gigglepot
2022-09-16, 06:36
Hello,
Below is the FRST.txt log and the Addition.txt log. I tried to run the aswMBR.exe twice and both times after a few minutes my computer crashed and restarted.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by Lillian (administrator) on DESKTOP-MNATPML (HP HP Pavilion Desktop 590-p0xxx) (15-09-2022 20:37:54)
Running from C:\Users\Lillian\Desktop
Loaded Profiles: Lillian
Platform: Microsoft Windows 10 Home Version 21H2 19044.2006 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\AMD\CNext\CNext\amddvr.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atieclxx.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed] C:\Program Files (x86)\SystemScheduler\WScheduler.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213728 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-12-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WScheduler] => C:\Program Files (x86)\SystemScheduler\WScheduler.exe [331168 2018-03-25] (Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed]
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234600 2022-08-19] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-04] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32686032 2022-09-14] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [MicrosoftEdgeAutoLaunch_43F426C6868B5A0207B840D9EE29A62D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\105.0.5195.102\Installer\chrmstp.exe [2022-09-08] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {027B2618-3701-4A01-A814-BE34A1C3C3DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-21] (Adobe Inc. -> Adobe)
Task: {0CE59796-FE57-49CF-A450-EB794C4FB4C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {17DC42A2-F68C-4C6E-A685-B484C8ECF152} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {289EC535-ACBB-46C5-8599-0FD3667513C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {32DC0AC8-B274-49D7-B512-F88E67AEC293} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {416B6A34-7811-4B65-99F3-49D824D255BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {48EE3F79-D85A-447B-B72A-9A070226625D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [327256 2022-02-09] (HP Inc. -> HP Inc.)
Task: {544D99A4-F781-425D-AB9B-E691807CA27C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {7606036E-858C-4ED9-B14F-6B485B9BBA7D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-21] (Adobe Inc. -> Adobe)
Task: {77285307-6DD1-4359-B11D-511C85C409AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1555696 2022-08-03] (Adobe Inc. -> Adobe Inc.)
Task: {7A24FD53-3A7A-4102-B956-C271D577FD37} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {7E060B13-6897-4620-9E40-C14AA3EA9B5A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4943072 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
Task: {92B2DD11-4D28-46D0-A5CC-787D46F7BFED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {992DC982-2CF9-4C3A-B229-8432A1EC8667} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-520046137-1738454763-4209218755-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {99C64CCC-E267-439A-A447-D06ED6D58491} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {9D7AD1F7-4D88-4CD8-A3BB-D8F6A7158D9B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9F57CADA-CB76-426E-816A-BCE06E750A54} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {A289D980-14D0-4564-A049-1BE1C0125619} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {A3FB1060-736B-4136-9C44-A1762622D30A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {B11C66B8-EB50-41DC-9AE6-C53023F17E37} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {B82C3D5A-1BEF-49E1-9833-C7049684B493} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {CCD75ED5-CCA2-4B7B-9EA0-101A498F3C0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {D1AA80F8-4A3A-49CB-BBE2-51B063F1CEF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {D23D75CF-B448-40EE-A832-1432ED87C6AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {D8F80293-64F2-4DAA-84AF-FDB8172F897A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {DA38A483-B158-4A7F-873E-898A2DFF1F71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {DC43C091-23D3-431D-B6A7-A6C40FD84523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {E1484769-8460-41D6-9417-47F41ED8EC69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {E8D7EFEC-96B8-4937-98F2-C0D40D639D6B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {F22D8845-F310-43DA-BDCC-5FD38D0AC0A1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1f27f15d-e56c-4b9c-9c8a-1b0bfa4ab60e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{64324158-2892-4aef-98b3-a8fc4e3bd95d}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lillian\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-15]
FireFox:
========
FF DefaultProfile: zmh62i5e.default
FF ProfilePath: C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default [2022-09-15]
FF Homepage: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.kijiji.ca/
FF Notifications: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.youtube.com; hxxps://www.facebook.com; hxxps://www.teamviewer.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Canadian English Dictionary) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\en-CA@dictionaries.addons.mozilla.org.xpi [2021-08-04]
FF Extension: (English (CA) Language Pack) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2022-09-05]
FF Extension: (New Tab Override) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Avast Online Security) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\wrc@avast.com.xpi [2020-04-16] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (Black and Purple Theme) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{155429d2-8bf5-44bf-94f8-d194c3ec5f15}.xpi [2021-06-16]
FF Extension: (Photon Colors) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{2c6c94f3-c656-41e9-aa4b-1edba5be9c21}.xpi [2021-07-30]
FF Extension: (Fairytale Of Nature) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{6804879d-8801-473a-b13d-605b902a5e4f}.xpi [2021-06-15]
FF Extension: (Greasemonkey) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-01-28]
FF Extension: (¡Light Blue Theme!) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{f416b4af-c4c9-4607-96ac-77fea7ed4a9b}.xpi [2021-06-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-21] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-09-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-09-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-21] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-09-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default [2022-09-09]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.kijiji.ca/"
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-20]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-09-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
Opera:
=======
OPR Profile: C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable [2022-09-02]
OPR Extension: (Rich Hints Agent) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-12]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-12]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172264 2022-08-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-21] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8523800 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [589536 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014432 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [589536 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-25] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-17] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [305664 2017-11-02] (Realtek Semiconductor Corp.) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-06-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [414456 2022-06-11] (Parsec Cloud, Inc. -> Parsec)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-03-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-03-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Lillian\AppData\Roaming\Zoom"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [41760 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [237632 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [389064 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [257992 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [104904 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [24528 2022-08-01] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [47936 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [274976 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [553880 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [113920 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88984 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [861936 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [671216 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221464 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327408 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 RtkA2dp; C:\WINDOWS\System32\drivers\RtkA2dp.sys [202208 2017-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [72160 2017-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-03-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-03-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-03-01] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-15 20:37 - 2022-09-15 20:42 - 000033418 _____ C:\Users\Lillian\Desktop\FRST.txt
2022-09-15 10:50 - 2022-09-15 11:05 - 001343380 _____ C:\WINDOWS\Minidump\091522-51250-01.dmp
2022-09-15 10:34 - 2022-09-15 10:34 - 005198336 _____ (AVAST Software) C:\Users\Lillian\Desktop\aswMBR.exe
2022-09-15 10:14 - 2022-09-15 10:14 - 002371072 _____ (Farbar) C:\Users\Lillian\Desktop\FRST64.exe
2022-09-15 10:12 - 2022-09-15 10:12 - 002074112 _____ (Farbar) C:\Users\Lillian\Downloads\xzDkTWBW.exe.part
2022-09-15 10:11 - 2022-09-15 10:11 - 000019976 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2022-09-15 10:11 - 2022-09-15 10:11 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2022-09-15 10:11 - 2022-09-15 10:11 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-MNATPML-Windows-10-Home-(64-bit).dat
2022-09-15 10:11 - 2022-09-15 10:11 - 000000000 ____D C:\RegBackup
2022-09-15 10:11 - 2022-09-15 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2022-09-15 10:11 - 2022-09-15 10:11 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2022-09-15 10:10 - 2022-09-15 10:10 - 007333288 _____ (Tweaking.com) C:\Users\Lillian\Desktop\tweaking.com_registry_backup_setup.exe
2022-09-13 21:30 - 2022-09-13 21:30 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-09-13 21:28 - 2022-09-13 21:28 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-09-13 21:28 - 2022-09-13 21:28 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-09-13 21:26 - 2022-09-13 21:26 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-09-13 20:12 - 2022-09-13 20:12 - 000000000 ___HD C:\$WinREAgent
2022-09-12 14:31 - 2022-09-12 14:31 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\com.adobe.dunamis
2022-09-12 12:29 - 2022-09-12 12:29 - 000000000 __RHD C:\Users\Lillian\AppData\Roaming\SecuROM
2022-09-12 12:16 - 2022-09-12 12:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-09-09 13:25 - 2022-09-09 13:25 - 000585266 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220909 (3).fdf
2022-09-09 13:25 - 2022-09-09 13:25 - 000585189 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220909 (2).fdf
2022-09-09 13:20 - 2022-09-09 13:20 - 000585497 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220909 (1).fdf
2022-09-09 13:16 - 2022-09-09 13:16 - 000585315 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220909.fdf
2022-09-07 14:07 - 2022-09-07 14:07 - 000225984 _____ C:\Users\Lillian\Downloads\GoCoupons.pdf
2022-09-02 14:05 - 2022-09-02 14:05 - 001031239 _____ C:\Users\Lillian\Desktop\BabyBel Rolls.xlsx
2022-09-02 14:02 - 2022-09-02 14:02 - 003300156 _____ C:\Users\Lillian\Desktop\minirolls_coupon_rabais_en.pdf
2022-09-02 13:58 - 2022-09-02 13:58 - 001391278 _____ C:\Users\Lillian\Downloads\Babybel Mini Rolls_65b0c26f.pdf
2022-09-02 13:56 - 2022-09-02 13:56 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db.pdf
2022-09-02 06:41 - 2019-01-04 08:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20220902-064138.backup
