> Reason CyberSecurity Inc.)
R3 ssdevfactory; C:\windows\System32\drivers\ssdevfactory.sys [42912 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 sshid; C:\windows\System32\drivers\sshid.sys [44456 2023-03-13] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 SteelSeries_Sonar_VAD; C:\windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys [95440 2023-03-17] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [49616 2023-06-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [498984 2023-06-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-06-01] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz154; \??\C:\windows\temp\cpuz154\cpuz154_x64.sys [X]
S3 DIRECTIO; \??\C:\Windows\pcsinstall\BurnTest\DirectIo64.sys [X]
S3 HWiNFO_165; \??\C:\Users\ADMINI~1\AppData\Local\Temp\HWiNFO64A_165.SYS [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-08 14:40 - 2023-06-08 14:40 - 000020476 _____ C:\Users\Harle\Desktop\FRST.txt
2023-06-08 14:33 - 2023-06-08 14:40 - 000000000 ____D C:\FRST
2023-06-08 12:28 - 2023-06-08 12:28 - 002383360 _____ (Farbar) C:\Users\Harle\Desktop\FRST64.exe
2023-06-06 17:51 - 2023-06-07 12:26 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-06-04 09:28 - 2023-06-04 09:29 - 000000000 ____D C:\Users\Harle\AppData\Local\Malwarebytes
2023-06-04 09:28 - 2023-06-04 09:28 - 002638680 _____ (Malwarebytes) C:\Users\Harle\Downloads\MBSetup.exe
2023-06-04 09:28 - 2023-06-04 09:28 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-06-04 09:28 - 2023-06-04 09:28 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-06-04 09:28 - 2023-06-04 09:28 - 000000000 ____D C:\Users\Harle\AppData\Local\mbam
2023-06-04 09:28 - 2023-06-04 09:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-06-04 09:28 - 2023-06-04 09:28 - 000000000 ____D C:\Program Files\Malwarebytes
2023-06-04 09:25 - 2023-06-04 09:25 - 008791352 _____ (Malwarebytes) C:\Users\Harle\Downloads\AdwCleaner (1).exe
2023-06-03 21:42 - 2023-06-03 21:43 - 000000000 ____D C:\AdwCleaner
2023-06-03 21:42 - 2023-06-03 21:42 - 008791352 _____ (Malwarebytes) C:\Users\Harle\Downloads\adwcleaner.exe
2023-06-03 14:43 - 2023-06-03 14:44 - 000000000 ___HD C:\$WinREAgent
2023-05-26 18:32 - 2023-05-26 18:32 - 000000000 ____D C:\Users\Harle\AppData\LocalLow\Harebrained Schemes
2023-05-26 15:16 - 2023-05-26 15:16 - 000000000 ____D C:\Users\Harle\AppData\LocalLow\Vertigo Games
2023-05-23 13:00 - 2023-05-23 13:05 - 000000000 ____D C:\Users\Harle\AppData\Roaming\Process Hacker 2
2023-05-23 12:54 - 2023-05-23 12:54 - 002267848 _____ (wj32 ) C:\Users\Harle\Downloads\processhacker-2.39-setup.exe
2023-05-13 18:24 - 2023-05-13 18:25 - 000000000 ____D C:\Users\Harle\Documents\Assassin's Creed Odyssey
2023-05-13 12:38 - 2023-05-13 12:52 - 000000000 ____D C:\Users\Harle\AppData\Roaming\Surviving Mars
2023-05-12 20:05 - 2023-05-22 16:44 - 000001592 _____ C:\windows\system32\rsEngine.Core.err
2023-05-12 20:05 - 2023-05-12 20:05 - 000000000 ____D C:\ProgramData\RAVVPNBackup
2023-05-09 13:22 - 2023-05-17 13:30 - 000000000 ____D C:\Users\Harle\AppData\LocalLow\Lince Works

