Solved Slow Machine Killing Me

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2022
Ran by Arwen (administrator) on THEONE (SAMSUNG ELECTRONICS CO., LTD. 350V5C/350V5X/350V4C/350V4X/351V5C/351V5X/351V4C/351V4X/3540VC/3540VX/3440VC/3440VX) (05-11-2022 15:38:59)
Running from C:\Users\Arwen\Downloads
Loaded Profiles: Arwen
Platform: Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe ->) () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\rpbgdownloader.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Google Inc -> Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <35>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Nova Development -> ) C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealPlayer\downloader2.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced System Repair Inc -> Advanced System Repair Inc.) C:\Program Files (x86)\Advanced System Repair Pro 1.9.9.2.0\asrrealtimesrv.exe
(services.exe ->) (Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(services.exe ->) (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(services.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [212192 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe [144728 2011-03-09] (Nova Development -> )
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353064 2020-10-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\realplayer\downloader2.exe [1188136 2020-10-22] (RealNetworks, Inc. -> )
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Google Update] => C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.152\GoogleUpdateCore.exe [230360 2022-08-29] (Google LLC -> Google LLC)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2629008 2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [11199048 2022-10-26] (Surfshark B.V. -> Surfshark)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Arwen\AppData\Local\Microsoft\Teams\Update.exe [2585920 2022-10-31] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [MicrosoftEdgeAutoLaunch_76A0D9236CDE99FD5677AC6B43A58EC4] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Windows x64\Print Processors\E150PP: C:\Windows\System32\spool\prtprocs\x64\E150PP64.dll [58368 2018-08-02] (Microsoft Windows Hardware Compatibility Publisher -> RICOH COMPANY, LTD.)
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\WINDOWS\system32\EP0SLM01.DLL [77824 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-2630 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBMDE.DLL [179712 2013-12-05] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP 6412 Status Monitor: C:\WINDOWS\system32\hpinksts6412LM.dll [331664 2012-06-13] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP D911 Status Monitor: C:\WINDOWS\system32\hpinkstsD911LM.dll [393352 2017-03-27] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP DD11 Status Monitor: C:\WINDOWS\system32\hpinkstsDD11LM.dll [392192 2019-03-15] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\WINDOWS\system32\HPDiscoPM7112.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\KM Language Monitor: C:\WINDOWS\system32\KMPJL64.DLL [132952 2020-02-10] (Microsoft Windows Hardware Compatibility Publisher -> KYOCERA Document Solutions Inc.)
HKLM\...\Print\Monitors\KX Language Monitor: C:\WINDOWS\system32\KXPLM64.DLL [134664 2018-05-24] (Microsoft Windows Hardware Compatibility Publisher -> KYOCERA Document Solutions Inc.)
HKLM\...\Print\Monitors\Ricoh Language Monitor2: C:\WINDOWS\system32\rc4mon64.dll [28160 2018-08-02] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe [2022-11-03] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-10] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-10] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2020-10-22]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

 

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0DB77DA7-437C-4068-A9B5-D0DCF81F4242} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {10AD99B1-9990-4C73-B8E9-E6EA376A9E3D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {1834511F-636F-4703-8D12-7C29F892135D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {25273BEB-1596-4DF2-9ACB-64FB9B924E10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {273E163D-8BD0-4420-A6BF-604990062399} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe (No File)
Task: {290BAB86-9300-42E5-AEBB-FDA70D438B3F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4946144 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
Task: {2DE3094A-DAE9-42C0-8E62-78496D108A22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {33C2B19B-605D-4B98-AB07-6A0AA22E83FA} - System32\Tasks\FaxArchive_CN2BD211XW05S1 => C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe CN2BD211XW05S1:NW /app FaxArchive -archive -task (No File)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {3D73620C-9823-4569-B296-B9881084DA2D} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe -checkType="scheduled_3PM" -show (No File)
Task: {3F5DA5C4-9997-473E-945E-7CC7AA284FC9} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe /UA 10.5 /DDV 0x0a00 (No File)
Task: {459B6145-D125-466D-9414-CEDBBB9F0765} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe -checkType="scheduled_9AM" -show (No File)
Task: {4AD36E97-A0A7-4DC5-A480-09E50B73AAFA} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [3466360 2012-08-30] (Samsung Electronics CO., LTD. -> SEC)
Task: {4F79A98D-E8F9-4412-9C0B-D19E7B9272CA} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-26] (HP Inc. -> HP Inc.)
Task: {5913828F-B37B-4361-AF56-63C35EBA8F00} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3548505277-2733688421-2640094488-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166544 2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {59B3AD87-92A2-4EBD-952F-CA5EE1BD526F} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-26] (HP Inc. -> HP Inc.)
Task: {5BF4106A-98B2-43EC-BFCA-BF41A8DD36A0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-15] (Intel® Services Manager -> Intel Corporation)
Task: {5EC21BF0-4503-4CCC-8D8A-DAE98A25935D} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe /scheduler (No File)
Task: {675B1F76-91AB-44C7-B2FD-BCEB028FF6B3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe /UA 13.5 /DDV 0x0b05 (No File)
Task: {6796BDAF-1420-4E46-BF3E-2BFA74DFFADC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => c:\program files (x86)\real\realplayer\realupgrade.exe [135464 2020-10-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {6B173D58-5540-466D-9F55-8F1DC6104F60} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => c:\program files (x86)\real\realplayer\realupgrade.exe [135464 2020-10-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7EC026DC-DC42-45DD-8D05-67BAC996642F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {82266BBE-21A7-4CAF-9A40-DED4B754EC2E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core1d35e28b237dd8d => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {866704E7-0F2E-4995-85D4-703CBF9E1241} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {A816F8AD-3B4E-4B1D-8202-EABE3C5EE876} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-15] (Intel® Services Manager -> Intel Corporation)
Task: {AFAF86C6-3E00-4438-B502-493857123499} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (No File)
Task: {B82FA7BA-DF38-4CEC-9FF3-FC3AED168754} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3995256 2016-01-31] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C338A2F7-A94D-4990-B0E7-5325F62C4605} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Arwen\Downloads\esetonlinescanner_enu (6).exe [7969304 2019-08-10] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C55F4626-17E2-42A8-9B08-BBBA832CF2E8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {C66E33DE-D288-4EBE-B646-E83CDBEFCECF} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166544 2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CF9AD7B1-A258-4614-AE15-AAB1352A2A4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {D5083734-FAD7-4260-82CE-AC911D4E3079} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe -checkType="scheduled_12PM" -show (No File)
Task: {D5341CEA-C726-4E47-A3F5-5DD4C9FB61DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA1d35e28b249f63f => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DE75DCC2-4981-4804-91D8-D8248A1F1E6A} - System32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: <Company name>)
Task: {EA5356DB-2336-4E5A-A637-DAE3E00C93A4} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {ECB4EEDF-18D5-4894-A683-4D5D8C2173FD} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Arwen\Downloads\esetonlinescanner_enu (6).exe [7969304 2019-08-10] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {EDC012C4-060B-4044-BFD6-49F7F89CD4B1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114600 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDEBAA3A-7104-4E41-90BD-4102F0FF4E62} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114600 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {F15C3E1B-8736-46DB-8F5B-33356FF56C46} - System32\Tasks\ASR-Startup => C:\Program Files (x86)\Advanced System Repair Pro 1.9.9.2.0\AdvancedSystemRepairPro.exe [20166920 2022-11-05] (Advanced System Repair Inc -> Advanced System Repair Inc.)
Task: {F2A366C5-1152-4C05-80DB-6C5F7D66E812} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F648ADA2-6A14-486C-9BC4-64444B7D899F} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe -minimize (No File)
Task: {FB6D6FE4-1610-4BB3-8519-231B3B051086} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {FF9D9BF1-BE84-4CBD-8F69-78184404A102} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => 127.0.0.1:1080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5e936670-642f-4052-aa03-d47cb7323cae}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8d69708d-ddec-a599-bb02-0475a5d2150e}: [NameServer] 162.252.172.57,149.154.159.92
Tcpip\..\Interfaces\{a1deafae-a273-4369-a12b-a8da1e15e848}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e8f08305-a01b-4b93-b012-19d5eb7d321c}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Arwen\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-05]
Edge HomePage: Default -> hxxps://www.google.com/?gws_rd=ssl

FireFox:
========
FF DefaultProfile: wopnhc1d.default-1453139201127
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127 [2022-11-05]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\Extensions\sp@avast.com.xpi [2021-03-07]
FF Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\Extensions\wrc@avast.com.xpi [2021-03-07]
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\kompozer.net\KompoZer\Profiles\jj4nfp63.default [2015-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=20.0.2.308 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2020-10-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=20.0.2.308 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2020-10-22] (RealNetworks, Inc. -> RealPlayer)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-09-18] (Intel) [File not signed]
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-09-18] (Intel) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default [2022-11-05]
CHR Extension: (Regex Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2015-04-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-11-04]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-08-31]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-04]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-10-12]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2022-05-18]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-25]
CHR Extension: (Safety Search by Safely) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfhkikdjdnoambdbgehaghceipnpmlo [2020-03-18]
CHR Extension: (Smartnews For PC Window 10 [Guide]) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokabhffpgjaeeeblalneldpnlnofhnj [2022-03-23]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-10-30]
CHR Extension: (Five9 Softphone Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngfbofmmhadhjnlodckfafckdhmlcpeh [2022-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2022-09-19]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-11-05]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-09-21]
CHR Extension: (Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-20]
CHR Extension: (Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-13]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-20]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-13]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-09-20]
CHR Extension: (Cisco Webex Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-09-21]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04]
CHR Extension: (FreeConferenceCall.com Scheduler) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2021-09-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-20]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-20]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-01-14]
CHR Extension: (Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-08]
CHR Extension: (Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-08]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-08]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-08]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-11-08]
CHR Extension: (Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-08]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-11-08]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2021-11-08]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-08]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-08]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-05]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Arwen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R3 asrrealtimesrv; C:\Program Files (x86)\Advanced System Repair Pro 1.9.9.2.0\asrrealtimesrv.exe [1122056 2022-11-05] (Advanced System Repair Inc -> Advanced System Repair Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8513552 2022-10-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [592608 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [592096 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-04] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12516280 2022-10-25] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncHelper.exe [3476408 2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-26] (HP Inc. -> HP Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed] [File is in use]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.217.1016.0002\OneDriveUpdaterService.exe [3842480 2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [38536 2020-10-15] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [990856 2020-10-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Surfshark.Service.exe [3603528 2022-10-26] (Surfshark B.V. -> Surfshark)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

