What makes this even worse is, my Metamask wallet, which stores my crypto (ETH) was hacked. My ETH was sent to another wallet address. I believe this has to do with the potential infection.
I will also post a screenshot of the popup when it appears, as it is random, so I won't be able to send it yet with this initial post.
Here are my logs from FRST:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2022
Ran by grafx (13-03-2022 21:38:24)
Running from C:\Users\grafx\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1526 (X64) (2020-10-21 05:47:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-939787786-1032757048-2379198474-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-939787786-1032757048-2379198474-503 - Limited - Disabled)
grafx (S-1-5-21-939787786-1032757048-2379198474-1001 - Administrator - Enabled) => C:\Users\grafx
Guest (S-1-5-21-939787786-1032757048-2379198474-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-939787786-1032757048-2379198474-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Dreamweaver 2020 (HKLM-x32\...\DRWV_20_0) (Version: 20.0 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_0_1) (Version: 24.0.1 - Adobe Systems Incorporated)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
AutoHotkey 1.1.33.10 (HKLM\...\AutoHotkey) (Version: 1.1.33.10 - Lexikos)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden
Camtasia 2019 (HKLM\...\{19A62A1C-7918-487A-85FC-7FAEBCBC12C6}) (Version: 19.0.9.17643 - TechSmith Corporation) Hidden
Camtasia 2019 (HKLM-x32\...\{de99fe51-5615-4a7b-beea-6d59fe981c23}) (Version: 19.0.9.17643 - TechSmith Corporation)
ClipX (HKLM-x32\...\ClipX) (Version: - )
Creality Slicer (HKLM-x32\...\{2A4DA5E3-ECD2-4127-B9E0-6BFBDE407FD2}) (Version: 1.2.3 - Creality3D)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 5.7.0.1284 - Disc Soft Ltd)
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )
Dragon 14 (HKLM-x32\...\{FEAB6184-0560-4EBF-A26B-C3F2B11FE9E1}) (Version: 14.00.000 - Nuance Communications Inc.)
EverAccountable (HKLM-x32\...\{344B067D-4154-404D-88EC-28D11A9D3B92}_is1) (Version: 7.5.52 - Ever Accountable)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
Meshmixer (HKLM\...\Meshmixer_x64) (Version: 3.5 - Autodesk, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.39 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.14931.20132 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 98.0 (x64 en-US)) (Version: 98.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{61912B8D-78D2-4C3A-B566-F72B189F9E30}) (Version: 6.28.13 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.28.13) (Version: 6.28.13 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 84.0.4316.31 (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\Opera 84.0.4316.31) (Version: 84.0.4316.31 - Opera Software)
Plex Media Server (HKLM-x32\...\{D24D924C-CD4D-4C4B-A349-EAA1FE2C235C}) (Version: 1.25.3409 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{dda82782-10db-473d-8e46-b530d4d5061d}) (Version: 1.25.3.5409 - Plex, Inc.)
Pulover's Macro Creator version 5.4.1 (HKLM\...\{223FFB42-2D49-4AF6-9EF2-82B7D0CAF8B4}_is1) (Version: 5.4.1 - Cloversoft Serviços de Informática Ltda)
Python 3.10.1 (64-bit) (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\{af822d5e-759c-4e77-9696-3cc835cd54a9}) (Version: 3.10.1150.0 - Python Software Foundation)
Python 3.10.1 Core Interpreter (64-bit) (HKLM\...\{862831D8-A2FD-4ED5-B9B9-C8C3ECA1CAE8}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Development Libraries (64-bit) (HKLM\...\{A17FBEFC-ABDD-4E5E-AAA5-CC503ACF648F}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Documentation (64-bit) (HKLM\...\{DD75DEC5-89C0-4E54-88A2-83DCCA026F3A}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Executables (64-bit) (HKLM\...\{4F07CBC9-1051-41FC-978D-EECA76E4D547}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 pip Bootstrap (64-bit) (HKLM\...\{167746E3-B9B3-4964-803A-F893F1FC56C9}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Standard Library (64-bit) (HKLM\...\{98A2C72D-7929-414D-995B-4E47D8307C93}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Tcl/Tk Support (64-bit) (HKLM\...\{5A807757-F64E-46D3-ABD1-B4907BB75B72}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Test Suite (64-bit) (HKLM\...\{0393EBB7-8F16-42DC-9B63-F1552F481B92}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Utility Scripts (64-bit) (HKLM\...\{FD9B0798-B88D-4148-9159-6206EACD7C47}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{7DE12550-BE09-44DD-BDB4-0EC26BA89DAF}) (Version: 3.10.7644.0 - Python Software Foundation)
SideQuest 0.10.27 (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\4924ec51-3e48-5cb7-b145-2119467094c7) (Version: 0.10.27 - Shane Harris)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{B1E7A6EB-1E9F-4571-AC05-2089E5297B9C}) (Version: 1.25.3409 - Plex, Inc.) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.27.3 - TeamViewer)
TreeSize Free V4.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.2 - JAM Software)
Ultimaker Cura 4.10.0 (HKLM-x32\...\Ultimaker Cura 4.10.0) (Version: 4.10.0 - Ultimaker B.V.)