2022-08-27 21:58 - 2022-08-27 21:58 - 000270560 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-08-27 21:58 - 2022-08-27 21:58 - 000221464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-08-24 13:42 - 2022-08-24 13:42 - 100642473 _____ C:\Users\Lillian\Desktop\Benjamin's Stuff.zip
2022-08-22 17:39 - 2022-08-22 17:39 - 000000039 _____ C:\Users\Lillian\AppData\Local\kritadisplayrc
2022-08-20 21:52 - 2022-08-20 21:52 - 000120224 _____ C:\Users\Lillian\Desktop\Dino.png.kra
2022-08-16 09:27 - 2022-08-16 09:27 - 000141406 _____ C:\Users\Lillian\Downloads\cn-child-covid-waiver-1.pdf
2022-08-16 09:22 - 2022-08-16 09:22 - 000125721 _____ C:\Users\Lillian\Downloads\cn-community-program-participant-information-form-3.pdf
2022-08-16 09:22 - 2022-08-16 09:22 - 000125721 _____ C:\Users\Lillian\Downloads\cn-community-program-participant-information-form-2.pdf
2022-08-16 09:22 - 2022-08-16 09:22 - 000125721 _____ C:\Users\Lillian\Downloads\cn-community-program-participant-information-form-1.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-15 20:41 - 2020-02-18 21:17 - 000000000 ____D C:\FRST
2022-09-15 20:36 - 2018-05-16 11:15 - 000000000 ____D C:\Users\Lillian\Documents\Lillian
2022-09-15 20:35 - 2021-12-16 07:37 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-09-15 20:35 - 2021-07-08 19:54 - 000003750 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2022-09-15 20:35 - 2021-07-08 19:54 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-09-15 20:35 - 2021-07-08 19:54 - 000003446 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2022-09-15 20:35 - 2021-07-08 19:54 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-09-15 20:35 - 2021-07-08 19:54 - 000003312 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B10F1A6A-E096-4CDE-9012-03BBEB909611}
2022-09-15 20:35 - 2021-07-08 19:54 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-09-15 20:35 - 2021-07-08 19:54 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-09-15 20:35 - 2021-07-08 19:54 - 000002856 _____ C:\WINDOWS\system32\Tasks\HPJumpStartLaunch
2022-09-15 20:35 - 2021-07-08 19:54 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-500
2022-09-15 20:35 - 2021-07-08 19:54 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-09-15 20:35 - 2021-07-08 19:54 - 000002500 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2022-09-15 20:35 - 2021-07-08 19:54 - 000002440 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2022-09-15 20:35 - 2021-07-08 19:54 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2022-09-15 20:35 - 2021-07-08 19:54 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2022-09-15 20:35 - 2021-07-08 19:54 - 000002116 _____ C:\WINDOWS\system32\Tasks\StartDVR
2022-09-15 20:35 - 2021-07-08 19:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2022-09-15 20:35 - 2020-09-27 08:53 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-09-15 20:35 - 2020-09-27 08:53 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-09-15 20:34 - 2018-05-22 06:01 - 000000000 ____D C:\Program Files (x86)\Steam
2022-09-15 20:30 - 2020-09-27 08:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-09-15 20:30 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-15 20:11 - 2018-05-14 06:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-09-15 15:23 - 2018-06-23 07:03 - 000000000 ____D C:\Users\Lillian\AppData\Local\D3DSCache
2022-09-15 15:21 - 2022-02-28 14:00 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-09-15 15:20 - 2018-05-13 10:55 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Mozilla
2022-09-15 11:29 - 2018-06-22 05:55 - 000000000 ____D C:\Users\Lillian\AppData\Local\AVAST Software
2022-09-15 11:05 - 2021-12-20 16:27 - 000000000 ____D C:\WINDOWS\Minidump
2022-09-15 11:05 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-09-15 10:51 - 2021-07-08 19:13 - 000000000 ____D C:\Users\Lillian
2022-09-15 10:51 - 2018-06-20 06:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-09-15 10:50 - 2021-12-20 16:27 - 1407073325 _____ C:\WINDOWS\MEMORY.DMP
2022-09-15 10:50 - 2021-03-24 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-15 10:50 - 2020-09-27 08:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-09-15 06:48 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-15 06:48 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-09-15 06:22 - 2021-07-08 19:54 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-09-15 06:20 - 2018-05-14 05:56 - 000000000 ____D C:\ProgramData\AVAST Software
2022-09-14 21:35 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-09-14 21:35 - 2018-02-10 02:44 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2022-09-14 15:32 - 2018-06-01 20:30 - 000001430 _____ C:\Users\Lillian\Desktop\Roblox Player.lnk
2022-09-14 15:32 - 2018-06-01 20:28 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-09-14 15:31 - 2018-06-01 20:28 - 000001253 _____ C:\Users\Lillian\Desktop\Roblox Studio.lnk
2022-09-14 14:56 - 2021-07-08 19:13 - 000002392 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-14 14:05 - 2018-06-20 12:08 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\vlc
2022-09-14 06:15 - 2021-07-08 19:28 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-09-14 06:10 - 2020-09-27 08:50 - 000449544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-09-13 21:41 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-09-13 21:26 - 2020-09-27 08:53 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-09-13 20:06 - 2018-05-13 11:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-09-13 19:55 - 2018-05-13 11:27 - 141646296 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-09-13 06:20 - 2022-07-20 11:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-09-13 06:20 - 2018-05-13 10:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-09-12 21:56 - 2021-06-29 21:58 - 000000000 ____D C:\ProgramData\Microsoft Studios
2022-09-12 21:51 - 2018-05-22 06:08 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-09-12 12:53 - 2021-07-06 19:30 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2022-09-12 12:52 - 2021-07-06 19:18 - 000000000 ____D C:\Riot Games
2022-09-12 12:52 - 2021-07-06 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2022-09-12 12:32 - 2017-12-25 13:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-09-12 12:16 - 2018-05-13 10:55 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-09-12 06:44 - 2020-11-04 14:58 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-09-11 20:05 - 2018-06-01 20:16 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\.minecraft
2022-09-11 20:03 - 2018-05-16 11:06 - 000000000 ____D C:\ProgramData\Epic
2022-09-11 20:01 - 2018-05-16 11:06 - 000000000 ____D C:\Program Files (x86)\Epic Games
2022-09-10 14:00 - 2020-09-27 08:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-08 12:13 - 2018-05-14 06:02 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-07 07:16 - 2018-05-13 10:38 - 000000000 ____D C:\Users\Lillian\AppData\Local\Packages
2022-09-03 07:49 - 2021-11-20 10:32 - 000153040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 002835920 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000443856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000234984 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000198120 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000067024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2022-09-02 15:18 - 2018-06-01 20:28 - 000000253 _____ C:\Users\Lillian\AppData\LocalLow\rbxcsettings.rbx
2022-09-02 12:38 - 2018-12-20 23:31 - 000005095 _____ C:\WINDOWS\wininit.ini
2022-09-02 06:36 - 2020-12-28 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-09-02 06:36 - 2020-12-28 17:13 - 000000000 ____D C:\Program Files\Java
2022-09-02 06:34 - 2020-12-28 17:13 - 000195280 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2022-09-01 17:14 - 2018-06-01 20:28 - 000000000 ____D C:\Users\Lillian\AppData\Local\Roblox
2022-08-27 21:58 - 2020-10-13 14:37 - 000274976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-08-27 21:58 - 2020-04-14 12:06 - 000553880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-08-27 21:58 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-08-27 21:58 - 2019-01-14 10:53 - 000389064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-08-27 21:58 - 2019-01-04 21:45 - 000257992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-08-27 21:58 - 2019-01-04 21:45 - 000104904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-08-27 21:58 - 2019-01-04 21:45 - 000041760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-08-27 21:58 - 2018-10-10 14:19 - 000047936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000861936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000671216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000327408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000237632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000113920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000088984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-08-24 13:19 - 2020-11-17 07:51 - 000000000 ____D C:\Users\Lillian\Desktop\Benjamin's Stuff
2022-08-22 17:39 - 2021-08-06 11:25 - 000025671 _____ C:\Users\Lillian\AppData\Local\kritarc
2022-08-20 07:44 - 2018-05-14 11:27 - 000000000 ____D C:\Program Files (x86)\SystemScheduler
2022-08-17 12:38 - 2019-10-19 20:44 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
==================== Files in the root of some directories ========
2018-05-14 11:44 - 2018-05-14 12:29 - 000026726 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (DOS).ADR
2018-05-14 12:24 - 2018-05-14 12:24 - 000026950 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-13 10:38 - 2022-09-15 10:57 - 002089807 _____ () C:\Users\Lillian\AppData\Local\BTServer.log
2021-04-12 11:29 - 2021-04-12 11:29 - 000000118 _____ () C:\Users\Lillian\AppData\Local\HeartbeatCache.xml
2021-08-06 19:18 - 2021-08-06 19:18 - 000000356 _____ () C:\Users\Lillian\AppData\Local\karboncalligraphyrc
2021-08-06 11:25 - 2022-08-22 16:37 - 000002546 _____ () C:\Users\Lillian\AppData\Local\krita-sysinfo.log
2021-08-06 11:25 - 2022-08-22 17:39 - 000483923 _____ () C:\Users\Lillian\AppData\Local\krita.log
2021-08-06 22:12 - 2021-10-05 18:59 - 000080678 _____ () C:\Users\Lillian\AppData\Local\kritacrash.log
2022-08-22 17:39 - 2022-08-22 17:39 - 000000039 _____ () C:\Users\Lillian\AppData\Local\kritadisplayrc
2021-08-06 11:25 - 2022-08-22 17:39 - 000025671 _____ () C:\Users\Lillian\AppData\Local\kritarc
2022-02-25 16:49 - 2022-02-25 16:49 - 000016438 _____ () C:\Users\Lillian\AppData\Local\partner.bmp
2019-09-06 09:51 - 2019-09-06 09:51 - 000000017 _____ () C:\Users\Lillian\AppData\Local\resmon.resmoncfg
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\system32\eac_usermode_3175762292993092.dll [2019-05-31] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by Lillian (15-09-2022 20:44:12)
Running from C:\Users\Lillian\Desktop
Microsoft Windows 10 Home Version 21H2 19044.2006 (X64) (2021-07-09 01:55:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-520046137-1738454763-4209218755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-520046137-1738454763-4209218755-503 - Limited - Disabled)
Guest (S-1-5-21-520046137-1738454763-4209218755-501 - Limited - Disabled)
Lillian (S-1-5-21-520046137-1738454763-4209218755-1001 - Administrator - Enabled) => C:\Users\Lillian
WDAGUtilityAccount (S-1-5-21-520046137-1738454763-4209218755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.002.20212 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601013}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0217.4117 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.8.6030 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
FastStone Image Viewer 6.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 105.0.5195.102 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP Customer Experience Enhancements (HKLM-x32\...\{9720A595-3D2D-440E-9523-0B6F970745DD}) (Version: 6.0.11.1 - HP Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{16311D0B-D57C-46F8-AE64-9D4D44227271}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{4C246A91-6BAE-450E-BDEA-70D01663DF43}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{78525DEA-1E62-429B-9CA4-A78F899A9F29}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{B2CFD444-5088-4ECC-A1F1-28620C082C36}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{3D00C669-D447-4A04-AFDA-25E9E76E7873}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{59649835-21FD-4523-9AB0-9E67ED77F0CA}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{2282C4AC-ADFD-4CB7-962E-D700F62024E6}) (Version: 1.4.27 - HP Inc.)
Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Krita (x64) 4.4.5 (HKLM\...\Krita_x64) (Version: 4.5.4.0 - Krita Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.33 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.33 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\OneDriveSetup.exe) (Version: 22.176.0821.0003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 (HKLM\...\{20C1086D-C843-36B1-B678-990089D1BD44}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 (HKLM\...\{ABB19BB4-838D-3082-BDA4-87C6604181A2}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40649 (HKLM-x32\...\{A8589745-51BC-3963-B4E9-201CF8693538}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40649 (HKLM-x32\...\{DEA7F8E3-B7B9-3C3C-945B-7F8CE9041748}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30135 (HKLM-x32\...\{fa7f6d52-f85e-48ef-8f56-a37268aa5772}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30135 (HKLM\...\{34DB4181-0770-4B5A-B561-68758A077B0F}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30135 (HKLM\...\{40118CD9-A805-400C-864E-041A5B5C01B0}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Launcher (HKLM-x32\...\{EEFE9D96-1866-45BC-9D11-6AA7FF2D6E18}) (Version: 1.0.0.0 - Mojang)
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.30.52) (Version: 1.17.30.52 - Microsoft Studios)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 104.0.2 (x64 en-US)) (Version: 104.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (HKLM-x32\...\{D0B44725-3666-492D-BEF6-587A14BD9BD9}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Parsec (HKLM-x32\...\Parsec) (Version: 150-84b - Parsec Cloud Inc.)
Photo Common (HKLM-x32\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.80 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.105 - REALTEK Semiconductor Corp.)
Roblox Player for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-studio) (Version: - Roblox Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Skype version 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2017 (HKLM-x32\...\{99CAAE52-3DB3-4012-90A6-392CFE63BE51}) (Version: 13.0.5.0 - BHOK IT Consulting)
StudioTax 2018 (HKLM-x32\...\{B77DD0D3-CBDA-4A1B-BB14-1B8782DE95AF}) (Version: 14.0.4.0 - BHOK IT Consulting)
StudioTax 2019 (HKLM-x32\...\{6BA4B986-CB27-414F-B68E-E78722FC8EF5}) (Version: 15.0.6.0 - BHOK IT Consulting)
StudioTax 2020 (HKLM\...\{00A4E24D-F868-4D20-83E2-4EC0A569B305}) (Version: 16.0.6.0 - BHOK IT Consulting Inc.)
StudioTax 2021 (HKLM\...\{582AD570-5F28-466D-9BAD-FEAE9FEB9098}) (Version: 17.0.3.0 - BHOK IT Consulting Inc.)
System Scheduler 5.12 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system) <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.100 (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66B5819D-DE70-42BE-B40F-978FBA12452E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{BAD984EE-790E-4513-A428-3BE2D426DCA7}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{E703613B-BDAB-433E-A66A-DE0263E3D35D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (HKLM\...\{25058321-C33E-496B-8915-6FD64D362CAF}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{6522F5F9-411B-4513-A75B-CEA00395F032}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{714E162E-CD4F-4F1B-8302-7F5179409C25}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{A2DC527D-FA79-46E9-973F-920897CA55E9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (HKLM-x32\...\{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\ZoomUMX) (Version: 5.6.5 (823) - Zoom Video Communications, Inc.)
Packages:
=========
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_2.96.1.0_x64__kgqvnymyfvs32 [2022-09-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2360.3.0_x64__kgqvnymyfvs32 [2022-09-15] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.226.500.0_x64__kgqvnymyfvs32 [2022-09-14] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-11] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.18.0_x64__xbfy0k16fey96 [2022-09-07] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.464.0_x86__v10z8vjag6ke6 [2018-02-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa [2022-09-14] (Apple Inc.) [Startup Task]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.2201.0_x64__8wekyb3d8bbwe [2022-09-02] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-08-24] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-14] (Microsoft Corporation)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-26] (CYBERLINKCOM CORP)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2022-06-06] (WildTangent Games)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-520046137-1738454763-4209218755-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xC1A89939B6EBD3010E50F79C3DECD301020000002400000000000000 => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Lillian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2018-05-16 06:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:21 - 2018-04-24 21:21 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2022-09-14 10:14 - 2022-09-14 10:14 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\6744288406698d58b4214564049b071c\BRIDGECommon.ni.dll
2022-09-14 10:15 - 2022-09-14 10:15 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\3a7f948a1b5bf54a7d38083119686dfa\BridgeExtension.ni.dll
2022-09-14 10:15 - 2022-09-14 10:15 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\68fa7877df66a513a13a54bd6d132a6f\CleanStartController.ni.dll
2022-06-21 17:26 - 2022-06-21 17:26 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\68d37933a82300fc7d9b4dde89cc0ccf\Interop.IWshRuntimeLibrary.ni.dll
2022-08-15 11:55 - 2022-08-15 11:55 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\0922e6c5e341398946ed16f70ddd1a88\RegistrationUtilities.ni.dll
2020-06-10 14:36 - 2005-04-21 22:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2005-09-07 12:03 - 2005-09-07 12:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\ScanSoft\PaperPort\blicectr.dll
2018-05-16 06:15 - 2012-06-05 15:59 - 000025299 ____R (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2018-05-16 06:15 - 2008-08-18 18:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2018-05-16 06:15 - 2009-12-23 15:45 - 000327680 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-05-16 06:15 - 2009-12-25 15:08 - 000208896 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-05-16 06:15 - 2011-10-07 14:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-06-10 14:36 - 2012-07-05 05:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2022-08-15 11:56 - 2022-08-15 11:56 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\9dfd7fd38e207607f78423591dfc74dc\Hardcodet.Wpf.TaskbarNotification.ni.dll
2022-09-14 10:15 - 2022-09-14 10:15 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\bbc73a229589a7208b6f3285a1f49c4a\CommonPortable.ni.dll
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-09-14 10:15 - 2022-09-14 10:15 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\2e8112f79a518a77e137035544494d0e\NAudio.ni.dll
2022-08-15 11:52 - 2022-08-15 11:52 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\590d5fd5ada10024a47a5b07ac119805\Newtonsoft.Json.ni.dll
2018-02-10 02:46 - 2017-06-20 21:03 - 000289280 _____ (Realtek Semiconductor Corporation) [File not signed] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\StereoControl.dll
2022-08-15 11:56 - 2022-08-15 11:56 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\4e29bdcd387ef250d2bb340a43f073a3\log4net.ni.dll
2022-05-26 09:51 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2022-05-26 09:51 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 02:15 - 2018-11-08 02:15 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\SYSTEM.SAV:err [1370]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\HP ePrint SW.lnk:A053CBE120 [4138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Control.lnk:C155C50CB7 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk:21661D084B [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Audio Switch.lnk:BD4A45E559 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk:2447EA3E0B [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk:174920E76C [10]
AlternateDataStreams: C:\Users\Lillian\Desktop\Epic Games Launcher.lnk:BE32D07BC5 [3314]
AlternateDataStreams: C:\Users\Lillian\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-520046137-1738454763-4209218755-1001 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-09-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-09-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 07:46 - 2022-09-03 07:36 - 000454574 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)
There are 15603 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\OpenSSH\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hp backgrounds\backgrounddefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{06A29A48-4975-43AE-A3AD-3961CA5E5420}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{ED8B0E90-4B7A-40B2-BCBF-7D6F26A59EC8}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{76167615-4E40-4D33-8826-8576A0D44FDC}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{9B3FBC69-FB9A-435D-92DE-F78E8F2C54F3}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{65F6D2BF-D4A3-4A40-BEA3-26C53FED1E0F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{13137F2D-91F7-451F-8FBD-520AD0EAE3E9}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{99198DA6-8B38-455A-8B1E-0B294BB6022E}] => (Allow) C:\Users\Lillian\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{E69B6B17-9FF5-4442-930A-C8734DFFF0B6}] => (Allow) C:\Users\Lillian\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{8ED3D9D6-4BCE-46B3-9FCC-47AA9B18791E}] => (Allow) C:\Users\Lillian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{8797784B-8CA6-4B85-98D1-CD5CB23463DC}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{204B4822-50A3-4B17-9874-ADFD9F4FD4B2}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{C378F7C0-8994-4E0E-A525-A7D53CFFCFF2}C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{4FA18C39-76D3-46AC-BC8D-B24E34812C67}C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{22D6B817-22A5-44A1-B19E-A7F3B51B305E}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4FA010D8-FCC4-4327-9DFB-B1A13789F633}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{36956388-630B-4603-9A5A-EFE00BA1238C}C:\program files\epic games\thelongdark\tld.exe] => (Allow) C:\program files\epic games\thelongdark\tld.exe => No File