 

2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asrscan; C:\WINDOWS\System32\DRIVERS\asrscan.sys [22072 2022-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Advanced System Repair Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [42296 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [238128 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [390096 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [258496 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [105920 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [48488 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276496 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [558536 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [114488 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [90000 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [862960 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [671712 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221976 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327904 2022-10-03] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-10] (AnchorFree Inc -> Anchorfree Inc.)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-13] (Microsoft Windows -> Microsoft Corporation)
R3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-04-25] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-05 15:38 - 2022-11-05 15:38 - 002374656 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (5).exe
2022-11-05 15:33 - 2022-11-05 15:33 - 002374656 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (4).exe
2022-11-05 15:33 - 2022-11-05 15:33 - 002374656 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (3).exe
2022-11-05 15:14 - 2022-11-05 15:27 - 000000000 ____D C:\Program Files (x86)\Advanced System Repair Pro 1.9.9.2.0
2022-11-05 15:14 - 2022-11-05 15:14 - 017248552 _____ (Advanced System Repair, Inc.) C:\Users\Arwen\Downloads\Advanced-System-Repair-Pro-RepairTool.L (2).exe
2022-11-05 15:14 - 2022-11-05 15:14 - 000022072 _____ (Advanced System Repair Inc.) C:\WINDOWS\system32\Drivers\asrscan.sys
2022-11-05 15:14 - 2022-11-05 15:14 - 000003240 _____ C:\WINDOWS\system32\Tasks\ASR-Startup
2022-11-05 15:14 - 2022-11-05 15:14 - 000001233 _____ C:\Users\Public\Desktop\Advanced System Repair Pro.lnk
2022-11-05 15:14 - 2022-11-05 15:14 - 000000000 ____D C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced System Repair Pro
2022-11-05 15:13 - 2022-11-05 15:32 - 000000000 ____D C:\ProgramData\ASR8Settings
2022-11-05 15:13 - 2022-11-05 15:13 - 017248552 _____ (Advanced System Repair, Inc.) C:\Users\Arwen\Downloads\Advanced-System-Repair-Pro-RepairTool.L (1).exe
2022-11-05 15:13 - 2022-11-05 15:13 - 002374656 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (2).exe
2022-11-05 15:12 - 2022-11-05 15:13 - 017248552 _____ (Advanced System Repair, Inc.) C:\Users\Arwen\Downloads\Advanced-System-Repair-Pro-RepairTool.L.exe
2022-11-04 16:07 - 2022-11-04 16:07 - 000001085 _____ C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2022-11-04 16:07 - 2022-11-04 16:07 - 000001077 _____ C:\Users\Arwen\Desktop\join.me.lnk
2022-11-04 16:03 - 2022-11-04 16:02 - 001060864 _____ C:\Users\Arwen\Desktop\2023 HMO Quotes.oft
2022-11-04 16:03 - 2022-11-04 16:02 - 000569344 _____ C:\Users\Arwen\Desktop\Dental Copay QF - Quote.oft
2022-11-04 16:03 - 2022-11-04 15:59 - 003683840 _____ C:\Users\Arwen\Desktop\Better Strides Email.oft
2022-11-04 16:02 - 2022-11-04 16:02 - 001060864 _____ C:\Users\Arwen\Downloads\2023 HMO Quotes.oft
2022-11-04 16:02 - 2022-11-04 16:02 - 000569344 _____ C:\Users\Arwen\Downloads\Dental Copay QF - Quote.oft
2022-11-04 15:59 - 2022-11-04 16:00 - 001034752 _____ C:\Users\Arwen\Downloads\2023 PPO Quotes.oft
2022-11-04 15:59 - 2022-11-04 15:59 - 003683840 _____ C:\Users\Arwen\Downloads\Better Strides Email.oft
2022-11-04 15:47 - 2022-11-04 15:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-11-04 15:23 - 2022-11-04 15:23 - 000000000 ____D C:\Users\Arwen\AppData\Local\QMLFeatureTester
2022-11-04 15:23 - 2022-11-04 15:23 - 000000000 ____D C:\ProgramData\join.me
2022-11-04 15:20 - 2022-11-04 15:20 - 028981728 _____ (LogMeIn, Inc.) C:\Users\Arwen\Downloads\join.me (1).exe
2022-11-03 12:28 - 2022-11-03 12:28 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-11-02 20:40 - 2022-11-04 15:58 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-11-02 20:40 - 2022-11-04 15:58 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-02 20:40 - 2022-11-02 20:40 - 000000000 ___RD C:\Users\Default\OneDrive
2022-11-02 20:30 - 2022-11-02 20:30 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-11-02 20:30 - 2022-11-02 20:30 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-11-02 20:30 - 2022-11-02 20:30 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-11-02 20:30 - 2022-11-02 20:30 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-11-02 20:30 - 2022-11-02 20:30 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-11-02 20:30 - 2022-11-02 20:30 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-11-02 20:30 - 2022-11-02 20:30 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-11-02 20:30 - 2022-11-02 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-11-02 19:54 - 2022-11-02 19:54 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-11-02 17:13 - 2022-11-04 16:00 - 001034752 _____ C:\Users\Arwen\Desktop\2023 PPO Quotes.oft
2022-11-02 15:49 - 2022-11-02 15:49 - 002927576 _____ C:\Users\Arwen\Desktop\Formulary _ Rx mB.pdf
2022-11-02 15:48 - 2022-11-02 15:48 - 002895247 _____ C:\Users\Arwen\Downloads\Rx mB.pdf
2022-11-02 15:47 - 2022-11-02 15:48 - 003689290 _____ C:\Users\Arwen\Desktop\Formulary _ Rx BS.BC.BO.pdf
2022-11-02 15:46 - 2022-11-02 15:46 - 003644404 _____ C:\Users\Arwen\Downloads\Rx BS.BC.BO.pdf
2022-11-02 15:44 - 2022-11-02 15:44 - 000184145 _____ C:\Users\Arwen\Desktop\FHA Passwords & Important Sites Revised.pdf
2022-11-02 15:43 - 2022-11-02 15:43 - 000430503 _____ C:\Users\Arwen\Desktop\2023 FPL Chart.pdf
2022-11-02 15:43 - 2022-11-02 15:43 - 000423087 _____ C:\Users\Arwen\Downloads\2023 FPL Chart.pdf
2022-11-02 15:43 - 2022-11-02 15:43 - 000186234 _____ C:\Users\Arwen\Downloads\FHA Passwords & Important Sites Revised.pdf
2022-11-02 15:42 - 2022-11-02 15:42 - 000958662 _____ C:\Users\Arwen\Desktop\2023 - ACA U65 Call Script.pdf
2022-11-02 15:41 - 2022-11-02 15:42 - 000961526 _____ C:\Users\Arwen\Downloads\2023 - ACA U65 Call Script.pdf
2022-11-02 15:41 - 2022-11-02 15:41 - 000415707 _____ C:\Users\Arwen\Desktop\Important Phone Numbers.pdf
2022-11-02 15:40 - 2022-11-02 15:40 - 000412239 _____ C:\Users\Arwen\Downloads\Important Phone Numbers.pdf
2022-11-02 15:39 - 2022-11-02 15:39 - 000098436 _____ C:\Users\Arwen\Desktop\New Business Information Sheet.pdf
2022-11-02 15:39 - 2022-11-02 15:39 - 000098434 _____ C:\Users\Arwen\Downloads\New Business Information Sheet.pdf
2022-11-02 15:38 - 2022-11-02 15:38 - 000098434 _____ C:\Users\Arwen\Downloads\9f5f4830-1e1a-4e68-aece-a5c146f5fb3b.pdf
2022-11-02 15:31 - 2022-11-02 15:31 - 000000000 ____D C:\Users\Arwen\Desktop\2023 - Florida Blue Snapshots (1)
2022-11-02 15:22 - 2022-11-02 15:22 - 000000000 ____D C:\Users\Arwen\Desktop\4) FPL & MAGI
2022-11-02 15:21 - 2022-11-02 15:22 - 350090079 _____ C:\Users\Arwen\Downloads\4) FPL & MAGI.zip
2022-11-02 12:57 - 2022-11-02 12:57 - 000000000 ____D C:\Users\Arwen\Downloads\2) Agent Portal Basics
2022-11-02 12:55 - 2022-11-02 12:56 - 468737518 _____ C:\Users\Arwen\Downloads\2) Agent Portal Basics.zip
2022-11-02 07:52 - 2022-11-04 16:07 - 000000000 ____D C:\Users\Arwen\AppData\Local\join.me
2022-11-02 07:38 - 2022-11-02 07:38 - 000004943 _____ C:\Users\Arwen\Downloads\meeting.ics
2022-11-01 18:41 - 2022-11-01 18:41 - 000073306 _____ C:\Users\Arwen\Downloads\certificate (7).pdf
2022-11-01 15:54 - 2022-11-01 15:54 - 002644304 _____ C:\Users\Arwen\Desktop\Bluetooth Speaker Manual.pdf
2022-11-01 15:54 - 2022-11-01 15:54 - 002644297 _____ C:\Users\Arwen\Downloads\4284025.pdf
2022-11-01 15:50 - 2022-11-02 18:22 - 000000000 ____D C:\Users\Arwen\Desktop\ACA
2022-11-01 15:38 - 2022-11-02 07:56 - 000000000 ____D C:\Users\Arwen\Desktop\Marketplace
2022-11-01 15:03 - 2022-11-01 15:03 - 000006877 _____ C:\Users\Arwen\-1.14-windows.xml
2022-11-01 14:56 - 2022-11-01 15:35 - 000000000 ____D C:\Users\Arwen\AppData\Local\Bluestacks
2022-11-01 14:56 - 2022-11-01 14:56 - 000805464 _____ (BlueStack Systems Inc.) C:\Users\Arwen\Downloads\BlueStacksInstaller_5.9.300.1018_native_b2b2c83dc8a58c15cee1eba6a02af8e9_0_R2FsYXh5IFdlYXJhYmxlIChTYW1zdW5nIEdlYXIp.exe
2022-11-01 14:56 - 2022-11-01 14:56 - 000805464 _____ (BlueStack Systems Inc.) C:\Users\Arwen\Downloads\BlueStacksInstaller_5.9.300.1018_native_b2b2c83dc8a58c15cee1eba6a02af8e9_0_R2FsYXh5IFdlYXJhYmxlIChTYW1zdW5nIEdlYXIp (1).exe
2022-11-01 14:56 - 2022-11-01 14:56 - 000000000 ____D C:\Users\Public\BlueStacks
2022-11-01 14:18 - 2022-11-01 14:18 - 000247480 _____ C:\Users\Arwen\Downloads\apply-for-or-renew-coverage.pdf
2022-11-01 00:19 - 2022-11-01 00:19 - 000309029 _____ C:\Users\Arwen\Downloads\228884_How-to-Instruct-Consumers-to-Insert-Your-National-Producer-Number-on-Marketplace-Applications.pdf
2022-11-01 00:00 - 2022-11-01 00:00 - 001031896 _____ C:\Users\Arwen\Downloads\marketplace-medicare-guide.pdf
2022-10-31 23:46 - 2022-10-31 23:46 - 000119471 _____ C:\Users\Arwen\Downloads\12.17.20 Medicare PDM FAQ final.pdf
2022-10-31 22:28 - 2022-10-31 22:28 - 000138888 _____ C:\Users\Arwen\Downloads\Guidelines-2022.pdf
2022-10-31 18:44 - 2022-10-31 18:44 - 001329552 _____ C:\Users\Arwen\Downloads\EnhancedCLASStandardsBlueprint.pdf
2022-10-31 18:43 - 2022-10-31 18:43 - 000136260 _____ C:\Users\Arwen\Downloads\Contact Information for Filing a Complaint with the State Survey Agency.082022.pdf
2022-10-30 14:03 - 2022-10-30 14:03 - 000003783 _____ C:\Users\Arwen\Downloads\Date Pos October .pdf
2022-10-30 14:03 - 2022-10-30 14:03 - 000003783 _____ C:\Users\Arwen\Downloads\Date Pos October (1).pdf
2022-10-29 08:58 - 2022-10-29 08:58 - 071508974 _____ C:\Users\Arwen\Downloads\2023 - Florida Blue Snapshots.zip
2022-10-28 19:00 - 2022-10-28 19:00 - 000054701 _____ C:\Users\Arwen\Downloads\Hd5tyHnR7CEFxGXBQPdxJU (1).pdf
2022-10-28 18:59 - 2022-10-28 18:59 - 000054701 _____ C:\Users\Arwen\Downloads\Hd5tyHnR7CEFxGXBQPdxJU.pdf
2022-10-26 20:50 - 2022-10-26 20:50 - 000001018 _____ C:\Users\Public\Desktop\Surfshark.lnk
2022-10-26 20:50 - 2022-10-26 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surfshark
2022-10-26 20:50 - 2022-10-26 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\New Folder