Virtual Desktop Streamer (HKLM\...\{D4151DFF-F580-4C4D-B029-C38288E15A8E}) (Version: 1.17.1 - Virtual Desktop, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WebTorrent (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\WebTorrent) (Version: 0.24.0 - WebTorrent, LLC)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Xyliase version 1.0 (HKLM-x32\...\{0AC80AF3-3604-453F-B414-91E787EA292D}_is1) (Version: 1.0 - Xyliase)
Packages:
=========
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-04] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-02-27] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-17] (NVIDIA Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-939787786-1032757048-2379198474-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\grafx\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-939787786-1032757048-2379198474-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers2: [DaemonShellExtDriveUltra] -> {F0E53CA3-02F8-40AE-9470-309F0309036F} => C:\Program Files\DAEMON Tools Ultra\dtshl64.dll [2020-01-30] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageUltra] -> {B5EBA666-2B94-4C7A-9CAA-A4539F329646} => C:\Program Files\DAEMON Tools Ultra\dtshl64.dll [2020-01-30] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\x64\dgnriaie_x64.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\dgnriaie.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-03-18 17:28 - 2021-03-18 17:33 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\grafx\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\red wallpaper planet.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Automount"
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\StartupApproved\Run: => "Plex Media Server"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4E147D60-F80B-4DC6-B501-9F6AFC8C5A7A}C:\users\grafx\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{CA1CCF19-1BDB-459F-9E64-F9A34C00BDA1}C:\users\grafx\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{C7778972-BA81-4984-8A73-52C3E89A07EE}C:\users\grafx\appdata\local\webtorrent\app-0.24.0\webtorrent.exe] => (Allow) C:\users\grafx\appdata\local\webtorrent\app-0.24.0\webtorrent.exe (WEBTORRENT, LLC -> WebTorrent)
FirewallRules: [TCP Query User{53512EA4-1894-47BE-A431-60A4B770D0F0}C:\users\grafx\appdata\local\webtorrent\app-0.24.0\webtorrent.exe] => (Allow) C:\users\grafx\appdata\local\webtorrent\app-0.24.0\webtorrent.exe (WEBTORRENT, LLC -> WebTorrent)
FirewallRules: [{DA95D99A-E861-47DA-99DB-11E583CB2F58}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{BB1E4688-7486-4184-97AD-EC9B7617E505}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A7655146-4182-482E-9BB0-3DD01D61894E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C303E573-2D45-4092-813D-A41EF02121FD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{4B2C0F71-BCDB-42C2-A046-AE23385C2746}C:\users\grafx\appdata\local\programs\opera\69.0.3686.66\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\69.0.3686.66\opera.exe => No File
FirewallRules: [TCP Query User{976826D3-3FEE-496D-A282-CF88F037171C}C:\users\grafx\appdata\local\programs\opera\69.0.3686.66\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\69.0.3686.66\opera.exe => No File
FirewallRules: [UDP Query User{73B305DE-4E7F-46B7-9BCD-8960DA1B3B2F}C:\users\grafx\desktop\games\karnage chronicles\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe.unpacked.exe] => (Allow) C:\users\grafx\desktop\games\karnage chronicles\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe.unpacked.exe => No File
FirewallRules: [TCP Query User{09EE8772-85F0-441D-9801-42AC661F57D4}C:\users\grafx\desktop\games\karnage chronicles\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe.unpacked.exe] => (Allow) C:\users\grafx\desktop\games\karnage chronicles\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe.unpacked.exe => No File
FirewallRules: [{AA826A7D-6C98-4CA4-ABA7-58B77DAD15D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7E9434A3-C929-4A29-905F-C665977E8514}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{59F52B9B-B726-450B-88D8-6C43E98EBD43}] => (Allow) LPort=51001