FirewallRules: [TCP Query User{33389904-7F1B-46E1-80DB-FA613922702D}C:\program files\epic games\thelongdark\tld.exe] => (Allow) C:\program files\epic games\thelongdark\tld.exe => No File
FirewallRules: [UDP Query User{0F9460AC-9E4E-4E7A-9EF4-88F16F9D98B9}C:\program files (x86)\overwatch\_ptr_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{06642D78-6604-478B-B129-3A9926B52F8C}C:\program files (x86)\overwatch\_ptr_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{90C3E9A1-2DF9-4DD3-A84D-01B5C7E80E65}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F7377BA5-94F6-4088-9C09-EFCAE015EF35}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{0342B118-3737-43C1-89E1-BE4BE03FBD33}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{67D9DB0B-C116-4AD7-B8FC-26B093E057DD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D8534AEC-662E-4EA4-BFE3-72038782091D}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{99F9E812-AD8A-462E-B4DE-6A0093050C1D}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{B3D077D7-48E3-422C-AA24-91E76E68102C}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FE17A816-3AE6-4D61-A280-69AC09730E97}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{66AFAE66-7608-41B6-A5B6-423FDA161F30}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9357B0B5-04C2-44C4-8B4C-C75EAF3A7CA9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{9F00FFD2-057E-44E6-8555-81C1495F69E0}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{00F78E1D-FB7A-40D0-9902-08BF5A6B475C}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{0CE8D202-D097-43E1-B3F6-FBF7898E9CBF}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B038613E-9F66-4350-A497-6AB8F86E9A1A}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C802924F-AB96-4147-BAE3-C833892C8D0E}C:\program files\epic games\theescapists2\theescapists2.exe] => (Block) C:\program files\epic games\theescapists2\theescapists2.exe => No File
FirewallRules: [UDP Query User{430125C8-854A-4555-900C-F9558B833549}C:\program files\epic games\theescapists2\theescapists2.exe] => (Block) C:\program files\epic games\theescapists2\theescapists2.exe => No File
FirewallRules: [TCP Query User{79C50711-0F71-4140-B11F-7E8798713489}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{43B70227-FCF5-4392-9144-0B2A703FF9AA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{A7547A60-F0B0-4523-AB1D-0681CF7DC897}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{589DB5B1-B4E6-4DFD-A215-2EA239A45A4F}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8B5C3DD6-F356-499D-8AD3-3363BE51657D}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{65711726-0568-408A-89DE-26444F5B19D8}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [TCP Query User{D53D8733-2ED3-4907-968C-0A12C2F033CD}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{0976DD83-7C22-435B-AAE2-17033FC0AF51}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{0DBCD40A-31E0-4ABD-883C-04805EBA09D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{08FE3F76-5BD6-42D0-A283-CC07EE44BBF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C430C5A4-37C4-4530-8942-0AF9479206EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{00F2C82A-03EB-473C-A37A-476CB9B3E23E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{E57A3443-A984-45E6-BD71-F17AD0108047}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F5387AEF-BC37-44AC-91D0-9EB5FF81A84B}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9B4053D8-EF0E-49D1-99F4-F97440C0AA07}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{474AAFEF-D38F-41FC-BD1D-6BF7D532DE54}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8B55C37A-1101-4AA0-B31E-F183CD3944F9}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4FAEAC2E-CB58-40EC-BAAF-3CBC85E46018}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{74C62138-08B1-4BF3-BE39-E34124D9AD12}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{669031DC-54B2-4705-9736-2EF77AD9B46D}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{10FC208C-1D30-41D7-920F-62C7B126F992}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4378B4E1-3E5F-4116-93EC-0AF683128E96}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A98B4DFA-08B3-4084-9D09-0F9B2E2B524D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\WindowsNoEditor\Poppy_Playtime.exe => No File
FirewallRules: [{2BEF1E29-974B-4EB5-9EB7-8610A8E79AB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\WindowsNoEditor\Poppy_Playtime.exe => No File
FirewallRules: [{8F88FA8B-2EDA-490E-8DE2-8BB80C635B14}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2094FDD-3A20-4FE3-A24E-E980F0CB726A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F40766D3-B326-47FC-9BD1-1C4D51E07637}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D72F69CA-2617-47F0-B067-C033B70E14F6}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{00A1FB83-4B37-4A00-9B7D-9F7A3ED9B5E8}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [{8FCCD849-5A39-43CA-B1A0-1B0C17200F4A}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0A45DCBA-40F4-403B-9984-B169577E287A}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{E9C7A885-8D50-4A99-BCC1-4E4B6F0693C1}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{03A8DFDB-C9E9-44AA-828F-F2F8496B66FA}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{77CF5B79-C372-4FB8-9CDD-11366C6CD504}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{E47F69A7-72D8-49BA-A0E0-38D653CC8671}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A53B1CF8-7C82-4F3D-BFC4-5BBD1198433B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\PlaytimeLauncher\PlaytimeLauncher.exe => No File
FirewallRules: [{6CB29672-FFDD-43E7-925C-8E66C3256FA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\PlaytimeLauncher\PlaytimeLauncher.exe => No File
FirewallRules: [{12DC7A43-1739-43BE-B96A-A2004F688270}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B986D6FF-F406-43EC-9445-58BB61F2E5C5}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DACDDFED-298B-4962-B48B-6C65AE641A38}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{007D4C7A-A61F-49B7-858B-DCDB98F51BBA}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{433B2A26-C00B-4B0C-866B-A7BF2B4B01D6}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{CD710D27-FDBA-47D4-A8DE-15A2C51AEA00}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B141ADAA-8B80-403A-A1D0-1DEF598B033E}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4D04FBB6-E0F2-460E-827A-87767EA208B9}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{217BB43E-5DCE-4AFA-96FD-6577004F946C}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F03D3705-3570-49F2-9162-8C9304F5E30F}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{915C9A39-A9B0-42C0-9D71-8B2CF6985646}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A17AD442-5141-4D27-B26A-D4DB1B2F62B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15601.20088.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{54AFCD9B-6A8A-4A2B-AF65-1C8202AEE4C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13D747FA-FDA6-420D-BBFB-1D2D7B9C00D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B740358B-0A04-4C65-9185-9F51E4017960}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{825F3E5E-A8D7-48F9-BE1A-3AE4A6C81F06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3AE6C8B7-C0AF-4241-8579-45B9C59A0F7E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.33\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE18D0D9-1A89-4E52-A5A1-2D6C612C6DA0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E277AC70-1E54-45DF-A85E-85048C527134}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD1F8054-D2DC-44BF-A9C1-57BB221CC36E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14D1C562-D312-4230-911C-99B2FD77E03F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2EEB219-E43A-4FA2-A411-1E0123F43636}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BDA32733-B5E0-42CB-8DA1-345B077BC3A8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{88039947-F365-4457-90FF-A91A173297E5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7953DAFF-7D2F-4A6F-939B-1A32AF57AE1A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
13-09-2022 20:06:59 Windows Modules Installer
13-09-2022 20:10:09 Windows Modules Installer
13-09-2022 20:23:30 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/15/2022 03:56:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.0.24:57166 to 192.168.0.10:5353 length 0 too short
Error: (09/15/2022 10:52:41 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-MNATPML$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority "amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 15 Sep 2022 16:52:40 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 83ebe822-abe2-444f-9996-d72a6eb983e3
Method: GET(781ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/15/2022 06:31:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1949 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 510
Start Time: 01d8c8fe2eda71ef
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 8d93b841-343d-494a-8b9a-2fde6ddb4919
Faulting package full name: Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Hang type: Quiesce
Error: (09/15/2022 06:20:02 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-MNATPML$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority "amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 15 Sep 2022 12:20:02 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: e9bafee5-6a30-44d0-a673-c4bc886f145c
Method: GET(1906ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/14/2022 09:34:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (09/14/2022 09:34:45 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (09/14/2022 07:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.0.17:59871 to 192.168.0.10:5353 length 0 too short
Error: (09/14/2022 05:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.0.28:50399 to 192.168.0.10:5353 length 0 too short
System errors:
=============
Error: (09/15/2022 11:05:15 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffa1004d351010, 0x00000000000000ff, 0x0000000000000000, 0xfffff802bde695ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 02a3a725-472c-4781-9211-4bd091f4867e.