2022-10-24 01:34 - 2022-10-24 01:34 - 000623094 _____ C:\Users\Arwen\Downloads\PFG3itBmd7WrCwnRt3qWtm.pdf
2022-10-24 01:24 - 2022-10-24 01:24 - 000253237 _____ C:\Users\Arwen\Downloads\XwtzimngZavWQk2eVHhx39.pdf
2022-10-23 18:06 - 2022-10-23 18:06 - 000515276 _____ C:\Users\Arwen\Downloads\CiTZhaSjE6TQZE5uehBXMf.pdf
2022-10-23 17:44 - 2022-10-23 17:44 - 062328040 _____ C:\Users\Arwen\Downloads\CMS U65 Training Modules.mp4
2022-10-20 22:47 - 2022-10-20 22:47 - 000050094 _____ C:\Users\Arwen\Downloads\vyMjspJZn7CDyREG6rPhZ2.pdf
2022-10-20 22:38 - 2022-10-20 22:38 - 000047107 _____ C:\Users\Arwen\Downloads\pYosEv7bBfjqJH8F2cJus8.pdf
2022-10-20 22:30 - 2022-10-20 22:30 - 000048143 _____ C:\Users\Arwen\Downloads\tiJHbDRiCmLyQLvoCazT76.pdf
2022-10-20 21:56 - 2022-10-20 21:56 - 000213431 _____ C:\Users\Arwen\Downloads\zkGfoU9hhfDbwerAZ7wz4c.pdf
2022-10-19 05:39 - 2022-10-19 05:39 - 000371625 _____ C:\Users\Arwen\Downloads\XdpzbRkUTC5eRcWB9uZc9W.pdf
2022-10-18 01:34 - 2022-10-18 01:34 - 000359636 _____ C:\Users\Arwen\Downloads\L5xvjccZVTtFW463RWw8q3 (1).pdf
2022-10-18 01:33 - 2022-10-18 01:33 - 000359636 _____ C:\Users\Arwen\Downloads\L5xvjccZVTtFW463RWw8q3.pdf
2022-10-18 00:56 - 2022-10-18 00:56 - 000298788 _____ C:\Users\Arwen\Downloads\deTVhoxwpC4qA9fjakHKnb.pdf
2022-10-17 22:04 - 2022-10-17 22:04 - 000210612 _____ C:\Users\Arwen\Downloads\VbNeezcBYRGX3T48af4snZ.pdf
2022-10-17 21:03 - 2022-10-17 21:03 - 000110318 _____ C:\Users\Arwen\Downloads\5cBLwAhecKTQGMjC8kY3AB.pdf
2022-10-17 07:58 - 2022-10-17 07:58 - 000346698 _____ C:\Users\Arwen\Downloads\mz2wJtdS3n4QX6aLLDE2hh.pdf
2022-10-17 03:36 - 2022-10-17 03:36 - 000386416 _____ C:\Users\Arwen\Downloads\tZkYveXjWbM3UbmGRijxiT.pdf
2022-10-17 03:06 - 2022-10-17 03:06 - 000239166 _____ C:\Users\Arwen\Downloads\Xx5dYmJApCVv3Ktx3RBbQN.pdf
2022-10-17 02:00 - 2022-10-17 02:00 - 000406541 _____ C:\Users\Arwen\Downloads\ZbpwXTkhH7ybRggT8nZqph.pdf
2022-10-17 01:23 - 2022-10-17 01:23 - 000284680 _____ C:\Users\Arwen\Downloads\ocBST2KQeP8WSfkS7H6P5U.pdf
2022-10-17 01:23 - 2022-10-17 01:23 - 000284680 _____ C:\Users\Arwen\Downloads\ocBST2KQeP8WSfkS7H6P5U (1).pdf
2022-10-17 00:08 - 2022-10-17 00:08 - 000061207 _____ C:\Users\Arwen\Downloads\f89A9Z7ZE3Cfa6cb2ezp9n.pdf
2022-10-17 00:01 - 2022-10-17 00:01 - 000081037 _____ C:\Users\Arwen\Downloads\7ur6dfvfb4jYEkUi6nz4Vg.pdf
2022-10-16 23:54 - 2022-10-16 23:54 - 000117297 _____ C:\Users\Arwen\Downloads\R3pSm3Tr4ntMqJiokN43Eg.pdf
2022-10-16 23:47 - 2022-10-16 23:47 - 000082265 _____ C:\Users\Arwen\Downloads\Zx3jcY5uRusPYsQzC5wCZG.pdf
2022-10-16 21:27 - 2022-10-16 21:27 - 000434185 _____ C:\Users\Arwen\Downloads\CcWUncWYYK3hN9vPgLsQwK.pdf
2022-10-16 21:25 - 2022-10-16 21:25 - 000380383 _____ C:\Users\Arwen\Downloads\eGNHnUpcTrHvwihrUaTbX4.pdf
2022-10-15 20:03 - 2022-10-15 20:03 - 000379906 _____ C:\Users\Arwen\Downloads\8NULhHPsApdCyXAhq3sJKL.pdf
2022-10-15 19:32 - 2022-10-15 19:32 - 000257225 _____ C:\Users\Arwen\Downloads\P2Xrim5Ydb6dQZGzo3bX4S.pdf
2022-10-15 15:37 - 2022-10-15 15:37 - 000248154 _____ C:\Users\Arwen\Downloads\mCEi5x7BprNNyiUuZ7rvun.pdf
2022-10-15 15:08 - 2022-10-15 15:08 - 000224251 _____ C:\Users\Arwen\Downloads\hWMbHb9F3U48DeB3pTUhHm.pdf
2022-10-15 14:59 - 2022-10-15 14:59 - 000339708 _____ C:\Users\Arwen\Downloads\xD6ceBSxczS6WPhS6QAxqW.pdf
2022-10-15 14:24 - 2022-10-15 14:24 - 000343027 _____ C:\Users\Arwen\Downloads\LtZdNxYoFifVej25DD2yUS.pdf
2022-10-15 14:13 - 2022-10-15 14:13 - 000295238 _____ C:\Users\Arwen\Downloads\QcaqbfwJHLN5CmBVN7kZMH.pdf
2022-10-15 13:52 - 2022-10-15 13:52 - 000286333 _____ C:\Users\Arwen\Downloads\QrAtW8yPfPRGkgDPt5iSdj.pdf
2022-10-15 12:59 - 2022-11-01 15:52 - 000000000 ____D C:\Users\Arwen\Desktop\RE Course
2022-10-15 12:59 - 2022-10-15 13:02 - 000000000 ____D C:\Users\Arwen\Desktop\JLL Fraud
2022-10-14 08:38 - 2022-10-14 08:38 - 000028660 _____ C:\Users\Arwen\Downloads\es3415 word form.pdf
2022-10-13 12:13 - 2022-10-13 12:13 - 000025576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-10-13 10:18 - 2022-10-13 10:18 - 000000000 ____D C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-10-12 17:38 - 2022-10-22 17:05 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-12 03:47 - 2022-10-12 03:47 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-12 03:47 - 2022-10-12 03:47 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 03:46 - 2022-10-12 03:46 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-12 03:46 - 2022-10-12 03:46 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-12 03:45 - 2022-10-12 03:45 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-12 03:45 - 2022-10-12 03:45 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-12 03:44 - 2022-10-12 03:44 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-12 02:49 - 2022-10-12 02:49 - 000000000 ___HD C:\$WinREAgent
2022-10-11 10:31 - 2022-10-11 10:31 - 000429793 _____ C:\Users\Arwen\Downloads\R9HKWuH8QiBnASPwcfK4hH.pdf
2022-10-11 10:31 - 2022-10-11 10:31 - 000360203 _____ C:\Users\Arwen\Downloads\tEcpVoaSp2unJdSsgShLef.pdf
2022-10-11 10:31 - 2022-10-11 10:31 - 000349019 _____ C:\Users\Arwen\Downloads\xhTYDZMXCm7mmR7nX4LJZh.pdf
2022-10-11 10:31 - 2022-10-11 10:31 - 000044746 _____ C:\Users\Arwen\Downloads\uPnT3irAAxi3kGQ8twywg5.pdf
2022-10-11 10:29 - 2022-10-11 10:29 - 000334019 _____ C:\Users\Arwen\Downloads\6aoAJZxVAexcbWYj66FNXH.pdf
2022-10-06 19:38 - 2022-10-06 19:38 - 000000000 ____D C:\Program Files (x86)\Surfshark TAP Driver Windows
2022-10-06 19:35 - 2022-10-06 19:35 - 001979155 _____ C:\Users\Arwen\Downloads\Agent Appointment Form.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-05 15:42 - 2020-02-03 11:12 - 000044814 _____ C:\Users\Arwen\Downloads\FRST.txt
2022-11-05 15:42 - 2020-02-03 11:09 - 000000000 ____D C:\FRST
2022-11-05 15:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-11-05 15:26 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-05 15:23 - 2018-06-20 10:30 - 000000000 ____D C:\Users\Arwen\AppData\Local\AVAST Software
2022-11-05 15:16 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-05 15:09 - 2013-01-22 13:02 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-05 15:05 - 2012-09-04 03:05 - 000000000 ____D C:\ProgramData\WinClon
2022-11-05 14:55 - 2014-10-12 23:59 - 000000000 ___RD C:\Users\Arwen\OneDrive
2022-11-05 14:49 - 2014-10-12 23:51 - 000000000 __SHD C:\Users\Arwen\IntelGraphicsProfiles
2022-11-05 14:47 - 2020-10-02 13:43 - 000005978 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-05 14:42 - 2020-10-02 13:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-05 14:41 - 2020-10-02 13:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-05 14:41 - 2020-10-02 13:16 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-05 12:01 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-05 12:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-05 11:43 - 2020-04-22 04:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-04 16:08 - 2020-10-02 13:58 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-11-04 15:58 - 2021-12-11 09:08 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3548505277-2733688421-2640094488-1001
2022-11-04 15:53 - 2020-10-27 11:23 - 000000000 ____D C:\Users\Arwen\AppData\Roaming\Surfshark
2022-11-04 15:47 - 2015-07-19 18:04 - 000000000 ____D C:\Users\Arwen\AppData\Local\LogMeIn
2022-11-04 15:44 - 2014-02-10 16:43 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-11-04 15:32 - 2020-10-02 13:26 - 000000000 ____D C:\Users\Arwen
2022-11-04 15:30 - 2020-10-02 13:17 - 000701544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-04 15:28 - 2012-09-04 02:57 - 000000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2022-11-04 15:28 - 2012-09-04 02:57 - 000000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2022-11-03 01:41 - 2013-07-12 13:33 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-02 20:33 - 2017-05-03 14:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-11-02 19:54 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-11-02 17:55 - 2017-07-27 08:05 - 000000000 ____D C:\Users\Arwen\AppData\Local\ConnectedDevicesPlatform
2022-11-02 17:55 - 2012-12-16 21:07 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-11-02 16:48 - 2018-07-02 14:05 - 000000000 ____D C:\ProgramData\Packages
2022-11-02 16:48 - 2018-01-12 12:05 - 000000000 ____D C:\Users\Arwen\AppData\Local\Packages
2022-11-02 15:26 - 2022-09-19 09:14 - 000002984 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-11-02 15:26 - 2022-09-19 09:14 - 000002604 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-11-02 15:26 - 2022-07-17 13:48 - 000002626 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001
2022-11-02 15:26 - 2022-07-17 13:48 - 000002498 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001
2022-11-02 15:26 - 2021-03-26 06:29 - 000002680 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2022-11-02 15:26 - 2021-03-26 06:29 - 000002678 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2022-11-02 15:26 - 2021-03-26 06:29 - 000002678 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2022-11-02 15:26 - 2020-10-02 13:59 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-02 15:26 - 2020-10-02 13:59 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-02 15:26 - 2020-10-02 13:59 - 000003070 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{FF6E7FF6-A826-4FA6-A008-42C24AD91130}
2022-11-02 15:26 - 2020-10-02 13:59 - 000002458 _____ C:\WINDOWS\system32\Tasks\WLANStartup
2022-11-02 15:26 - 2020-10-02 13:59 - 000002312 _____ C:\WINDOWS\system32\Tasks\RealDownloader Update Check
2022-11-02 15:26 - 2020-10-02 13:59 - 000002240 _____ C:\WINDOWS\system32\Tasks\RogueKiller Anti-Malware
2022-11-02 15:26 - 2020-10-02 13:59 - 000002040 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2022-11-02 15:26 - 2020-10-02 13:58 - 000003556 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA1d35e28b249f63f
2022-11-02 15:26 - 2020-10-02 13:58 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-11-02 15:26 - 2020-10-02 13:58 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-11-02 15:26 - 2020-10-02 13:58 - 000003292 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA
2022-11-02 15:26 - 2020-10-02 13:58 - 000003288 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core1d35e28b237dd8d
2022-11-02 15:26 - 2020-10-02 13:58 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-11-02 15:26 - 2020-10-02 13:58 - 000003040 _____ C:\WINDOWS\system32\Tasks\FaxArchive_CN2BD211XW05S1
2022-11-02 15:26 - 2020-10-02 13:58 - 000003020 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core