FirewallRules: [{CCF4E4AC-2D1D-4740-B02F-E6E3A19386DC}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat_Data\StreamingAssets\Tools\DriverInfo.exe => No File
FirewallRules: [{D0CD0F23-4704-49C3-9668-21B6256C9CBC}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat_Data\StreamingAssets\Tools\DriverInfo.exe => No File
FirewallRules: [{36A8DCFE-33EF-4E29-8904-3CCC09D3797A}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat_Data\StreamingAssets\Tools\youtube-dl.exe => No File
FirewallRules: [{49574AE5-AA44-4B1C-B5AE-9CB0CC528D6D}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat_Data\StreamingAssets\Tools\youtube-dl.exe => No File
FirewallRules: [{10F837FF-1819-4464-8503-51BB826AABB7}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat.exe => No File
FirewallRules: [{7D4D684A-09C8-4BA6-BC31-10B073EE3039}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat.exe => No File
FirewallRules: [{B517ACDF-233B-4166-A5CF-CECE4303FEB1}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\UnityCrashHandler64.exe => No File
FirewallRules: [{25DDC0A8-8422-4846-A266-23FFABCAFDCE}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\UnityCrashHandler64.exe => No File
FirewallRules: [{B64A6AF4-477B-467C-861A-82F783187B26}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\install.exe => No File
FirewallRules: [{24709239-F789-4D48-B522-A1EBA9CDE840}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\install.exe => No File
FirewallRules: [{47331E05-0FDA-46C7-A954-1B4E51B659C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{66786D4B-7182-4430-AFED-FAE4CBF72C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{3C68128F-4626-44CD-95FF-BEB382DF7AF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{7E42F4D6-924D-4349-A7ED-ACEE33D52C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{01534542-87D3-4AA4-A7B9-9B7A0C3C605B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [{5BCDB738-DF0A-419E-85B4-6DFC6DD5C29B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [{18070441-EE03-4D9F-9D17-8E4AC9553342}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{E5D77BAD-1FEA-4D8A-AAA0-DE2B78536295}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{10CDF972-661F-4731-9715-BE35CBBEE7B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C5116B62-A75F-4549-89FC-E6EE3032CFAA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{D3CEE53F-A188-41EF-A7BC-370878DEBC79}C:\programdata\grafx\webtorrent\app-0.21.0\webtorrent.exe] => (Allow) C:\programdata\grafx\webtorrent\app-0.21.0\webtorrent.exe (WebTorrent LLC -> WebTorrent)
FirewallRules: [TCP Query User{D04AA1B8-68D4-4DCE-8B06-2F5F7A507BBD}C:\programdata\grafx\webtorrent\app-0.21.0\webtorrent.exe] => (Allow) C:\programdata\grafx\webtorrent\app-0.21.0\webtorrent.exe (WebTorrent LLC -> WebTorrent)
FirewallRules: [UDP Query User{20568667-850E-4E62-B3FD-B79BED4B4D52}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{E2508FFF-316B-4077-9B81-1898A70AB79F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F30C8C10-3685-4BA5-B35E-C47120B2346F}] => (Allow) LPort=8320
FirewallRules: [UDP Query User{8BACEF5E-223B-49FB-B9C4-605BBE37D0D5}C:\program files\adobe\adobe dreamweaver 2020\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2020\node\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [TCP Query User{B310E376-DAF4-4293-8481-3F9C3D67AF97}C:\program files\adobe\adobe dreamweaver 2020\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2020\node\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [UDP Query User{4D48441F-6868-4E37-810F-18176F0A1BE5}C:\users\grafx\appdata\local\webtorrent\app-0.21.0\webtorrent.exe] => (Allow) C:\users\grafx\appdata\local\webtorrent\app-0.21.0\webtorrent.exe (WebTorrent LLC -> WebTorrent)
FirewallRules: [TCP Query User{F1A77D1B-87DD-4E18-A627-42DF8DC0DCDD}C:\users\grafx\appdata\local\webtorrent\app-0.21.0\webtorrent.exe] => (Allow) C:\users\grafx\appdata\local\webtorrent\app-0.21.0\webtorrent.exe (WebTorrent LLC -> WebTorrent)