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-08 14:09 - 2022-11-27 05:57 - 000000000 ____D C:\Users\Harle\AppData\Local\D3DSCache
2023-06-08 14:07 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-08 13:43 - 2022-11-27 06:07 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-08 12:29 - 2022-11-26 18:46 - 000000000 ____D C:\Users\Harle\AppData\LocalLow\Mozilla
2023-06-08 12:25 - 2022-11-23 05:03 - 000000000 ____D C:\ProgramData\NVIDIA
2023-06-08 12:24 - 2022-11-26 18:46 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-06-08 12:20 - 2022-11-23 05:04 - 000804932 _____ C:\windows\system32\PerfStringBackup.INI
2023-06-08 12:20 - 2022-05-07 06:22 - 000000000 ____D C:\windows\INF
2023-06-08 12:17 - 2022-11-23 04:59 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-08 12:17 - 2022-11-23 04:59 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-08 12:17 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-08 12:17 - 2022-05-07 06:24 - 000000000 ____D C:\windows\AppReadiness
2023-06-08 12:16 - 2022-11-27 05:58 - 000000000 ___RD C:\Users\Harle\OneDrive
2023-06-08 12:16 - 2022-11-27 05:57 - 000000000 ____D C:\Users\Harle\AppData\Local\Packages
2023-06-08 12:16 - 2022-05-07 06:24 - 000000000 ____D C:\windows\SystemTemp
2023-06-07 18:31 - 2022-11-26 18:49 - 000000000 ____D C:\Users\Harle\AppData\Roaming\WeMod
2023-06-07 18:29 - 2022-11-26 20:29 - 000000000 ____D C:\Users\Harle\AppData\Local\CrashDumps
2023-06-07 17:32 - 2022-11-26 16:32 - 000000000 ____D C:\Users\Harle\AppData\Local\Ubisoft Game Launcher
2023-06-07 14:45 - 2022-11-23 05:02 - 000000000 ____D C:\Program Files\Microsoft Office
2023-06-07 12:26 - 2022-11-26 18:45 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-06-07 12:26 - 2022-11-26 18:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-06-07 12:21 - 2022-11-27 06:07 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-07 12:21 - 2022-11-27 06:07 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-06-06 12:15 - 2022-11-23 04:59 - 000000000 ____D C:\windows\system32\SleepStudy
2023-06-04 09:32 - 2022-05-07 06:17 - 000032768 _____ C:\windows\system32\config\ELAM
2023-06-04 09:28 - 2022-05-07 06:24 - 000000000 ___HD C:\windows\ELAMBKUP
2023-06-03 21:54 - 2022-11-23 05:00 - 000091304 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\windows\system32\GigabyteDownloadAssistant.exe
2023-06-03 21:54 - 2022-11-23 04:59 - 000882856 _____ C:\windows\system32\wpbbin.exe
2023-06-03 21:54 - 2022-11-23 04:59 - 000869032 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\windows\system32\GigabyteUpdateService.exe
2023-06-03 21:54 - 2022-11-23 04:59 - 000012288 ___SH C:\DumpStack.log.tmp
2023-06-03 21:54 - 2022-11-23 04:59 - 000000006 ____H C:\windows\Tasks\SA.DAT
2023-06-03 21:53 - 2022-05-07 06:17 - 000786432 _____ C:\windows\system32\config\BBI
2023-06-03 21:46 - 2022-11-26 16:39 - 000000000 ____D C:\Users\Harle\AppData\Roaming\steelseries-gg-client
2023-06-03 14:52 - 2022-11-23 04:59 - 000481128 _____ C:\windows\system32\FNTCACHE.DAT
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\WUModels
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\UUS
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\SysWOW64\Dism
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\SystemResources
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\WinMetadata
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\Dism
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\ShellExperiences
2023-06-03 14:51 - 2022-05-07 06:24 - 000000000 ____D C:\windows\bcastdvr
2023-06-03 14:51 - 2022-05-07 06:17 - 000000000 ____D C:\windows\servicing
2023-06-03 14:46 - 2022-05-07 06:17 - 000000000 ____D C:\windows\CbsTemp
2023-06-03 14:45 - 2022-11-23 05:02 - 003211776 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2023-06-02 14:50 - 2023-04-29 13:17 - 000000000 ____D C:\Users\Harle\AppData\Local\ElevatedDiagnostics