2022-11-02 15:26 - 2020-10-02 13:58 - 000002916 _____ C:\WINDOWS\system32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2022-11-02 15:26 - 2020-10-02 13:58 - 000002750 _____ C:\WINDOWS\system32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec
2022-11-02 15:26 - 2020-10-02 13:58 - 000002686 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP Officejet Pro 8610
2022-11-02 15:26 - 2020-10-02 13:58 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-11-02 15:26 - 2020-10-02 13:58 - 000002574 _____ C:\WINDOWS\system32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2022-11-02 15:26 - 2020-10-02 13:58 - 000002502 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP Officejet 4620 series
2022-11-02 15:26 - 2020-10-02 13:58 - 000002262 _____ C:\WINDOWS\system32\Tasks\advRecovery
2022-11-02 15:26 - 2020-10-02 13:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2022-11-02 09:54 - 2020-10-27 11:25 - 000000000 ____D C:\ProgramData\Surfshark
2022-11-02 08:04 - 2018-03-05 09:29 - 000000000 ____D C:\Users\Arwen\AppData\Local\PlaceholderTileLogoFolder
2022-11-02 07:40 - 2012-12-16 22:21 - 000000000 ____D C:\Users\Arwen\AppData\Local\CrashDumps
2022-11-01 15:50 - 2020-01-13 10:25 - 000000000 ____D C:\Users\Arwen\Desktop\Me
2022-11-01 15:46 - 2014-09-16 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2022-11-01 15:35 - 2014-09-16 22:13 - 000000000 ____D C:\ProgramData\Big Fish
2022-11-01 15:35 - 2014-09-16 22:12 - 000000000 ____D C:\BigFishCache
2022-11-01 14:40 - 2013-04-10 11:15 - 000000000 ____D C:\Users\Arwen\AppData\Local\ElevatedDiagnostics
2022-10-31 21:21 - 2022-09-09 10:05 - 000002404 _____ C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-10-30 17:53 - 2013-01-22 12:58 - 000000000 ____D C:\ProgramData\AVAST Software
2022-10-30 17:46 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-10-30 14:11 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-26 20:50 - 2020-10-27 11:24 - 000000000 ____D C:\Program Files (x86)\Surfshark
2022-10-13 22:01 - 2013-01-02 10:38 - 000000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2022-10-13 10:19 - 2018-11-03 09:54 - 000000000 ____D C:\Users\Arwen\AppData\Roaming\Zoom
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-12 04:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 03:58 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-12 03:58 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-12 03:44 - 2020-10-02 13:23 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-12 02:41 - 2013-08-02 19:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 02:29 - 2012-12-22 03:15 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2019-12-19 11:03 - 2019-12-30 05:46 - 000000000 ____D () C:\ProgramData\WZUpdateNotifier.exe
2020-11-06 04:05 - 2020-11-06 04:05 - 000000879 _____ () C:\Users\Arwen\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2022
Ran by Arwen (05-11-2022 15:43:55)
Running from C:\Users\Arwen\Downloads
Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) (2020-10-02 18:01:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3548505277-2733688421-2640094488-500 - Administrator - Disabled)
Arwen (S-1-5-21-3548505277-2733688421-2640094488-1001 - Administrator - Enabled) => C:\Users\Arwen
DefaultAccount (S-1-5-21-3548505277-2733688421-2640094488-503 - Limited - Disabled)
Guest (S-1-5-21-3548505277-2733688421-2640094488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3548505277-2733688421-2640094488-1049 - Limited - Enabled)
scans (S-1-5-21-3548505277-2733688421-2640094488-1051 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3548505277-2733688421-2640094488-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBulkMailer (HKLM-x32\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 8.5 - Advanced Business Objects)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20263 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced System Repair Pro (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Advanced System Repair Pro) (Version: 1.9.9.2 - Advanced System Repair, Inc.)
Art Explosion Publisher Pro Silver Edition (HKLM-x32\...\{C62D7344-8709-4443-9C95-F90659CBC27F}) (Version: 1.0.0.8 - Nova Development)
Autodesk Civil Design 2004 (HKLM-x32\...\{5783F2D7-1208-0409-0000-0060B0CE6BBA}) (Version: 16.4.0.100 - <no manufacturer>)
Autodesk DWG TrueView 2019 - English (HKLM\...\DWG TrueView 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk Express Viewer (HKLM-x32\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
Autodesk Land Desktop 2004 (HKLM-x32\...\{5783F2D7-0208-0409-0000-0060B0CE6BBA}) (Version: 7.26.0.100 - Autodesk)
Avast Driver Updater (HKLM-x32\...\{630C3D8E-2BEE-465F-9E59-BB069ED10761}) (Version: 2.5.6 - AVAST Software) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.9.6034 - Avast Software)
ChaseData - Agent (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\8605d9dd2f7746ec) (Version: 1.0.0.502 - Chase Data Corporation)
ChaseData - Agent (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\PowerNOWAgent) (Version: 1.1.10 - Chase Data Corporation)
Chromium (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ezW2(2019) (HKLM-x32\...\{AF901F64-7C18-4E60-B987-F54DCF5E90E4}) (Version: 7.6.7 - Halfpricesoft)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.10.12 (HKLM\...\GIMP-2_is1) (Version: 2.10.12 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.88 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Video Support Plugin (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
GoTo Opener (HKLM-x32\...\{FCF5FF66-C2FB-45C1-B46E-7A596657B016}) (Version: 1.0.530 - LogMeIn, Inc.)
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 41450 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}) (Version: 1.24.388.1 - Intel Corporation) Hidden
join.me (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\JoinMe) (Version: 3.19.1.5530 - LogMeIn, Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ListExtractor (HKLM-x32\...\{9BDEFE48-95D2-45A7-AC9F-B9CECC0E8E42}) (Version: 2.00.0000 - AtPacific)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15726.20174 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.26 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.217.1016.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Teams) (Version: 1.5.00.28567 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.15.26706 (HKLM\...\{F106B700-BFF8-3065-B305-14D36AD40539}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.15.26706 (HKLM\...\{C77195A4-CEB8-38EE-BDD6-C46CB459EF6E}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810 (HKLM-x32\...\{7FED75A1-600C-394B-8376-712E2A8861F2}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810 (HKLM-x32\...\{828952EB-5572-3666-8CA9-000B6CE79350}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (HKLM-x32\...\{D0B44725-3666-492D-BEF6-587A14BD9BD9}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
MyInvoices & Estimates Deluxe (HKLM-x32\...\{65B402E7-3E26-4C5A-A9C6-FBB4403D1260}) (Version: 10.0.2.1 - Avanquest North America Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Photo Common (HKLM-x32\...\{3751BF9B-5F23-4976-AA62-1BF4D791DCFE}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Common (HKLM-x32\...\{678DD68F-DD35-47FC-9ABA-3B705FBA831B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Common (HKLM-x32\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Print Artist Platinum 24 (HKLM-x32\...\{7568CBAC-FC7F-4EE9-8CAC-B4274FC93B4E}) (Version: 24.0.1.2 - Nova Development)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 20.0) (Version: 20.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.0 - Samsung Electronics CO., LTD.)
SE3D_Installer (HKLM-x32\...\{B717245E-8A7C-4ABF-B383-2930A5AD9555}) (Version: 2.5.22.0 - Structure Studios) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
SHA Premium Quotation System (HKLM-x32\...\SHA Premium Quotation System) (Version: Version 2.1 - USHEALTH)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Structure Studios SE3D 2 (HKLM-x32\...\{7e47a7f9-1dbc-4895-add7-6725785f6a6f}) (Version: 2.5.22.0 - Structure Studios)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Surfshark (HKLM-x32\...\{3B27DD8D-8F47-48FD-BB58-EE243B81359A}) (Version: 4.4.1999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 4.4.1999) (Version: 4.4.1999 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{51F73AB8-1008-4637-B82A-4DAC08F96D2F}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{56142B6D-2B61-4BDC-A607-B06CB18FE179}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{8DBE7558-4D5C-4D06-BA1C-D328129574C9}) (Version: 1.0.1 - Surfshark)
Surfshark TUN Driver Windows (HKLM\...\{968F3CF6-0E71-4C84-8DFD-1C577F72410F}) (Version: 1.0 - Surfshark)
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (HKLM-x32\...\{B99F248C-B4B3-4D61-9FFC-AE59A1F13723}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66B5819D-DE70-42BE-B40F-978FBA12452E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{B400EF92-0350-4330-B4EF-7D36EA107C70}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{91EA0E43-82A0-4DE0-A46C-C7FCC4D989E6}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{D7D29CA8-8E96-4E7E-A9A5-BA65C99E9C68}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{0BE5953A-2CCD-4AAC-95C7-6B324E7BE156}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{98029AF9-D2BD-439A-8ED7-AA60E232A49D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{BAD984EE-790E-4513-A428-3BE2D426DCA7}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{E703613B-BDAB-433E-A66A-DE0263E3D35D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (HKLM\...\{25058321-C33E-496B-8915-6FD64D362CAF}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{33B992ED-B59B-4E25-9F3F-CF2D79BBA914}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{60212DCA-93F2-448C-9056-95BB80D9B5D5}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{6522F5F9-411B-4513-A75B-CEA00395F032}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{714E162E-CD4F-4F1B-8302-7F5179409C25}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{A2DC527D-FA79-46E9-973F-920897CA55E9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{E21F3367-B1D2-4FFE-B8C2-6E46E0663560}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{E4B20094-E915-45F9-A384-FF950E15CEED}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (HKLM-x32\...\{020C6D65-955A-4F76-882A-EC320CAF0103}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (HKLM-x32\...\{0EEB9D52-102A-4102-BF8C-03288C900B5F}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (HKLM-x32\...\{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\ZoomUMX) (Version: 5.11.1 (6602) - Zoom Video Communications, Inc.)