FirewallRules: [{B44054C1-FA9C-4300-B013-0535C7E89FDB}] => (Allow) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{46CF0DC5-F4DC-4059-8EED-5F96BE1BC9F7}] => (Allow) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{D151C990-1D89-4D67-A578-D5F78C7F1032}] => (Allow) C:\Users\grafx\Desktop\Microsoft Toolkit.exe => No File
FirewallRules: [{A10AA7E0-DEE9-4E7F-B437-45CB170B30DF}] => (Allow) C:\Users\grafx\Desktop\Microsoft Toolkit.exe => No File
FirewallRules: [{CB02686B-5874-4895-A169-AA2644328177}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4057F0FF-863B-4B24-A723-8E5F450A3777}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0024014C-4991-4E66-B6DC-F803FE5B070F}] => (Allow) C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Streamer.exe (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
FirewallRules: [TCP Query User{69F5E808-E1B3-41C9-97C6-6AB03CA4F838}C:\users\grafx\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\grafx\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{9CB772DA-EBEF-451C-AB08-07C63E889666}C:\users\grafx\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\grafx\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [TCP Query User{4E332B45-C286-4BA5-B20E-6B2372E7D829}C:\program files\ultimaker cura 4.8.0\cura.exe] => (Allow) C:\program files\ultimaker cura 4.8.0\cura.exe => No File
FirewallRules: [UDP Query User{6E21EFC4-0EE5-40F4-97D5-8F4C40FDD43D}C:\program files\ultimaker cura 4.8.0\cura.exe] => (Allow) C:\program files\ultimaker cura 4.8.0\cura.exe => No File
FirewallRules: [TCP Query User{F5AC3CBA-85E4-4EDA-95EF-67B122A93C2D}C:\program files\raise3d\ideamaker\ideamaker.exe] => (Allow) C:\program files\raise3d\ideamaker\ideamaker.exe => No File
FirewallRules: [UDP Query User{8ACFFBE7-EE29-452D-AE1E-905384F0C433}C:\program files\raise3d\ideamaker\ideamaker.exe] => (Allow) C:\program files\raise3d\ideamaker\ideamaker.exe => No File
FirewallRules: [{E9A6B09B-9202-4C54-86D7-4A49DA473AD5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C102221A-392B-4F83-A264-B38523D04374}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BB5269F1-9EBC-4E31-9E37-8C9464BA0BFD}C:\users\grafx\appdata\local\programs\opera\77.0.4054.172\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.172\opera.exe => No File
FirewallRules: [UDP Query User{76BD73FD-BE6C-49F3-85DD-4EF1C0B8A34A}C:\users\grafx\appdata\local\programs\opera\77.0.4054.172\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.172\opera.exe => No File
FirewallRules: [TCP Query User{A87922C3-31E0-44A4-A240-4E9DFD4EFBCC}C:\users\grafx\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{276DE86A-F053-4E72-B300-5B19B98C6D7B}C:\users\grafx\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{5B881C44-5BA7-482C-B054-2C345A8E445F}C:\program files\ultimaker cura 4.10.0\cura.exe] => (Allow) C:\program files\ultimaker cura 4.10.0\cura.exe (Ultimaker B.V.) [File not signed]
FirewallRules: [UDP Query User{8882047D-9829-45A1-9209-41D936BCBD15}C:\program files\ultimaker cura 4.10.0\cura.exe] => (Allow) C:\program files\ultimaker cura 4.10.0\cura.exe (Ultimaker B.V.) [File not signed]
FirewallRules: [TCP Query User{EAD8B309-3739-4BFF-9F9F-A5FB4BE9037C}C:\users\grafx\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{D41E9435-0D96-4561-B6C7-390774CD6176}C:\users\grafx\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{B8A4E1AC-4041-46F2-AF8E-9265F1CCEA51}C:\program files\daedalus mainnet\daedalus mainnet.exe] => (Allow) C:\program files\daedalus mainnet\daedalus mainnet.exe => No File
FirewallRules: [UDP Query User{2F4E35ED-82B1-44B1-9055-13F6724BC007}C:\program files\daedalus mainnet\daedalus mainnet.exe] => (Allow) C:\program files\daedalus mainnet\daedalus mainnet.exe => No File
FirewallRules: [TCP Query User{85DF83FB-2F54-493E-A4A8-B700D3D7F25D}C:\users\grafx\desktop\opensea_bidding_bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\opensea_bidding_bot\opensea_bot.exe => No File