2023-06-01 12:08 - 2022-11-27 05:58 - 000003588 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-267369651-1272909813-2013845668-1001
2023-06-01 12:08 - 2022-11-27 05:58 - 000003362 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-267369651-1272909813-2013845668-1001
2023-06-01 12:08 - 2022-11-27 05:58 - 000002386 _____ C:\Users\Harle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-01 12:08 - 2022-11-23 04:59 - 000000000 ____D C:\windows\system32\Drivers\wd
2023-05-26 18:33 - 2022-11-26 17:27 - 000000000 ____D C:\Users\Harle\Documents\My Games
2023-05-18 17:38 - 2022-11-27 06:07 - 000003790 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA{DDA872D6-1712-41A1-96A0-EEDFF730CEC2}
2023-05-18 17:38 - 2022-11-27 06:07 - 000003666 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore{BC30DC77-88D1-45AF-AB62-89DAEF0062B3}
2023-05-17 18:25 - 2022-11-26 18:49 - 000002176 _____ C:\Users\Harle\Desktop\WeMod.lnk
2023-05-17 18:25 - 2022-11-26 18:49 - 000000000 ____D C:\Users\Harle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2023-05-17 18:25 - 2022-11-26 18:49 - 000000000 ____D C:\Users\Harle\AppData\Local\WeMod
2023-05-17 18:24 - 2022-11-26 18:49 - 000000000 ____D C:\Users\Harle\AppData\Local\SquirrelTemp
2023-05-17 12:03 - 2022-11-27 05:57 - 000000000 ____D C:\Users\Harle\AppData\Local\NVIDIA
2023-05-16 12:11 - 2022-11-23 05:00 - 000000000 ____D C:\ProgramData\Packages
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ___SD C:\windows\system32\UNP
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ___RD C:\windows\PrintDialog
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\WinBioPlugIns
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\ShellExperiences
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\Sgrm
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\SecureBootUpdates
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\PerceptionSimulation
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\oobe
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\ShellComponents
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\Provisioning
2023-05-12 20:04 - 2022-05-07 06:24 - 000000000 ____D C:\windows\PolicyDefinitions
2023-05-12 14:32 - 2022-11-26 18:04 - 000000000 ____D C:\windows\system32\MRT
2023-05-12 14:31 - 2022-11-26 18:04 - 159583304 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2023-05-12 14:31 - 2022-05-07 07:10 - 000036864 _____ (Microsoft Corporation) C:\windows\system32\OEMDefaultAssociations.dll
2023-05-12 14:31 - 2022-05-07 07:10 - 000023775 _____ C:\windows\system32\OEMDefaultAssociations.xml
2023-05-12 11:54 - 2022-11-23 04:59 - 000003536 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-12 11:54 - 2022-11-23 04:59 - 000003412 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-05-11 13:40 - 2022-12-10 14:02 - 000165376 _____ (Microsoft Corporation) C:\windows\system32\gamelaunchhelper.dll
2023-05-11 13:40 - 2022-12-10 14:02 - 000131072 _____ (Microsoft Corporation) C:\windows\system32\gamingtcuihelpers.dll
2023-05-11 13:40 - 2022-12-10 14:02 - 000079312 _____ (Microsoft Corporation) C:\windows\system32\xgamehelper.exe
2023-05-11 13:40 - 2022-12-10 14:02 - 000062968 _____ (Microsoft Corporation) C:\windows\system32\xgamecontrol.exe
2023-05-11 13:40 - 2022-11-27 06:13 - 002794960 _____ (Microsoft Corporation) C:\windows\system32\xgameruntime.dll
2023-05-11 13:40 - 2022-11-27 06:13 - 000488912 _____ (Microsoft Corporation) C:\windows\system32\gameplatformservices.dll
2023-05-11 13:40 - 2022-11-27 06:13 - 000247248 _____ (Microsoft Corporation) C:\windows\system32\gamingservicesproxy.dll
2023-05-11 13:40 - 2022-11-27 06:13 - 000202192 _____ (Microsoft Corporation) C:\windows\system32\gameconfighelper.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