Packages:
=========
Adera -> C:\Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe [2014-10-14] (Microsoft Studios)
Bluetooth Audio Receiver -> C:\Program Files\WindowsApps\55746MarkSmirnov.BluetoothAudioReveicer_1.1.5.0_x64__xwrbx6997tsfc [2022-11-01] (Mark Smirnov)
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2022-01-12] (Canon Inc.)
Galaxy Buds -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.GalaxyBuds_3.9.0.0_x64__3c1yjt4zspk6g [2022-11-01] (Samsung Electronics Co. Ltd.)
Google -> C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_2.1.19.0_x64__yfg5n0ztvskxp [2017-07-27] (Google Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_140.1.307.0_x64__v10z8vjag6ke6 [2022-11-04] (HP Inc.)
join.me Viewer -> C:\Program Files\WindowsApps\C236C1D5.join.meViewer_1.1.0.417_x64__n57vdvnj6e504 [2022-11-02] (LogMeIn, Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2018-05-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2018-05-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-19] (Microsoft Studios) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2021-05-26] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-09] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2022.1102.200_x64__8wekyb3d8bbwe [2022-11-05] (Microsoft Corporation)
PhotoEditor -> C:\Program Files\WindowsApps\6E04A0BD.PhotoEditor_1.0.0.37_neutral__ez4k4b2fwzhzt [2013-01-30] (SAMSUNG ELECTRONICS CO,. LTD.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-11-19] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-23] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-01-25] (Adobe Systems Incorporated)
S Camera -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SCamera_1.0.1903.26021_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
S Gallery -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SGallery_1.0.1903.26021_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
S Player -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SPlayer_1.0.2216.21222_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
Samsung Signature Store -> C:\Program Files\WindowsApps\128374E71F94E.SamsungStore_1.0.2.815_neutral__9sy8ehn46reqm [2012-12-16] (Digital River, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-11-19] (Twitter Inc.)
Zuma Revenge! -> C:\Program Files\WindowsApps\22669SuperFreeHotGames.ZumaRevenge_2.5.0.0_x64__ztn9gjgw8wrhe [2019-07-04] (Super Free Hot Games) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22272.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{1F9E0710-2073-435F-9C1B-F29946205947}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\en-US\dwgviewrficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{69545769-8D02-4B07-A481-AD374CD8D5D1}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.132\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\dwgviewr.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-10-03] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2018-01-30] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-10-03] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2018-01-30] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-30] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2020-10-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.217.1016.0002\FileSyncShell64.dll [2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-10-03] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Drivers32: [vidc.uly2] => C:\StructureStudios\SE3D20\codecs\utvideo64.dll [65240 2021-12-11] (Structure Studios, L.L.C. -> )
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Drivers32: [vidc.x264] => C:\StructureStudios\SE3D20\codecs\x264vfw64.dll [4041944 2021-12-11] (Structure Studios, L.L.C. -> x264vfw project)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Arwen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