FirewallRules: [UDP Query User{F052DB23-7091-4DDF-9EDE-30C8AC6491D3}C:\users\grafx\desktop\opensea_bidding_bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\opensea_bidding_bot\opensea_bot.exe => No File
FirewallRules: [TCP Query User{D4D2C9D0-CAA9-40F3-816C-40C088D2A993}C:\users\grafx\desktop\opensea_bot2\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\opensea_bot2\opensea_bot.exe => No File
FirewallRules: [UDP Query User{0A450FAD-BFFD-497F-8B68-91E3E22AD464}C:\users\grafx\desktop\opensea_bot2\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\opensea_bot2\opensea_bot.exe => No File
FirewallRules: [TCP Query User{ED50A37A-84F1-48CA-BBC0-C86108076E13}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{3EE919EE-4FF8-4F74-8FF9-842F7D68E442}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{05B469CB-72BA-43FD-851F-07B04A914826}C:\users\grafx\desktop\offer bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\offer bot\opensea_bot.exe => No File
FirewallRules: [UDP Query User{D439C2CE-8889-417B-9AB3-261D8F64F55B}C:\users\grafx\desktop\offer bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\offer bot\opensea_bot.exe => No File
FirewallRules: [TCP Query User{9FDF72EC-F34F-49E1-B7D1-54BC715DEA88}C:\users\grafx\desktop\output\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\output\opensea_bot.exe => No File
FirewallRules: [UDP Query User{36E06567-9453-4D3C-BE8D-5F975644378D}C:\users\grafx\desktop\output\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\output\opensea_bot.exe => No File
FirewallRules: [TCP Query User{81CFE5E6-62AD-4513-B567-A679C0CE08CB}C:\users\grafx\desktop\output\opensea_sniper.exe] => (Allow) C:\users\grafx\desktop\output\opensea_sniper.exe => No File
FirewallRules: [UDP Query User{8F3269A4-4D35-4559-AF74-E000FBA1ED8C}C:\users\grafx\desktop\output\opensea_sniper.exe] => (Allow) C:\users\grafx\desktop\output\opensea_sniper.exe => No File
FirewallRules: [TCP Query User{DC1E4D20-4C26-45FC-8FA5-148D081A169E}C:\users\grafx\desktop\offer sniper bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\offer sniper bot\opensea_bot.exe () [File not signed]
FirewallRules: [UDP Query User{FC48F35E-1BA4-4ECD-BBC0-2BEC2E2CF0E1}C:\users\grafx\desktop\offer sniper bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\offer sniper bot\opensea_bot.exe () [File not signed]
FirewallRules: [TCP Query User{5F3F4A25-FFFC-4FC4-AB32-633F49DE9A80}C:\users\grafx\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{47962C83-413A-416F-8750-EE07C1B23C8B}C:\users\grafx\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B910CF44-272E-442E-B56E-E0FE5684D6AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{462863A5-F802-438A-9B16-ADF8B6AC074C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{05FC315C-A693-435C-85EC-04D77924D9E0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4A784546-788B-4D96-877F-1C24EC14A390}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{EBBEC1A3-7001-47BE-8234-26A7268DD331}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> )
FirewallRules: [{0ABFF5D5-ECBD-463C-8073-6888D79E4664}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{7AAC1C1C-9173-4CC3-8E91-B9C75ED477D2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{3BA11435-665C-46B5-B425-A430447CA6A5}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Game Transcoder\Plex Game Transcoder.exe (Plex, Inc. -> )
FirewallRules: [{22C0D0F3-AEB7-44ED-A825-7FF597A26A0C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ED4DAE32-D308-4389-B2F2-831242EAE6BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{512022B1-195B-4109-8426-0E4D40BF5C55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AA759D68-59FF-44D4-8434-3C84E2D91277}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9374DA3-FADE-48F1-8E4A-B00CBEE48B38}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6439C561-C0B1-4958-9D8B-BC9F31E33EC6}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe => No File
FirewallRules: [UDP Query User{734AC946-1754-46C9-9502-D9BBEA479734}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe => No File