log one

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by Harle (08-06-2023 14:40:49)
Running from C:\Users\Harle\Desktop
Microsoft Windows 11 Home Version 22H2 22621.1778 (X64) (2022-11-27 04:50:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-267369651-1272909813-2013845668-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-267369651-1272909813-2013845668-503 - Limited - Disabled)
Guest (S-1-5-21-267369651-1272909813-2013845668-501 - Limited - Disabled)
Harle (S-1-5-21-267369651-1272909813-2013845668-1001 - Administrator - Enabled) => C:\Users\Harle
WDAGUtilityAccount (S-1-5-21-267369651-1272909813-2013845668-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
Assassin's Creed Odyssey (HKLM-x32\...\Uplay Install 5059) (Version: - Ubisoft)
Assassin's Creed Origins (HKLM-x32\...\Uplay Install 3539) (Version: - Ubisoft)
Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: - Ubisoft)
Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version: - Ubisoft)
Clive Barker's Undying (HKLM-x32\...\1207659191_is1) (Version: 1.1 hotfix - GOG.com)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: 1.62_PT_Hotfix - GOG.com)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.184.0.5441 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{4cb062ac-aedd-40b3-a14c-c7fa45784907}) (Version: 12.184.0.5441 - Electronic Arts)
ENE_AIC_Marvell_HAL (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden
ENE_AIC_Marvell_HAL (HKLM-x32\...\{887e18fb-6bc3-4cd4-b34e-32d9ff71bbae}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{40514BA6-1FC2-4BBD-84A2-504634A97196}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{ca38f41e-a37c-41b2-82e3-28b215743448}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{6b617af3-c8f4-45a8-bf47-b32ffb4da1cc}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.10.4 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{38581c7d-8a6c-4129-9046-8f5df621478b}) (Version: 1.0.10.4 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{bf256b46-8ff7-48be-ab7f-5661e9a0651f}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32\...\{ec10ac91-2e61-460a-b493-33f794a07682}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{20235E2B-1E9F-473D-A215-B2467F1F06E3}) (Version: 1.3.51.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
EverQuest II (HKU\S-1-5-21-267369651-1272909813-2013845668-1001\...\DGC-EverQuest II) (Version: 1.0.3.197 - Daybreak Game Company)
Far Cry 6 (HKLM-x32\...\Uplay Install 5266) (Version: - Ubisoft)
Futuremark SystemInfo (HKLM-x32\...\{A05A1785-B718-47EF-9EE7-2F82F729D208}) (Version: 5.53.1130.0 - Futuremark)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.62.26 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.110 - Google LLC)
HCS Tools version 1.69 (HKLM-x32\...\{D3659B78-75B0-4571-A23D-899D23C6A2C9}_is1) (Version: 1.69 - HCS VoicePacks Ltd)
HCS VoicePack Minus version Singularity and Event Horizon (HKLM-x32\...\{2CC227FC-3C41-4F56-A2D9-A6F146309865}_is1) (Version: Singularity and Event Horizon - HCS VoicePacks Ltd)
Java 8 Update 351 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180351F0}) (Version: 8.0.3510.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.29.268 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.29.268 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16501.20196 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.37 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-267369651-1272909813-2013845668-1001\...\OneDriveSetup.exe) (Version: 23.101.0514.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.5.0 - Mozilla)
Mozilla Thunderbird (x64 en-GB) (HKLM\...\Mozilla Thunderbird 102.11.2 (x64 en-GB)) (Version: 102.11.2 - Mozilla)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 526.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.98 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11929.20708 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Paradox Launcher v2 (HKLM\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.1 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{07236f40-ec25-4646-8cb6-b6aaf1597324}) (Version: 1.1.0.1 - Patriot Memory) Hidden
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.22.1102.1 - Gigabyte)
Sky Go 23.2.2.0 (HKU\S-1-5-21-267369651-1272909813-2013845668-1001\...\com.bskyb.skygoplayer_is1) (Version: 23.2.2.0 - Sky)
STAR WARS™: Squadrons (HKLM-x32\...\{04e47f47-22cd-436d-a373-472125e7fcd6}) (Version: 1.0.10.39591 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 39.0.0 (HKLM\...\SteelSeries GG) (Version: 39.0.0 - SteelSeries ApS)
The Thing (HKLM-x32\...\{632B286A-CD76-47A4-8C34-1AF49B08CEA3}) (Version: - )
Thief Gold (HKLM-x32\...\1207658997_is1) (Version: 1.26 ND - GOG.com)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 136.2.10786 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
VoiceAttack version 1.10.3 (HKLM-x32\...\{D6EDF6DB-029E-4A34-A3A0-D960CB0FCB2A}_is1) (Version: 1.10.3 - VoiceAttack.com)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Watch Dogs Legion (HKLM-x32\...\Uplay Install 3353) (Version: - Ubisoft)
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WeMod (HKU\S-1-5-21-267369651-1272909813-2013845668-1001\...\WeMod) (Version: 8.9.0 - WeMod)