 

==================== Loaded Modules (Whitelisted) =============

2012-04-15 22:41 - 2012-04-15 22:41 - 000484864 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-15 22:38 - 2012-04-15 22:38 - 000013824 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2012-04-15 22:42 - 2012-04-15 22:42 - 000015872 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-17 03:48 - 2011-08-17 03:48 - 000195584 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-17 03:48 - 2011-08-17 03:48 - 000322048 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-07-19 03:04 - 2011-07-19 03:04 - 000317952 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2011-08-15 07:12 - 2011-08-15 07:12 - 002603520 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 07:17 - 2011-08-15 07:17 - 009224704 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-08-15 07:12 - 2011-08-15 07:12 - 001006592 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-07-19 03:05 - 2011-07-19 03:05 - 014978048 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 07:15 - 2011-08-15 07:15 - 000382464 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 03:41 - 2011-08-17 03:41 - 000400384 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-15 06:23 - 2011-08-15 06:23 - 000062464 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000446976 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000020480 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000016896 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000195584 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000322048 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000062976 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000064512 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000400384 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000062464 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2022-02-01 02:41 - 2022-02-01 02:41 - 000263680 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll
2021-10-27 05:41 - 2021-10-27 05:41 - 001601536 _____ () [File not signed] C:\Program Files (x86)\Surfshark\runtimes\win-x64\native\e_sqlite3.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 000088064 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\_ctypes.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000128512 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\_elementtree.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000914432 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\_hashlib.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000027648 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\_multiprocessing.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000036864 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\_psutil_windows.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000046080 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\_socket.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 001303552 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\_ssl.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000020480 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\_yappi.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000012800 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\common.time34.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000007168 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\hashobjs_ext.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000127488 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\pyexpat.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000682496 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\pysqlite2._sqlite.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000364544 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\pythoncom27.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 000110080 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\pywintypes27.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 000010240 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\select.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000017920 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\thumbnails_ext.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000686080 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\unicodedata.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000088064 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\usb_ext.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000098816 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32api.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000320512 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32com.shell.shell.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000011264 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32crypt.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000018432 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32event.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000119808 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32file.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000167936 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32gui.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000038912 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32inet.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000025600 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32pdh.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000024064 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32pipe.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000035840 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32process.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000017408 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32profile.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000108544 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32security.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000022528 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\win32ts.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000078848 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wx._animate.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 001067008 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wx._controls_.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 001176576 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wx._core_.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000806400 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wx._gdi_.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000077312 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wx._html2.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000733184 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wx._misc_.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000816128 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wx._windows_.pyd
2022-11-05 14:50 - 2022-11-05 14:50 - 000123392 ____R () [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wx._wizard.pyd
2022-08-10 15:51 - 2022-08-10 15:51 - 000016384 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\011b123a1f2465b665c65dbbae021287\PSIClient.ni.dll
2016-09-29 13:05 - 2016-09-29 13:05 - 000518144 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 002863104 _____ (Digia Plc) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 001139200 _____ (Digia Plc) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000384000 _____ (Digia Plc) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2022-06-19 15:24 - 2022-06-19 15:24 - 000019968 _____ (Intel Corp.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\291c5fe0d8bab360b1a1814089f653cc\IAStorCommon.ni.dll
2012-09-04 02:56 - 2012-07-09 00:46 - 000269312 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2012-04-15 22:37 - 2012-04-15 22:37 - 000075264 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ChannelAdapter.dll
2012-04-15 22:35 - 2012-04-15 22:35 - 000098304 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\configurationManager.dll
2012-04-15 22:39 - 2012-04-15 22:39 - 000224256 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\CorePersistenceAPI.dll
2012-04-15 22:36 - 2012-04-15 22:36 - 000118784 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\dispatcher.dll
2012-04-15 22:35 - 2012-04-15 22:35 - 000019968 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\localMessage.dll
2012-04-15 22:35 - 2012-04-15 22:35 - 000030208 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\logger.dll
2012-04-15 22:35 - 2012-04-15 22:35 - 000318976 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\network.dll
2012-04-15 22:37 - 2012-04-15 22:37 - 000220160 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\orchestrator.dll
2012-04-15 22:38 - 2012-04-15 22:38 - 000623616 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\payload.dll
2012-04-15 22:38 - 2012-04-15 22:38 - 000109056 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\policyManager.dll
2012-04-15 22:35 - 2012-04-15 22:35 - 000018432 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sealing.dll
2012-04-15 22:38 - 2012-04-15 22:38 - 001489920 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\serializer.dll
2012-04-15 22:38 - 2012-04-15 22:38 - 000141824 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\systemInfo.dll
2012-04-15 22:35 - 2012-04-15 22:35 - 000125952 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\uuid.dll
2012-09-04 02:56 - 2012-07-09 00:46 - 000497664 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000283648 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\agentInfo.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000080384 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\channelAdapter.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000061952 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\configurationManager.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000206336 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\corePersistenceAPI.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000106496 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\dispatcher.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000142848 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\liveUpdateUtility.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000018944 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\localMessage.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000030208 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\logger.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000194560 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\network.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000097280 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\orchestrator.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000181760 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\payload.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000018432 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\sealing.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000539136 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\serializer.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000156160 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceOfferingManager.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000012288 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\sm_uuid.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000078336 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\systemInfo.dll
2022-08-10 15:50 - 2022-08-10 15:50 - 000075264 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMgr\af229c3ff7e92c037723af25ada5e23e\IAStorDataMgr.ni.dll
2022-10-31 15:44 - 2022-10-31 15:44 - 000379392 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\8c7b49304a39598fcf11d2547f106f83\IAStorUtil.ni.dll
2022-10-31 15:45 - 2022-10-31 15:45 - 001114624 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorViewModel\67515094d6cce0265a86355017e165ec\IAStorViewModel.ni.dll
2022-08-10 15:50 - 2022-08-10 15:50 - 003864576 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSI\d8e7dcec8962933a38334c9a7689837e\PSI.ni.dll
2022-08-10 15:51 - 2022-08-10 15:51 - 000643584 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PsiData\696f9184aa815c829955ca1c52356a5e\PsiData.ni.dll
2022-08-10 15:51 - 2022-08-10 15:51 - 000027136 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\85ebdf519a1b31af32afceb97ad8b8ff\IAStorDataMgrSvcInterfaces.ni.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 002459648 ____R (Python Software Foundation) [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\python27.dll
2016-07-12 16:33 - 2013-12-05 23:05 - 000179712 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMBMDE.DLL
2011-08-15 06:23 - 2011-08-15 06:23 - 001019392 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\LIBEAY32.dll
2011-08-15 06:23 - 2011-08-15 06:23 - 000209408 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\SSLEAY32.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 001019392 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\LIBEAY32.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 000210432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\SSLEAY32.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 000155136 ____R (wxWidgets development team) [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wxbase30u_net_vc90.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 002030592 ____R (wxWidgets development team) [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wxbase30u_vc90.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 001251328 ____R (wxWidgets development team) [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wxmsw30u_adv_vc90.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 004796928 ____R (wxWidgets development team) [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wxmsw30u_core_vc90.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 000601088 ____R (wxWidgets development team) [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wxmsw30u_html_vc90.dll
2022-11-05 14:50 - 2022-11-05 14:50 - 000110080 ____R (wxWidgets development team) [File not signed] C:\Users\Arwen\AppData\Local\Temp\_MEI92922\wxmsw30u_webview_vc90.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:59846E5E [446]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Classes\.scr: AutoCADScriptFile => "C:\WINDOWS\notepad.exe" "%1"

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> {5702548C-054D-441C-8D09-68ACF36AA8ED} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\realplayer\BrowserRecordPlugin\IE\rndlbrowserrecordplugin64.dll [2020-10-22] (RealNetworks, Inc. -> RealPlayer)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\realplayer\BrowserRecordPlugin\IE\rndlbrowserrecordplugin.dll [2020-10-22] (RealNetworks, Inc. -> RealPlayer)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {483EB14D-AF1C-4951-81B0-4E2B41829FF6} hxxps://assess.shlonline.com/cabs/QOLCheck.ocx
DPF: HKLM-x32 {494DE545-6D3C-4F63-9D73-CF408AB248D9} hxxps://vanillasoft.net/binarys/amiTapiPro.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\evolvondemand.net -> hxxps://transcom.evolvondemand.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\vanillasoft.net -> hxxps://vanillasoft.net