FirewallRules: [{204F8E94-3A02-4773-BCF5-E65A84437793}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{C0BB7394-6A55-4082-AFCB-A5D064F43600}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{C2EA6278-5BA7-4C84-98E7-648D63E6A658}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{BC2AE6B1-9C22-412A-9F94-D2DFC771077D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{EC0C8054-3C3F-4BF7-81AB-86FA2D2453EA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{7CDAE8B5-321D-4570-A5A0-75423F9AAAF2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [TCP Query User{C58E210B-66C3-4878-94B3-071039867B95}C:\users\grafx\appdata\local\programs\python\python310\python.exe] => (Allow) C:\users\grafx\appdata\local\programs\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{6FCDBB81-D92E-471E-A5E2-BEB361732BF2}C:\users\grafx\appdata\local\programs\python\python310\python.exe] => (Allow) C:\users\grafx\appdata\local\programs\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [{EA7CEB97-9AD5-446E-BE0C-18E82B7C8AB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6C10AED3-0009-46DE-9CFD-B4424D13F545}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BEF5F17E-4689-470B-B539-C09807837F60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AA3FEDBD-B91E-4632-AEB2-39B8D244BF27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
==================== Restore Points =========================
12-03-2022 13:58:45 Windows Modules Installer
13-03-2022 20:18:42 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices ============
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: ========================
Application errors:
==================
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast SecureLine VPN since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Driver Updater since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Cleanup since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Firewall Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (03/13/2022 08:18:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
Error: (03/11/2022 06:09:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro38CrusaderBoot service terminated with the following service-specific error:
The operation completed successfully.
Error: (03/11/2022 06:08:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Audiosrv service failed to start due to the following error:
The service did not start due to a logon failure.
Error: (03/11/2022 06:08:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Audiosrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (03/11/2022 06:08:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The authentication service is unknown.
Error: (03/11/2022 06:07:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (03/11/2022 06:07:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (03/11/2022 06:07:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Windows Defender:
================
Date: 2022-03-13 19:40:57
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-12 19:25:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-12 19:06:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-11 15:34:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-10 14:21:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-03-12 18:15:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2022-03-12 13:24:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2022-03-12 11:09:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 2.80 08/07/2019
Motherboard: Micro-Star International Co., Ltd. B360 GAMING PLUS (MS-7B22)
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 46%
Total physical RAM: 16318.35 MB
Available physical RAM: 8716.86 MB
Total Virtual: 35839.3 MB
Available Virtual: 24972.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:476.31 GB) (Free:79.63 GB) NTFS
\\?\Volume{b0cd26dc-4748-4c47-8886-1c8f8dda1810}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{ea965f89-d82f-4bbf-b8b2-80c7c1e75a4b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================