Error: (09/15/2022 11:03:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
Error: (09/15/2022 10:52:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDWSCService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/15/2022 10:52:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the SDWSCService service to connect.
Error: (09/15/2022 10:52:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/15/2022 10:52:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the SDScannerService service to connect.
Error: (09/15/2022 10:50:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:18:29 AM on 9/15/2022 was unexpected.
Error: (09/15/2022 06:24:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Windows Defender:
================
Date: 2021-07-08 20:25:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2022-03-20 07:09:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.361.345.0
Previous security intelligence Version: 1.343.658.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.19000.8
Previous Engine Version: 1.1.18300.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2022-03-20 07:09:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.361.345.0
Previous security intelligence Version: 1.343.658.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.19000.8
Previous Engine Version: 1.1.18300.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2022-03-20 07:09:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.19000.8
Previous Engine Version: 1.1.18300.4
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===============
Date: 2022-09-15 15:31:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Microsoft signing level requirements.
Date: 2022-09-15 11:52:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-15 11:04:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\setup\uat_3452.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-15 10:57:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2022-09-15 10:56:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.05 01/29/2018
Motherboard: HP 8433
Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G
Percentage of memory in use: 37%
Total physical RAM: 15788.77 MB
Available physical RAM: 9798.73 MB
Total Virtual: 18220.77 MB
Available Virtual: 9922.57 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:915.17 GB) (Free:446.27 GB) (Model: ST1000DM003-1SB102) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:1.75 GB) (Model: ST1000DM003-1SB102) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{15888f61-fc32-4387-9ceb-4a16a8a4cf76}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
\\?\Volume{3a67c860-4f4a-07bf-1000-5763d3e2c1e4}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{70f7596f-bd69-4bba-9479-6592ca6c93bd}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
==================== End of Addition.txt =======================
Below is the FRST.txt log and the Addition.txt log. I tried to run the aswMBR.exe twice and both times after a few minutes my computer crashed and restarted.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by Lillian (administrator) on DESKTOP-MNATPML (HP HP Pavilion Desktop 590-p0xxx) (15-09-2022 20:37:54)
Running from C:\Users\Lillian\Desktop
Loaded Profiles: Lillian
Platform: Microsoft Windows 10 Home Version 21H2 19044.2006 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\AMD\CNext\CNext\amddvr.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atieclxx.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed] C:\Program Files (x86)\SystemScheduler\WScheduler.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213728 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-12-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WScheduler] => C:\Program Files (x86)\SystemScheduler\WScheduler.exe [331168 2018-03-25] (Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed]
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234600 2022-08-19] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-04] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32686032 2022-09-14] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [MicrosoftEdgeAutoLaunch_43F426C6868B5A0207B840D9EE29A62D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\105.0.5195.102\Installer\chrmstp.exe [2022-09-08] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {027B2618-3701-4A01-A814-BE34A1C3C3DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-21] (Adobe Inc. -> Adobe)
Task: {0CE59796-FE57-49CF-A450-EB794C4FB4C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {17DC42A2-F68C-4C6E-A685-B484C8ECF152} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {289EC535-ACBB-46C5-8599-0FD3667513C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {32DC0AC8-B274-49D7-B512-F88E67AEC293} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {416B6A34-7811-4B65-99F3-49D824D255BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {48EE3F79-D85A-447B-B72A-9A070226625D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [327256 2022-02-09] (HP Inc. -> HP Inc.)
Task: {544D99A4-F781-425D-AB9B-E691807CA27C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {7606036E-858C-4ED9-B14F-6B485B9BBA7D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-21] (Adobe Inc. -> Adobe)
Task: {77285307-6DD1-4359-B11D-511C85C409AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1555696 2022-08-03] (Adobe Inc. -> Adobe Inc.)
Task: {7A24FD53-3A7A-4102-B956-C271D577FD37} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {7E060B13-6897-4620-9E40-C14AA3EA9B5A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4943072 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
Task: {92B2DD11-4D28-46D0-A5CC-787D46F7BFED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {992DC982-2CF9-4C3A-B229-8432A1EC8667} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-520046137-1738454763-4209218755-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {99C64CCC-E267-439A-A447-D06ED6D58491} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {9D7AD1F7-4D88-4CD8-A3BB-D8F6A7158D9B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9F57CADA-CB76-426E-816A-BCE06E750A54} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {A289D980-14D0-4564-A049-1BE1C0125619} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {A3FB1060-736B-4136-9C44-A1762622D30A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {B11C66B8-EB50-41DC-9AE6-C53023F17E37} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {B82C3D5A-1BEF-49E1-9833-C7049684B493} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {CCD75ED5-CCA2-4B7B-9EA0-101A498F3C0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {D1AA80F8-4A3A-49CB-BBE2-51B063F1CEF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {D23D75CF-B448-40EE-A832-1432ED87C6AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {D8F80293-64F2-4DAA-84AF-FDB8172F897A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {DA38A483-B158-4A7F-873E-898A2DFF1F71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {DC43C091-23D3-431D-B6A7-A6C40FD84523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {E1484769-8460-41D6-9417-47F41ED8EC69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {E8D7EFEC-96B8-4937-98F2-C0D40D639D6B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {F22D8845-F310-43DA-BDCC-5FD38D0AC0A1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1f27f15d-e56c-4b9c-9c8a-1b0bfa4ab60e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{64324158-2892-4aef-98b3-a8fc4e3bd95d}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lillian\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-15]
FireFox:
========
FF DefaultProfile: zmh62i5e.default
FF ProfilePath: C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default [2022-09-15]
FF Homepage: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.kijiji.ca/
FF Notifications: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.youtube.com; hxxps://www.facebook.com; hxxps://www.teamviewer.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Canadian English Dictionary) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\en-CA@dictionaries.addons.mozilla.org.xpi [2021-08-04]
FF Extension: (English (CA) Language Pack) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2022-09-05]
FF Extension: (New Tab Override) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Avast Online Security) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\wrc@avast.com.xpi [2020-04-16] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (Black and Purple Theme) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{155429d2-8bf5-44bf-94f8-d194c3ec5f15}.xpi [2021-06-16]
FF Extension: (Photon Colors) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{2c6c94f3-c656-41e9-aa4b-1edba5be9c21}.xpi [2021-07-30]
FF Extension: (Fairytale Of Nature) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{6804879d-8801-473a-b13d-605b902a5e4f}.xpi [2021-06-15]
FF Extension: (Greasemonkey) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-01-28]
FF Extension: (¡Light Blue Theme!) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{f416b4af-c4c9-4607-96ac-77fea7ed4a9b}.xpi [2021-06-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-21] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-09-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-09-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-21] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-09-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default [2022-09-09]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.kijiji.ca/"
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-20]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-09-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
Opera:
=======
OPR Profile: C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable [2022-09-02]