Packages:
=========
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-08] (Apple Inc.) [Startup Task]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14003.0_x64__8wekyb3d8bbwe [2023-05-17] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
ms-resource:app_name_ms_todo -> C:\Program Files\WindowsApps\Microsoft.Todos_2.97.61391.0_x64__8wekyb3d8bbwe [2023-05-29] (Microsoft Corporation) [Startup Task]
ms-resource:AppDisplayName -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.16.0_x64__qmba6cd70vzyy [2023-04-21] (ASUSTeK COMPUTER INC.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-28] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.28.255.0_x64__dt26b99r8h8gj [2023-03-28] (Realtek Semiconductor Corp)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-08] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-08] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\nvshext.dll [2022-11-15] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-04] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssv.dll [2022-11-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2ssv.dll [2022-11-30] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-267369651-1272909813-2013845668-1001\Control Panel\Desktop\\Wallpaper -> E:\my photos\wadebeach.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{01C9AADF-90EF-48AE-AE28-48C063F38190}] => (Allow) E:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F95B62FA-ACED-4916-908D-009244A2D446}] => (Allow) E:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9CA527F1-405E-4EB8-847B-28297294AD70}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{929A5544-1A27-4637-BBE2-86507E964FD4}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{6384937E-CD68-4065-A1A8-09D1D4DF0FF8}E:\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) E:\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [UDP Query User{16C056F3-CD43-4F4A-869B-D6B8B76A7731}E:\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) E:\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [TCP Query User{7A9434E7-F7FA-45AC-A587-A6138801D5E8}E:\steam\steamapps\common\system shock remake\systemshock\binaries\win64\systemreshock-win64-shipping.exe] => (Allow) E:\steam\steamapps\common\system shock remake\systemshock\binaries\win64\systemreshock-win64-shipping.exe => No File
FirewallRules: [UDP Query User{8162A4B0-8AC9-4A90-8396-9D8344E89ADA}E:\steam\steamapps\common\system shock remake\systemshock\binaries\win64\systemreshock-win64-shipping.exe] => (Allow) E:\steam\steamapps\common\system shock remake\systemshock\binaries\win64\systemreshock-win64-shipping.exe => No File
FirewallRules: [{93260582-50EA-4C2C-A4B8-627B0EA8FF06}] => (Allow) E:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe (Arkane Studios) [File not signed]
FirewallRules: [{0EEDCD13-5524-41D8-895C-345203B43240}] => (Allow) E:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe (Arkane Studios) [File not signed]