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2022-06-27 08:52 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\;C:\PROGRA~2\COMMON~1\AUTODE~1\GIS\IMPORT~1\2.0;C:\Program Files (x86)\Common Files\Autodesk Shared\;C:\Program Files (x86)\Land Desktop 2004\;C:\Program Files (x86)\Land Desktop 2004\Land\
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arwen\Pictures\2018-12-28\424.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "HP Officejet 4620 series (NET)"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "eyeBeam SIP Client"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "MobileAppSync"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FA9129FF-73AD-4F17-A3E4-08C387470DC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC33BA8B-43DA-4101-A7EF-C845A5EE9C1B}] => (Allow) LPort=1900
FirewallRules: [{A256DE0D-91C4-4813-8D37-4094F0093856}] => (Allow) LPort=2869
FirewallRules: [{A815C66B-2F5A-4DC6-8E6A-8422AAD9968A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{2A1AB145-840C-4E4B-A732-E6AEA182B799}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{47220578-96A8-48BC-8FA9-81CD8483B8B9}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [UDP Query User{FDB83730-E44D-42BA-B0BE-7325D05CFF85}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{7FC20502-F09E-4883-B32D-33DB7A6F7BB1}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe (APL, INC.) [File not signed]
FirewallRules: [UDP Query User{E920F795-8C2E-47C2-8BC7-AD34E45AB82E}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{D10F29B3-A1D4-4199-A79A-1D8F9E6A3498}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [{F43B2C4C-F5EA-4363-9415-ECF9FAFFC407}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [{897FCBF3-3082-48C3-9C78-0351D95DF122}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{75A7B777-C639-4F54-B838-0616DF7E3EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{475845B5-8E58-4B86-9021-F02FE930CAFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{E5BDA255-2693-4BA1-A18C-DDDCFC6447C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{35C62B24-008C-47F3-8842-CD26973164D8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [{87F7ACBE-C5B0-4702-AC7D-DFEA5BB85994}] => (Allow) C:\Users\Arwen\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{3AC79786-79B8-4A5D-9E78-7302C16ED780}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9DCB8878-D257-4603-842F-3FBEDF56723D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{A29AFC7B-3E25-4483-A5FA-0E78546E91FF}C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe] => (Allow) C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe => No File
FirewallRules: [UDP Query User{3AAD7360-9D41-4F80-A214-7693FEBF5197}C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe] => (Allow) C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe => No File
FirewallRules: [TCP Query User{5547B77C-F52E-4D7D-8BBA-BC0DA696B906}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Allow) C:\program files (x86)\microsoft silverlight\sllauncher.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{C7A6B246-6029-45FB-9C56-91DF3EA9606D}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Allow) C:\program files (x86)\microsoft silverlight\sllauncher.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20E7F0C6-043C-4966-A82C-F02D75B34E9F}] => (Allow) LPort=9422
FirewallRules: [{88685F0B-6B08-44F8-BC31-D7871A661965}] => (Allow) LPort=9245
FirewallRules: [{EE0FA760-C9FE-4FB1-96E3-B8FDCC0CD2BA}] => (Allow) LPort=9246
FirewallRules: [{FD99183D-808A-4608-8C89-AB567A2962D9}] => (Allow) LPort=9247
FirewallRules: [{DFA7C63E-6E6F-4733-AA36-61E968113BBB}] => (Allow) LPort=3702
FirewallRules: [{FB20C203-237D-4AAA-8145-14677711D0F2}] => (Allow) LPort=9244
FirewallRules: [{A05F996A-DFF2-4DBB-BB7B-6213C42CCB38}] => (Allow) LPort=9444
FirewallRules: [{59C92E5F-CED2-4B2B-B9E0-23FE60E1514F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{2CA5F01C-7ABD-47B5-8A2F-DB810C18D123}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B6307CA4-A8CE-4C39-BDE4-CDA13DA506B4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{AB6BFDE2-8624-416C-9227-E3BEA5F358E5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{C7477040-867E-474F-9325-2485793EC62F}] => (Allow) LPort=5357
FirewallRules: [{18A48F20-B028-4562-89C2-C8E6A0633568}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{7F711A83-714B-40EE-BDB0-C2F46FD6DA2A}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS5C7F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{BADF9218-8B3C-4695-9B66-06C00CDD004D}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS5C7F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{74642F68-C446-4852-A350-DBD3B7DF58D3}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS741F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{A0A243E5-E4F0-425F-81B5-08BCD6F2CB46}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS741F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D0E959C1-F18C-4246-86A3-B924CA73C39D}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS75F9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{EE18486D-B39A-45EE-AF14-DB250224F463}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS75F9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{EA453DD5-5448-4B7E-9E68-C391F3D8C4EA}] => (Allow) C:\Users\Arwen\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{88F35322-5EEB-492C-9696-C9EC889B69A2}] => (Allow) C:\Users\Arwen\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{716E27AB-2BFF-4A92-A221-D24F4DB2A5E8}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{CBD6404C-578B-4C1F-A10F-FE9F0BCC3B68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFA70366-8FB4-4E81-B75E-07C19FDD7756}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE475AB5-E547-474C-94D7-8EA741DA1F08}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{82F0C515-63AC-4104-9CA0-21784EEF0395}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C9B2675-A277-4997-ABAA-5F7AF1F57261}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6371\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FA03B99F-BD8D-46B3-85CE-73169F78A6E1}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6371\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6B67AF04-493B-4892-A0CE-FBCF74A4BC82}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D0E943E9-8BBC-4450-8044-EC7D8B18EA03}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8A2B7A7A-6EE2-40DD-AD6E-A443C88ADA24}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8F5763A5-13D6-4E50-A5E4-0B5FF6242017}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D3F0F1AA-7A76-4F1D-BCE0-0868347272D3}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6BDD\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{5E1F994E-917C-4B04-89F1-ED6947B5A7DD}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6BDD\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7AECE7EF-0F9D-4467-A45C-9B72F93D5DD3}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5381FE96-C071-4E9D-919F-6F56D726216C}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{423DAD41-CF1B-4E85-B9AA-FE854E7437A1}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{15854525-518F-4FC3-975D-FAB0AFFDACDC}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FA7FCBA0-3C67-454C-9990-30E47ED142B9}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8265C7BD-31DD-4E91-BE64-78B301AB2F2F}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C2C331C3-E68A-46B8-AE7A-069966ED0563}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{6BBE4786-A013-41E0-87F2-ED1047A6DD90}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{48201D8D-2789-4657-830E-C236291ABE5B}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B17232EE-F8A5-4F8E-93D3-4F71D2F1BFD5}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DE9E21C5-67A3-44E3-95EB-97828C976867}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{763DC6AD-6FD5-4741-A6E1-8DA47396C28F}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D378DB75-D2F1-4DE5-88C3-B4ED6633BF65}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{38748B21-B686-43B7-BD57-38A04DE57524}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2AB639FD-E19E-4E42-A9A4-3A369AF550AB}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{99F41DC5-73DB-4F2F-9D06-97E7B4D6E80C}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{44FAAE4D-B3A4-4948-8566-ACDF99019EF4}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0C9F6BC7-5DA9-4E1E-B376-EBF328B2BAFA}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B65B5E28-027A-4603-9455-A430643F24A2}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{6B1B0806-BB58-4BDD-8A10-776EFAAB8184}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C3F2AAF2-7EEE-4207-BA83-F064CCB82CFA}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2A9D3B3C-D278-49D5-8106-3C5785D85120}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{717C203A-96C1-434C-9544-B20F7664D8DB}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{75FFCEB1-83E9-43F7-876B-847C1B945AAB}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{49858805-B687-4C17-879A-A62A85AC6960}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8A03FE98-C8C5-40C7-85D9-3B4E347F1981}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{757AD734-46B3-4FF5-8284-FDC4893E310F}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{40CF430C-5980-4924-943E-AAB9784EA3A1}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3CAF9186-C8E7-4633-B61C-34CC0BC9FC0C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{47EBACEC-AFA1-4288-B66C-83D52451BAF8}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{6F88834E-D1AD-4046-A908-3CFE575E8173}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{F4665758-13D2-48E7-9323-DFBFDB42A663}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{FBDFE025-E4FC-4874-AC51-88635232D919}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B29947D6-2B8E-48E8-A091-921516BA5BC6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

19-10-2022 04:47:00 Scheduled Checkpoint
26-10-2022 20:40:43 Installed Surfshark
30-10-2022 14:02:00 Windows Modules Installer
03-11-2022 12:32:25 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/05/2022 02:47:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2022 02:47:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/05/2022 02:44:54 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore.

Error: (11/04/2022 03:46:08 PM) (Source: OneDriveUpdaterService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/04/2022 03:32:51 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore.

Error: (11/04/2022 03:12:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GameBar.exe version 5.822.9161.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 55b8

Start Time: 01d8f0813760bc1d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.9161.0_x64__8wekyb3d8bbwe\GameBar.exe

Report Id: 199c313a-9e8f-4aa9-9334-9b978c316692

Faulting package full name: Microsoft.XboxGamingOverlay_5.822.9161.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Activation

Error: (11/04/2022 03:10:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StartMenuExperienceHost.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4d50

Start Time: 01d8eedcee7f6f39

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Report Id: e0d84016-3228-4c4e-a878-1e59fe29bced

Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (11/03/2022 12:35:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2022.30070.26007.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4210

Start Time: 01d8ee3a06a2eac6

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2022.30070.26007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 48b6a6ca-d7f0-4933-852a-df4f17481cb8

Faulting package full name: Microsoft.Windows.Photos_2022.30070.26007.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Cross-thread


System errors:
=============
Error: (11/05/2022 03:41:46 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2022 03:41:45 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2022 03:41:43 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2022 03:41:41 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2022 03:41:39 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2022 03:41:37 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2022 03:41:35 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2022 03:41:33 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===============
Date: 2022-11-05 15:43:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-11-05 15:11:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-11-05 14:45:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P02ABE 08/24/2012
Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP350E7C-A01US
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 63%
Total physical RAM: 8083.5 MB
Available physical RAM: 2990.82 MB
Total Virtual: 13203.5 MB
Available Virtual: 7556.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.58 GB) (Free:679.06 GB) (Model: ST1000LM024 HN-M101MBB) NTFS
Drive d: () (CDROM) (Total:0 GB) (Free:0 GB)

\\?\Volume{b98955a8-b61a-418a-8b15-55d68631086a}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
\\?\Volume{1f808df2-4ce7-4b0b-8cd4-ad4f9b3c3067}\ () (Fixed) (Total:0.92 GB) (Free:0.37 GB) NTFS
\\?\Volume{c3ab75b8-3ab2-49ef-9c79-6f83d9e2e80b}\ (SAMSUNG_REC2) (Fixed) (Total:22.11 GB) (Free:0.99 GB) NTFS
\\?\Volume{354f307c-2e13-46a4-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.29 GB) FAT32
\\?\Volume{0802c3af-e7db-4cb4-8bb4-24a1348c0432}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A56C4F25)

Partition: GPT.