OPR Extension: (Rich Hints Agent) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-12]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-12]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172264 2022-08-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-21] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8523800 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [589536 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014432 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [589536 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-25] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-17] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [305664 2017-11-02] (Realtek Semiconductor Corp.) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-06-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [414456 2022-06-11] (Parsec Cloud, Inc. -> Parsec)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-03-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-03-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Lillian\AppData\Roaming\Zoom"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [41760 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [237632 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [389064 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [257992 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [104904 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [24528 2022-08-01] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [47936 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [274976 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [553880 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [113920 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88984 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [861936 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [671216 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221464 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327408 2022-08-27] (Avast Software s.r.o. -> AVAST Software)
R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 RtkA2dp; C:\WINDOWS\System32\drivers\RtkA2dp.sys [202208 2017-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [72160 2017-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-03-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-03-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-03-01] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-15 20:37 - 2022-09-15 20:42 - 000033418 _____ C:\Users\Lillian\Desktop\FRST.txt
2022-09-15 10:50 - 2022-09-15 11:05 - 001343380 _____ C:\WINDOWS\Minidump\091522-51250-01.dmp
2022-09-15 10:34 - 2022-09-15 10:34 - 005198336 _____ (AVAST Software) C:\Users\Lillian\Desktop\aswMBR.exe
2022-09-15 10:14 - 2022-09-15 10:14 - 002371072 _____ (Farbar) C:\Users\Lillian\Desktop\FRST64.exe
2022-09-15 10:12 - 2022-09-15 10:12 - 002074112 _____ (Farbar) C:\Users\Lillian\Downloads\xzDkTWBW.exe.part
2022-09-15 10:11 - 2022-09-15 10:11 - 000019976 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2022-09-15 10:11 - 2022-09-15 10:11 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2022-09-15 10:11 - 2022-09-15 10:11 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-MNATPML-Windows-10-Home-(64-bit).dat
2022-09-15 10:11 - 2022-09-15 10:11 - 000000000 ____D C:\RegBackup
2022-09-15 10:11 - 2022-09-15 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2022-09-15 10:11 - 2022-09-15 10:11 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2022-09-15 10:10 - 2022-09-15 10:10 - 007333288 _____ (Tweaking.com) C:\Users\Lillian\Desktop\tweaking.com_registry_backup_setup.exe
2022-09-13 21:30 - 2022-09-13 21:30 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-09-13 21:28 - 2022-09-13 21:28 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-09-13 21:28 - 2022-09-13 21:28 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-09-13 21:26 - 2022-09-13 21:26 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-09-13 20:12 - 2022-09-13 20:12 - 000000000 ___HD C:\$WinREAgent
2022-09-12 14:31 - 2022-09-12 14:31 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\com.adobe.dunamis
2022-09-12 12:29 - 2022-09-12 12:29 - 000000000 __RHD C:\Users\Lillian\AppData\Roaming\SecuROM
2022-09-12 12:16 - 2022-09-12 12:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-09-09 13:25 - 2022-09-09 13:25 - 000585266 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220909 (3).fdf
2022-09-09 13:25 - 2022-09-09 13:25 - 000585189 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220909 (2).fdf
2022-09-09 13:20 - 2022-09-09 13:20 - 000585497 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220909 (1).fdf
2022-09-09 13:16 - 2022-09-09 13:16 - 000585315 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220909.fdf
2022-09-07 14:07 - 2022-09-07 14:07 - 000225984 _____ C:\Users\Lillian\Downloads\GoCoupons.pdf
2022-09-02 14:05 - 2022-09-02 14:05 - 001031239 _____ C:\Users\Lillian\Desktop\BabyBel Rolls.xlsx
2022-09-02 14:02 - 2022-09-02 14:02 - 003300156 _____ C:\Users\Lillian\Desktop\minirolls_coupon_rabais_en.pdf
2022-09-02 13:58 - 2022-09-02 13:58 - 001391278 _____ C:\Users\Lillian\Downloads\Babybel Mini Rolls_65b0c26f.pdf
2022-09-02 13:56 - 2022-09-02 13:56 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db.pdf
2022-09-02 06:41 - 2019-01-04 08:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20220902-064138.backup
2022-08-27 21:58 - 2022-08-27 21:58 - 000270560 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-08-27 21:58 - 2022-08-27 21:58 - 000221464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-08-24 13:42 - 2022-08-24 13:42 - 100642473 _____ C:\Users\Lillian\Desktop\Benjamin's Stuff.zip
2022-08-22 17:39 - 2022-08-22 17:39 - 000000039 _____ C:\Users\Lillian\AppData\Local\kritadisplayrc
2022-08-20 21:52 - 2022-08-20 21:52 - 000120224 _____ C:\Users\Lillian\Desktop\Dino.png.kra
2022-08-16 09:27 - 2022-08-16 09:27 - 000141406 _____ C:\Users\Lillian\Downloads\cn-child-covid-waiver-1.pdf
2022-08-16 09:22 - 2022-08-16 09:22 - 000125721 _____ C:\Users\Lillian\Downloads\cn-community-program-participant-information-form-3.pdf
2022-08-16 09:22 - 2022-08-16 09:22 - 000125721 _____ C:\Users\Lillian\Downloads\cn-community-program-participant-information-form-2.pdf
2022-08-16 09:22 - 2022-08-16 09:22 - 000125721 _____ C:\Users\Lillian\Downloads\cn-community-program-participant-information-form-1.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-15 20:41 - 2020-02-18 21:17 - 000000000 ____D C:\FRST
2022-09-15 20:36 - 2018-05-16 11:15 - 000000000 ____D C:\Users\Lillian\Documents\Lillian
2022-09-15 20:35 - 2021-12-16 07:37 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-09-15 20:35 - 2021-07-08 19:54 - 000003750 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2022-09-15 20:35 - 2021-07-08 19:54 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-09-15 20:35 - 2021-07-08 19:54 - 000003446 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2022-09-15 20:35 - 2021-07-08 19:54 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-09-15 20:35 - 2021-07-08 19:54 - 000003312 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B10F1A6A-E096-4CDE-9012-03BBEB909611}
2022-09-15 20:35 - 2021-07-08 19:54 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-09-15 20:35 - 2021-07-08 19:54 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-09-15 20:35 - 2021-07-08 19:54 - 000002856 _____ C:\WINDOWS\system32\Tasks\HPJumpStartLaunch
2022-09-15 20:35 - 2021-07-08 19:54 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-500
2022-09-15 20:35 - 2021-07-08 19:54 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-09-15 20:35 - 2021-07-08 19:54 - 000002500 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2022-09-15 20:35 - 2021-07-08 19:54 - 000002440 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2022-09-15 20:35 - 2021-07-08 19:54 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2022-09-15 20:35 - 2021-07-08 19:54 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2022-09-15 20:35 - 2021-07-08 19:54 - 000002116 _____ C:\WINDOWS\system32\Tasks\StartDVR
2022-09-15 20:35 - 2021-07-08 19:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2022-09-15 20:35 - 2020-09-27 08:53 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-09-15 20:35 - 2020-09-27 08:53 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-09-15 20:34 - 2018-05-22 06:01 - 000000000 ____D C:\Program Files (x86)\Steam
2022-09-15 20:30 - 2020-09-27 08:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-09-15 20:30 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-15 20:11 - 2018-05-14 06:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-09-15 15:23 - 2018-06-23 07:03 - 000000000 ____D C:\Users\Lillian\AppData\Local\D3DSCache
2022-09-15 15:21 - 2022-02-28 14:00 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-09-15 15:20 - 2018-05-13 10:55 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Mozilla
2022-09-15 11:29 - 2018-06-22 05:55 - 000000000 ____D C:\Users\Lillian\AppData\Local\AVAST Software
2022-09-15 11:05 - 2021-12-20 16:27 - 000000000 ____D C:\WINDOWS\Minidump
2022-09-15 11:05 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-09-15 10:51 - 2021-07-08 19:13 - 000000000 ____D C:\Users\Lillian
2022-09-15 10:51 - 2018-06-20 06:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-09-15 10:50 - 2021-12-20 16:27 - 1407073325 _____ C:\WINDOWS\MEMORY.DMP
2022-09-15 10:50 - 2021-03-24 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-15 10:50 - 2020-09-27 08:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-09-15 06:48 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-15 06:48 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-09-15 06:22 - 2021-07-08 19:54 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-09-15 06:20 - 2018-05-14 05:56 - 000000000 ____D C:\ProgramData\AVAST Software
2022-09-14 21:35 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-09-14 21:35 - 2018-02-10 02:44 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2022-09-14 15:32 - 2018-06-01 20:30 - 000001430 _____ C:\Users\Lillian\Desktop\Roblox Player.lnk
2022-09-14 15:32 - 2018-06-01 20:28 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-09-14 15:31 - 2018-06-01 20:28 - 000001253 _____ C:\Users\Lillian\Desktop\Roblox Studio.lnk
2022-09-14 14:56 - 2021-07-08 19:13 - 000002392 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-14 14:05 - 2018-06-20 12:08 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\vlc
2022-09-14 06:15 - 2021-07-08 19:28 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-09-14 06:10 - 2020-09-27 08:50 - 000449544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-09-13 21:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-09-13 21:41 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-09-13 21:26 - 2020-09-27 08:53 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-09-13 20:06 - 2018-05-13 11:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-09-13 19:55 - 2018-05-13 11:27 - 141646296 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-09-13 06:20 - 2022-07-20 11:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-09-13 06:20 - 2018-05-13 10:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-09-12 21:56 - 2021-06-29 21:58 - 000000000 ____D C:\ProgramData\Microsoft Studios