FirewallRules: [TCP Query User{8890F752-50C7-475C-958A-283383C8D250}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{70D42B77-D6EC-4071-8060-B3454C03ECF7}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{50AC7ADE-4964-4A40-9FBF-35E14FA2685C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5DBB739-413C-4C39-B942-06B7672F2971}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23091.406.2009.3890_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1ED4D03-048F-4980-985F-F09384224048}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23091.406.2009.3890_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{705A9AC8-204E-4084-A264-A534397A75B5}C:\program files\windowsapps\appleinc.itunes_12129.4.57066.0_x64__nzyj5cx40ttqa\itunes.exe] => (Allow) C:\program files\windowsapps\appleinc.itunes_12129.4.57066.0_x64__nzyj5cx40ttqa\itunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [UDP Query User{B08A2219-98DB-4794-869F-E8C9DDD671B9}C:\program files\windowsapps\appleinc.itunes_12129.4.57066.0_x64__nzyj5cx40ttqa\itunes.exe] => (Allow) C:\program files\windowsapps\appleinc.itunes_12129.4.57066.0_x64__nzyj5cx40ttqa\itunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D2F7D0AA-2140-4ED7-B73C-2CF09952366A}] => (Allow) E:\EverQuest II\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{5D6BF672-64EE-47C1-B421-2D1843DCA303}] => (Allow) E:\EverQuest II\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{D2B7380F-AC05-4E57-8CC3-C49DA03BC7F0}] => (Allow) E:\EverQuest II\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{B2ECC548-BA97-4023-8765-761D2238BF21}] => (Allow) E:\EverQuest II\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{4AD97980-C1AC-4AA0-A3CC-F52C5C962AE9}] => (Allow) E:\EverQuest II\EQ2.exe () [File not signed]
FirewallRules: [{6D9BE0F1-781B-4D1C-8852-A0D89BB02976}] => (Allow) E:\EverQuest II\EQ2.exe () [File not signed]
FirewallRules: [{108AE11A-A612-46BE-BED6-39A407DFC5A0}] => (Allow) E:\EverQuest II\EQ2.exe () [File not signed]
FirewallRules: [{D1AD7CA2-6CA2-47E8-A666-E1ADCA3A0A07}] => (Allow) E:\EverQuest II\EQ2.exe () [File not signed]
FirewallRules: [{198C38EB-EC34-4607-847C-609163EDF503}] => (Allow) E:\EverQuest II\EverQuest2.exe (Sony Online Entertainment) [File not signed]
FirewallRules: [{80C20D5C-592E-4F11-9DDC-39A7B40E912E}] => (Allow) E:\EverQuest II\EverQuest2.exe (Sony Online Entertainment) [File not signed]
FirewallRules: [{85FCA334-552C-4F55-B2BF-ECEBABB2215F}] => (Allow) E:\EverQuest II\EverQuest2.exe (Sony Online Entertainment) [File not signed]
FirewallRules: [{C0427809-81A9-41AB-ABCA-D89E9E1CFED3}] => (Allow) E:\EverQuest II\EverQuest2.exe (Sony Online Entertainment) [File not signed]
FirewallRules: [TCP Query User{D706A8F8-053E-404B-AA63-6A99D5333967}E:\everquest ii\eq2voiceservice.exe] => (Allow) E:\everquest ii\eq2voiceservice.exe (Mercer Road Corp -> )
FirewallRules: [UDP Query User{99BC3651-BEAD-42C3-9082-8BDC010B839D}E:\everquest ii\eq2voiceservice.exe] => (Allow) E:\everquest ii\eq2voiceservice.exe (Mercer Road Corp -> )
FirewallRules: [{5C33F105-A3CC-4207-A13B-ECA60E8CF7A2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DF6F8F5B-7820-4E3B-8F95-1912B95073EE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AE533B4-08E5-454D-BFC9-A1C4E519B212}] => (Allow) E:\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe (Robot Entertainment, Inc.) [File not signed]
FirewallRules: [{EF80A392-EAE9-4B1E-B478-EB30DBCC91D9}] => (Allow) E:\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe (Robot Entertainment, Inc.) [File not signed]