==================== End of Addition.txt =======================

 

Hi Broni!
Slow to wake up. And delays upon opening apps and docs. Couldn't clear the cache on Chrome, also.

 

Will do in a few.. in the ER atm

 

TY..

 

Yes just got released from the hospital today was in ICU for a couple of days... I'm going to run the programs today. Thank you for hanging in there with me.

 

Currently running RK..

 

Program : RogueKiller Anti-Malware
Version : 15.6.2.0
x64 : Yes
Program Date : Oct 10 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19044) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Arwen
User is Admin : Yes
Date : 2022/11/12 06:10:14
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 2974
Found items : 13
Total scanned : 122391
Signatures Version : 20221107_130612
Truesight Driver : Yes
Updates Count : 4
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[PUP.AdvancedSystemRepair (Potentially Malicious)] asrrealtimesrv [Advanced System Repair Inc] -- %programfiles(x86)%\Advanced System Repair Pro 1.9.9.2.0\asrrealtimesrv.exe -> Stopped
[+] scan_what : 0
[+] vendors : PUP.AdvancedSystemRepair
[+] Name : asrrealtimesrv [Advanced System Repair Inc]
[+] value : %programfiles(x86)%\Advanced System Repair Pro 1.9.9.2.0\asrrealtimesrv.exe
[+] Type : Service
[+] file_hash : 0FB965EFD21E63F68718063A835096ADC248F67ACF70B5E0661052C183DCE2E8
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.AdvancedSystemRepair (Potentially Malicious)] \ASR-Startup -- C:\Program Files (x86)\Advanced System Repair Pro 1.9.9.2.0\AdvancedSystemRepairPro.exe (/minimize) -> Deleted
[+] scan_what : 0
[+] vendors : PUP.AdvancedSystemRepair
[+] Name : \ASR-Startup
[+] value : C:\Program Files (x86)\Advanced System Repair Pro 1.9.9.2.0\AdvancedSystemRepairPro.exe (/minimize)
[+] Type : Task
[+] file_hash : 843858FF9F7089E3273C81F18464781814AC45D5F651257C770E2EF347F053FB
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.AdvancedSystemRepair (Potentially Malicious)] HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced System Repair Pro -- -> Deleted
[+] scan_what : 2
[+] vendors : PUP.AdvancedSystemRepair
[+] Name : HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced System Repair Pro
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.AdvancedSystemRepair (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asrrealtimesrv -- [%programfiles(x86)%\Advanced System Repair Pro 1.9.9.2.0\asrrealtimesrv.exe] -> Deleted
[+] scan_what : 2
[+] vendors : PUP.AdvancedSystemRepair
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asrrealtimesrv
[+] value : [%programfiles(x86)%\Advanced System Repair Pro 1.9.9.2.0\asrrealtimesrv.exe]
[+] Type : Registry
[+] file_hash : 0FB965EFD21E63F68718063A835096ADC248F67ACF70B5E0661052C183DCE2E8
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 3
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUM.Proxy (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- -> Deleted
[+] scan_what : 1
[+] vendors : PUM.Proxy
[+] Name : HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 4
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUM.Proxy (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- -> Deleted
[+] scan_what : 1
[+] vendors : PUM.Proxy
[+] Name : HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 5
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Tr.Gen (Malicious)] found.000 -- %SystemDrive%\found.000 -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : found.000
[+] value : %SystemDrive%\found.000
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 6
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.AdvancedSystemRepair (Potentially Malicious)] Advanced System Repair Pro.lnk -- %SystemDrive%\Users\Public\Desktop\Advanced System Repair Pro.lnk (lnk => C:\PROGRA~2\ADVANC~1.0\ADVANC~1.EXE []) -> Deleted
[+] scan_what : 1
[+] vendors : PUP.AdvancedSystemRepair
[+] Name : Advanced System Repair Pro.lnk
[+] value : %SystemDrive%\Users\Public\Desktop\Advanced System Repair Pro.lnk (lnk => C:\PROGRA~2\ADVANC~1.0\ADVANC~1.EXE [])
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 7
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.Iolo (Potentially Malicious)] mfc45.dat -- %SystemRoot%\SysWOW64\mfc45.dat -> Deleted
[+] scan_what : 1
[+] vendors : PUP.Iolo
[+] Name : mfc45.dat
[+] value : %SystemRoot%\SysWOW64\mfc45.dat
[+] Type : File/Folder
[+] file_hash : 33BE1965050A0526CC9FFCE1735DD9AF2945786458F38AF6F848D185665D71CB
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 8
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.AdvancedSystemRepair (Potentially Malicious)] Advanced System Repair Pro.lnk -- %_Arwen_appdata%\Microsoft\Windows\Start Menu\Programs\Advanced System Repair Pro\Advanced System Repair Pro.lnk (lnk => C:\PROGRA~2\ADVANC~1.0\ADVANC~1.EXE []) -> Deleted
[+] scan_what : 1
[+] vendors : PUP.AdvancedSystemRepair
[+] Name : Advanced System Repair Pro.lnk
[+] value : %_Arwen_appdata%\Microsoft\Windows\Start Menu\Programs\Advanced System Repair Pro\Advanced System Repair Pro.lnk (lnk => C:\PROGRA~2\ADVANC~1.0\ADVANC~1.EXE [])
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 9
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.AdvancedSystemRepair (Potentially Malicious)] Uninstall Advanced System Repair Pro.lnk -- %_Arwen_appdata%\Microsoft\Windows\Start Menu\Programs\Advanced System Repair Pro\Uninstall Advanced System Repair Pro.lnk (lnk => C:\PROGRA~2\ADVANC~1.0\ADVANC~1.EXE [/u]) -> Deleted
[+] scan_what : 1
[+] vendors : PUP.AdvancedSystemRepair
[+] Name : Uninstall Advanced System Repair Pro.lnk
[+] value : %_Arwen_appdata%\Microsoft\Windows\Start Menu\Programs\Advanced System Repair Pro\Uninstall Advanced System Repair Pro.lnk (lnk => C:\PROGRA~2\ADVANC~1.0\ADVANC~1.EXE [/u])
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 10
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.AdvancedSystemRepair (Potentially Malicious)] Advanced System Repair Pro 1.9.9.2.0 -- %programfiles(x86)%\Advanced System Repair Pro 1.9.9.2.0 -> Deleted
[+] scan_what : 1
[+] vendors : PUP.AdvancedSystemRepair
[+] Name : Advanced System Repair Pro 1.9.9.2.0
[+] value : %programfiles(x86)%\Advanced System Repair Pro 1.9.9.2.0
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 11
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.Gen0 (Potentially Malicious)] Amazon Assistant for Chrome -- pbjikboenpfhbbejgkoklgkhjpfogcam -> ERROR [0]
[+] scan_what : 1
[+] vendors : PUP.Gen0
[+] Name : Amazon Assistant for Chrome
[+] value : pbjikboenpfhbbejgkoklgkhjpfogcam
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 12
[+] status : 4
[+] status_str : ERROR [0]
[+] removed : No
[+] status_choice : 2
[+] malpe_score : 0

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-12-2022
# Duration: 00:00:55
# OS: Windows 10 (Build 19044.2251)
# Scanned: 32091
# Detected: 14


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.DriverUpdatePlus C:\Users\Arwen\Downloads\DRIVERUPDATE.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Classes\AppID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Classes\Interface\{23387882-DEAA-4971-2222-5D5046F2B3BB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Classes\Interface\{2532D782-C4FC-4ED8-2222-D654E27AF7F8}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Classes\Interface\{2F343382-EFC2-49C9-2222-FC0C403B0EBB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Classes\TypeLib\{23311E82-B997-11CF-2222-0080C7B2D6BB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Wow6432Node\\Classes\AppID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Wow6432Node\\Classes\CLSID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Wow6432Node\\Classes\Interface\{23387882-DEAA-4971-2222-5D5046F2B3BB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Wow6432Node\\Classes\Interface\{2532D782-C4FC-4ED8-2222-D654E27AF7F8}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Wow6432Node\\Classes\Interface\{2F343382-EFC2-49C9-2222-FC0C403B0EBB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Wow6432Node\\Classes\TypeLib\{23311E82-B997-11CF-2222-0080C7B2D6BB}
PUP.Optional.SpeedItupFree HKLM\Software\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}
PUP.Optional.SpeedItupFree HKLM\Software\Wow6432Node\\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

Could not find MB log file and do not know if I need to do anything with Adware log at this point.

 

Also... there is an error in Chrome.. a button at top right of window that says Error with 3 gold dots. The system will not allow a screenshot