2022-09-12 21:51 - 2018-05-22 06:08 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-09-12 12:53 - 2021-07-06 19:30 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2022-09-12 12:52 - 2021-07-06 19:18 - 000000000 ____D C:\Riot Games
2022-09-12 12:52 - 2021-07-06 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2022-09-12 12:32 - 2017-12-25 13:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-09-12 12:16 - 2018-05-13 10:55 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-09-12 06:44 - 2020-11-04 14:58 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-09-11 20:05 - 2018-06-01 20:16 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\.minecraft
2022-09-11 20:03 - 2018-05-16 11:06 - 000000000 ____D C:\ProgramData\Epic
2022-09-11 20:01 - 2018-05-16 11:06 - 000000000 ____D C:\Program Files (x86)\Epic Games
2022-09-10 14:00 - 2020-09-27 08:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-08 12:13 - 2018-05-14 06:02 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-07 07:16 - 2018-05-13 10:38 - 000000000 ____D C:\Users\Lillian\AppData\Local\Packages
2022-09-03 07:49 - 2021-11-20 10:32 - 000153040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 002835920 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000443856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000234984 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000198120 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-09-03 07:49 - 2021-11-07 09:55 - 000067024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2022-09-02 15:18 - 2018-06-01 20:28 - 000000253 _____ C:\Users\Lillian\AppData\LocalLow\rbxcsettings.rbx
2022-09-02 12:38 - 2018-12-20 23:31 - 000005095 _____ C:\WINDOWS\wininit.ini
2022-09-02 06:36 - 2020-12-28 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-09-02 06:36 - 2020-12-28 17:13 - 000000000 ____D C:\Program Files\Java
2022-09-02 06:34 - 2020-12-28 17:13 - 000195280 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2022-09-01 17:14 - 2018-06-01 20:28 - 000000000 ____D C:\Users\Lillian\AppData\Local\Roblox
2022-08-27 21:58 - 2020-10-13 14:37 - 000274976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-08-27 21:58 - 2020-04-14 12:06 - 000553880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-08-27 21:58 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-08-27 21:58 - 2019-01-14 10:53 - 000389064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-08-27 21:58 - 2019-01-04 21:45 - 000257992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-08-27 21:58 - 2019-01-04 21:45 - 000104904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-08-27 21:58 - 2019-01-04 21:45 - 000041760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-08-27 21:58 - 2018-10-10 14:19 - 000047936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000861936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000671216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000327408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000237632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000113920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-08-27 21:58 - 2018-05-14 05:58 - 000088984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-08-24 13:19 - 2020-11-17 07:51 - 000000000 ____D C:\Users\Lillian\Desktop\Benjamin's Stuff
2022-08-22 17:39 - 2021-08-06 11:25 - 000025671 _____ C:\Users\Lillian\AppData\Local\kritarc
2022-08-20 07:44 - 2018-05-14 11:27 - 000000000 ____D C:\Program Files (x86)\SystemScheduler
2022-08-17 12:38 - 2019-10-19 20:44 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
==================== Files in the root of some directories ========
2018-05-14 11:44 - 2018-05-14 12:29 - 000026726 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (DOS).ADR
2018-05-14 12:24 - 2018-05-14 12:24 - 000026950 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-13 10:38 - 2022-09-15 10:57 - 002089807 _____ () C:\Users\Lillian\AppData\Local\BTServer.log
2021-04-12 11:29 - 2021-04-12 11:29 - 000000118 _____ () C:\Users\Lillian\AppData\Local\HeartbeatCache.xml
2021-08-06 19:18 - 2021-08-06 19:18 - 000000356 _____ () C:\Users\Lillian\AppData\Local\karboncalligraphyrc
2021-08-06 11:25 - 2022-08-22 16:37 - 000002546 _____ () C:\Users\Lillian\AppData\Local\krita-sysinfo.log
2021-08-06 11:25 - 2022-08-22 17:39 - 000483923 _____ () C:\Users\Lillian\AppData\Local\krita.log
2021-08-06 22:12 - 2021-10-05 18:59 - 000080678 _____ () C:\Users\Lillian\AppData\Local\kritacrash.log
2022-08-22 17:39 - 2022-08-22 17:39 - 000000039 _____ () C:\Users\Lillian\AppData\Local\kritadisplayrc
2021-08-06 11:25 - 2022-08-22 17:39 - 000025671 _____ () C:\Users\Lillian\AppData\Local\kritarc
2022-02-25 16:49 - 2022-02-25 16:49 - 000016438 _____ () C:\Users\Lillian\AppData\Local\partner.bmp
2019-09-06 09:51 - 2019-09-06 09:51 - 000000017 _____ () C:\Users\Lillian\AppData\Local\resmon.resmoncfg
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\system32\eac_usermode_3175762292993092.dll [2019-05-31] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by Lillian (15-09-2022 20:44:12)
Running from C:\Users\Lillian\Desktop
Microsoft Windows 10 Home Version 21H2 19044.2006 (X64) (2021-07-09 01:55:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-520046137-1738454763-4209218755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-520046137-1738454763-4209218755-503 - Limited - Disabled)
Guest (S-1-5-21-520046137-1738454763-4209218755-501 - Limited - Disabled)
Lillian (S-1-5-21-520046137-1738454763-4209218755-1001 - Administrator - Enabled) => C:\Users\Lillian
WDAGUtilityAccount (S-1-5-21-520046137-1738454763-4209218755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.002.20212 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601013}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0217.4117 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.8.6030 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
FastStone Image Viewer 6.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 105.0.5195.102 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP Customer Experience Enhancements (HKLM-x32\...\{9720A595-3D2D-440E-9523-0B6F970745DD}) (Version: 6.0.11.1 - HP Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{16311D0B-D57C-46F8-AE64-9D4D44227271}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{4C246A91-6BAE-450E-BDEA-70D01663DF43}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{78525DEA-1E62-429B-9CA4-A78F899A9F29}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{B2CFD444-5088-4ECC-A1F1-28620C082C36}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{3D00C669-D447-4A04-AFDA-25E9E76E7873}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{59649835-21FD-4523-9AB0-9E67ED77F0CA}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{2282C4AC-ADFD-4CB7-962E-D700F62024E6}) (Version: 1.4.27 - HP Inc.)
Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Krita (x64) 4.4.5 (HKLM\...\Krita_x64) (Version: 4.5.4.0 - Krita Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.33 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.33 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\OneDriveSetup.exe) (Version: 22.176.0821.0003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 (HKLM\...\{20C1086D-C843-36B1-B678-990089D1BD44}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 (HKLM\...\{ABB19BB4-838D-3082-BDA4-87C6604181A2}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40649 (HKLM-x32\...\{A8589745-51BC-3963-B4E9-201CF8693538}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40649 (HKLM-x32\...\{DEA7F8E3-B7B9-3C3C-945B-7F8CE9041748}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30135 (HKLM-x32\...\{fa7f6d52-f85e-48ef-8f56-a37268aa5772}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30135 (HKLM\...\{34DB4181-0770-4B5A-B561-68758A077B0F}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30135 (HKLM\...\{40118CD9-A805-400C-864E-041A5B5C01B0}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Launcher (HKLM-x32\...\{EEFE9D96-1866-45BC-9D11-6AA7FF2D6E18}) (Version: 1.0.0.0 - Mojang)
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.30.52) (Version: 1.17.30.52 - Microsoft Studios)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 104.0.2 (x64 en-US)) (Version: 104.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (HKLM-x32\...\{D0B44725-3666-492D-BEF6-587A14BD9BD9}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Parsec (HKLM-x32\...\Parsec) (Version: 150-84b - Parsec Cloud Inc.)
Photo Common (HKLM-x32\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.80 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.105 - REALTEK Semiconductor Corp.)
Roblox Player for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-studio) (Version: - Roblox Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Skype version 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2017 (HKLM-x32\...\{99CAAE52-3DB3-4012-90A6-392CFE63BE51}) (Version: 13.0.5.0 - BHOK IT Consulting)
StudioTax 2018 (HKLM-x32\...\{B77DD0D3-CBDA-4A1B-BB14-1B8782DE95AF}) (Version: 14.0.4.0 - BHOK IT Consulting)
StudioTax 2019 (HKLM-x32\...\{6BA4B986-CB27-414F-B68E-E78722FC8EF5}) (Version: 15.0.6.0 - BHOK IT Consulting)
StudioTax 2020 (HKLM\...\{00A4E24D-F868-4D20-83E2-4EC0A569B305}) (Version: 16.0.6.0 - BHOK IT Consulting Inc.)
StudioTax 2021 (HKLM\...\{582AD570-5F28-466D-9BAD-FEAE9FEB9098}) (Version: 17.0.3.0 - BHOK IT Consulting Inc.)
System Scheduler 5.12 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system) <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.100 (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66B5819D-DE70-42BE-B40F-978FBA12452E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{BAD984EE-790E-4513-A428-3BE2D426DCA7}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{E703613B-BDAB-433E-A66A-DE0263E3D35D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (HKLM\...\{25058321-C33E-496B-8915-6FD64D362CAF}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{6522F5F9-411B-4513-A75B-CEA00395F032}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{714E162E-CD4F-4F1B-8302-7F5179409C25}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{A2DC527D-FA79-46E9-973F-920897CA55E9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (HKLM-x32\...\{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\ZoomUMX) (Version: 5.6.5 (823) - Zoom Video Communications, Inc.)