==================== Restore Points =========================

21-05-2023 14:50:40 Scheduled Checkpoint
29-05-2023 14:45:45 Scheduled Checkpoint
03-06-2023 14:44:03 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/07/2023 06:29:58 PM) (Source: Application Error) (EventID: 1000) (User: GMAINPC)
Description: Faulting application name: Prey.exe, version: 1.0.1.0, time stamp: 0x5d1cb24c
Faulting module name: CELib_x64.dll, version: 6.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000000b48e
Faulting process ID: 0x0x3910
Faulting application start time: 0x0x1d9995ddc5de02c
Faulting application path: E:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
Faulting module path: C:\Users\Harle\AppData\Local\WeMod\app-8.9.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dll
Report ID: dbb053ab-0cc3-4679-b499-444584a9db70
Faulting package full name:
Faulting package-relative application ID:

Error: (06/06/2023 07:00:23 PM) (Source: Application Error) (EventID: 1000) (User: GMAINPC)
Description: Faulting application name: Prey.exe, version: 1.0.1.0, time stamp: 0x5d1cb24c
Faulting module name: CELib_x64.dll, version: 6.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000000b48e
Faulting process ID: 0x0x3c18
Faulting application start time: 0x0x1d99897f3082e7c
Faulting application path: E:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
Faulting module path: C:\Users\Harle\AppData\Local\WeMod\app-8.9.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dll
Report ID: 6058e835-74a2-4044-a3b3-3ea543bcb965
Faulting package full name:
Faulting package-relative application ID:

Error: (06/06/2023 12:47:42 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SecurityHealthService.exe, version: 10.0.22621.1635, time stamp: 0xc9cb2878
Faulting module name: ntdll.dll, version: 10.0.22621.1778, time stamp: 0x48d14984
Exception code: 0xc0000374
Fault offset: 0x000000000010be19
Faulting process ID: 0x0x24a8
Faulting application start time: 0x0x1d997d99cc4aa10
Faulting application path: C:\windows\system32\SecurityHealthService.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report ID: 716bdac9-053c-499f-b028-4367c882e9b5
Faulting package full name:
Faulting package-relative application ID:

Error: (06/05/2023 07:14:13 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SecurityHealthService.exe, version: 10.0.22621.1635, time stamp: 0xc9cb2878
Faulting module name: ntdll.dll, version: 10.0.22621.1778, time stamp: 0x48d14984
Exception code: 0xc0000374
Fault offset: 0x000000000010be19
Faulting process ID: 0x0x1fd4
Faulting application start time: 0x0x1d997d98681ed6a
Faulting application path: C:\windows\system32\SecurityHealthService.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report ID: 18f30134-f14f-474d-869f-ece4ab5bdf04
Faulting package full name:
Faulting package-relative application ID:

Error: (06/05/2023 07:13:33 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SecurityHealthService.exe, version: 10.0.22621.1635, time stamp: 0xc9cb2878
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process ID: 0x0x3958
Faulting application start time: 0x0x1d997d96ffbf893
Faulting application path: C:\windows\system32\SecurityHealthService.exe
Faulting module path: C:\windows\SYSTEM32\ucrtbase.dll
Report ID: f729be26-239f-4786-99f6-2cb05cc29454
Faulting package full name:
Faulting package-relative application ID:

Error: (06/05/2023 07:13:02 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SecurityHealthService.exe, version: 10.0.22621.1635, time stamp: 0xc9cb2878
Faulting module name: ntdll.dll, version: 10.0.22621.1778, time stamp: 0x48d14984
Exception code: 0xc0000374
Fault offset: 0x000000000010be19
Faulting process ID: 0x0x191c
Faulting application start time: 0x0x1d997b3597536b0
Faulting application path: C:\windows\system32\SecurityHealthService.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report ID: 9e74c2e8-1d5f-4ecd-bd2b-cedba7583b6b
Faulting package full name:
Faulting package-relative application ID:

Error: (06/05/2023 06:32:23 PM) (Source: Application Error) (EventID: 1000) (User: GMAINPC)
Description: Faulting application name: Prey.exe, version: 1.0.1.0, time stamp: 0x5d1cb24c
Faulting module name: CELib_x64.dll, version: 6.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000000b48e
Faulting process ID: 0x0xa8c
Faulting application start time: 0x0x1d997bffa8cafa6
Faulting application path: E:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
Faulting module path: C:\Users\Harle\AppData\Local\WeMod\app-8.9.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dll
Report ID: 173c22b1-77a6-4e6e-9acc-98882fb8a23b
Faulting package full name:
Faulting package-relative application ID:

Error: (06/05/2023 02:16:42 PM) (Source: Application Error) (EventID: 1000) (User: GMAINPC)
Description: Faulting application name: Prey.exe, version: 1.0.1.0, time stamp: 0x5d1cb24c
Faulting module name: CELib_x64.dll, version: 6.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000000b48e
Faulting process ID: 0x0x2428
Faulting application start time: 0x0x1d997a9740d9682
Faulting application path: E:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
Faulting module path: C:\Users\Harle\AppData\Local\WeMod\app-8.9.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dll
Report ID: ec10758b-ecf4-4ec9-8390-bda3355f9b58
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (06/08/2023 12:18:22 PM) (Source: DCOM) (EventID: 10010) (User: GMAINPC)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (06/07/2023 12:21:41 PM) (Source: DCOM) (EventID: 10010) (User: GMAINPC)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (06/06/2023 12:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Security Service service terminated unexpectedly. It has done this 8 time(s).

Error: (06/06/2023 12:16:33 PM) (Source: DCOM) (EventID: 10010) (User: GMAINPC)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (06/05/2023 07:14:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Security Service service terminated unexpectedly. It has done this 7 time(s).

Error: (06/05/2023 07:13:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Security Service service terminated unexpectedly. It has done this 6 time(s).

Error: (06/05/2023 07:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Security Service service terminated unexpectedly. It has done this 5 time(s).

Error: (06/05/2023 01:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Security Service service terminated unexpectedly. It has done this 4 time(s).


Windows Defender:
================
Date: 2023-06-03 21:15:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-03 20:54:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-03 20:48:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-03 20:07:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-03 19:36:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-06-06 12:47:44
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. F4a PI 05/10/2022
Motherboard: Gigabyte Technology Co., Ltd. B660 DS3H DDR4
Processor: 12th Gen Intel(R) Core(TM) i7-12700F
Percentage of memory in use: 27%
Total physical RAM: 16225.46 MB
Available physical RAM: 11762.27 MB
Total Virtual: 20833.46 MB
Available Virtual: 14815.52 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.64 GB) (Free:832.5 GB) (Model: 1TB PCS PCIe M.2 SSD PRO) NTFS
Drive d: (New Volume) (Fixed) (Total:931.5 GB) (Free:558.45 GB) (Model: ST1000DM010-2EP102) NTFS
Drive e: (main games drive) (Fixed) (Total:7452.02 GB) (Free:6128.27 GB) (Model: ST8000DM004-2U9188) NTFS

\\?\Volume{41e0c13a-11ec-4e07-bbef-8c7bcf02c34d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{a7daf79d-42e2-4d83-a3ac-8cf7f44df3ca}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 720EF61A)

Partition: GPT.

==================== End of Addition.txt =======================

Log two
@flashh4 both files have been pasted,and thanks for the help it is appriciated!

My start up programs looked like that. Defender comes with Office 365 subscriptions and I think mine stayed until I registered (then un-installed it)
Systray is the only built in option.
It's a load of nothing really.

Please excuse me if I got my wires crossed.
Defender is now this horrible thing, it stays diasbled until you open it and agree to the
'Privacy agreement'