Packages:
=========
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_2.96.1.0_x64__kgqvnymyfvs32 [2022-09-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2360.3.0_x64__kgqvnymyfvs32 [2022-09-15] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.226.500.0_x64__kgqvnymyfvs32 [2022-09-14] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-11] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.18.0_x64__xbfy0k16fey96 [2022-09-07] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.464.0_x86__v10z8vjag6ke6 [2018-02-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa [2022-09-14] (Apple Inc.) [Startup Task]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.15601.20088.0_x86__8wekyb3d8bbwe [2022-09-09] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.2201.0_x64__8wekyb3d8bbwe [2022-09-02] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-08-24] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-14] (Microsoft Corporation)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-26] (CYBERLINKCOM CORP)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2022-06-06] (WildTangent Games)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-520046137-1738454763-4209218755-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xC1A89939B6EBD3010E50F79C3DECD301020000002400000000000000 => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-08-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Lillian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2018-05-16 06:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:21 - 2018-04-24 21:21 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2022-09-14 10:14 - 2022-09-14 10:14 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\6744288406698d58b4214564049b071c\BRIDGECommon.ni.dll
2022-09-14 10:15 - 2022-09-14 10:15 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\3a7f948a1b5bf54a7d38083119686dfa\BridgeExtension.ni.dll
2022-09-14 10:15 - 2022-09-14 10:15 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\68fa7877df66a513a13a54bd6d132a6f\CleanStartController.ni.dll
2022-06-21 17:26 - 2022-06-21 17:26 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\68d37933a82300fc7d9b4dde89cc0ccf\Interop.IWshRuntimeLibrary.ni.dll
2022-08-15 11:55 - 2022-08-15 11:55 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\0922e6c5e341398946ed16f70ddd1a88\RegistrationUtilities.ni.dll
2020-06-10 14:36 - 2005-04-21 22:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2005-09-07 12:03 - 2005-09-07 12:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\ScanSoft\PaperPort\blicectr.dll
2018-05-16 06:15 - 2012-06-05 15:59 - 000025299 ____R (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2018-05-16 06:15 - 2008-08-18 18:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2018-05-16 06:15 - 2009-12-23 15:45 - 000327680 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-05-16 06:15 - 2009-12-25 15:08 - 000208896 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-05-16 06:15 - 2011-10-07 14:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-06-10 14:36 - 2012-07-05 05:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2022-08-15 11:56 - 2022-08-15 11:56 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\9dfd7fd38e207607f78423591dfc74dc\Hardcodet.Wpf.TaskbarNotification.ni.dll
2022-09-14 10:15 - 2022-09-14 10:15 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\bbc73a229589a7208b6f3285a1f49c4a\CommonPortable.ni.dll
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-09-14 10:15 - 2022-09-14 10:15 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\2e8112f79a518a77e137035544494d0e\NAudio.ni.dll
2022-08-15 11:52 - 2022-08-15 11:52 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\590d5fd5ada10024a47a5b07ac119805\Newtonsoft.Json.ni.dll
2018-02-10 02:46 - 2017-06-20 21:03 - 000289280 _____ (Realtek Semiconductor Corporation) [File not signed] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\StereoControl.dll
2022-08-15 11:56 - 2022-08-15 11:56 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\4e29bdcd387ef250d2bb340a43f073a3\log4net.ni.dll
2022-05-26 09:51 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2022-05-26 09:51 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 02:15 - 2018-11-08 02:15 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\SYSTEM.SAV:err [1370]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\HP ePrint SW.lnk:A053CBE120 [4138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Control.lnk:C155C50CB7 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk:21661D084B [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Audio Switch.lnk:BD4A45E559 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk:2447EA3E0B [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk:174920E76C [10]
AlternateDataStreams: C:\Users\Lillian\Desktop\Epic Games Launcher.lnk:BE32D07BC5 [3314]
AlternateDataStreams: C:\Users\Lillian\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-520046137-1738454763-4209218755-1001 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-09-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-09-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 07:46 - 2022-09-03 07:36 - 000454574 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)
There are 15603 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\OpenSSH\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hp backgrounds\backgrounddefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{06A29A48-4975-43AE-A3AD-3961CA5E5420}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{ED8B0E90-4B7A-40B2-BCBF-7D6F26A59EC8}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{76167615-4E40-4D33-8826-8576A0D44FDC}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{9B3FBC69-FB9A-435D-92DE-F78E8F2C54F3}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{65F6D2BF-D4A3-4A40-BEA3-26C53FED1E0F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{13137F2D-91F7-451F-8FBD-520AD0EAE3E9}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{99198DA6-8B38-455A-8B1E-0B294BB6022E}] => (Allow) C:\Users\Lillian\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{E69B6B17-9FF5-4442-930A-C8734DFFF0B6}] => (Allow) C:\Users\Lillian\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{8ED3D9D6-4BCE-46B3-9FCC-47AA9B18791E}] => (Allow) C:\Users\Lillian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{8797784B-8CA6-4B85-98D1-CD5CB23463DC}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{204B4822-50A3-4B17-9874-ADFD9F4FD4B2}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{C378F7C0-8994-4E0E-A525-A7D53CFFCFF2}C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{4FA18C39-76D3-46AC-BC8D-B24E34812C67}C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{22D6B817-22A5-44A1-B19E-A7F3B51B305E}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4FA010D8-FCC4-4327-9DFB-B1A13789F633}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{36956388-630B-4603-9A5A-EFE00BA1238C}C:\program files\epic games\thelongdark\tld.exe] => (Allow) C:\program files\epic games\thelongdark\tld.exe => No File
FirewallRules: [TCP Query User{33389904-7F1B-46E1-80DB-FA613922702D}C:\program files\epic games\thelongdark\tld.exe] => (Allow) C:\program files\epic games\thelongdark\tld.exe => No File
FirewallRules: [UDP Query User{0F9460AC-9E4E-4E7A-9EF4-88F16F9D98B9}C:\program files (x86)\overwatch\_ptr_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{06642D78-6604-478B-B129-3A9926B52F8C}C:\program files (x86)\overwatch\_ptr_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{90C3E9A1-2DF9-4DD3-A84D-01B5C7E80E65}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F7377BA5-94F6-4088-9C09-EFCAE015EF35}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{0342B118-3737-43C1-89E1-BE4BE03FBD33}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{67D9DB0B-C116-4AD7-B8FC-26B093E057DD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D8534AEC-662E-4EA4-BFE3-72038782091D}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{99F9E812-AD8A-462E-B4DE-6A0093050C1D}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{B3D077D7-48E3-422C-AA24-91E76E68102C}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FE17A816-3AE6-4D61-A280-69AC09730E97}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{66AFAE66-7608-41B6-A5B6-423FDA161F30}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9357B0B5-04C2-44C4-8B4C-C75EAF3A7CA9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{9F00FFD2-057E-44E6-8555-81C1495F69E0}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{00F78E1D-FB7A-40D0-9902-08BF5A6B475C}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{0CE8D202-D097-43E1-B3F6-FBF7898E9CBF}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B038613E-9F66-4350-A497-6AB8F86E9A1A}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C802924F-AB96-4147-BAE3-C833892C8D0E}C:\program files\epic games\theescapists2\theescapists2.exe] => (Block) C:\program files\epic games\theescapists2\theescapists2.exe => No File
FirewallRules: [UDP Query User{430125C8-854A-4555-900C-F9558B833549}C:\program files\epic games\theescapists2\theescapists2.exe] => (Block) C:\program files\epic games\theescapists2\theescapists2.exe => No File
FirewallRules: [TCP Query User{79C50711-0F71-4140-B11F-7E8798713489}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{43B70227-FCF5-4392-9144-0B2A703FF9AA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{A7547A60-F0B0-4523-AB1D-0681CF7DC897}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{589DB5B1-B4E6-4DFD-A215-2EA239A45A4F}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8B5C3DD6-F356-499D-8AD3-3363BE51657D}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{65711726-0568-408A-89DE-26444F5B19D8}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [TCP Query User{D53D8733-2ED3-4907-968C-0A12C2F033CD}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{0976DD83-7C22-435B-AAE2-17033FC0AF51}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{0DBCD40A-31E0-4ABD-883C-04805EBA09D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{08FE3F76-5BD6-42D0-A283-CC07EE44BBF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C430C5A4-37C4-4530-8942-0AF9479206EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{00F2C82A-03EB-473C-A37A-476CB9B3E23E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{E57A3443-A984-45E6-BD71-F17AD0108047}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F5387AEF-BC37-44AC-91D0-9EB5FF81A84B}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9B4053D8-EF0E-49D1-99F4-F97440C0AA07}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{474AAFEF-D38F-41FC-BD1D-6BF7D532DE54}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8B55C37A-1101-4AA0-B31E-F183CD3944F9}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4FAEAC2E-CB58-40EC-BAAF-3CBC85E46018}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{74C62138-08B1-4BF3-BE39-E34124D9AD12}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{669031DC-54B2-4705-9736-2EF77AD9B46D}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{10FC208C-1D30-41D7-920F-62C7B126F992}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4378B4E1-3E5F-4116-93EC-0AF683128E96}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A98B4DFA-08B3-4084-9D09-0F9B2E2B524D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\WindowsNoEditor\Poppy_Playtime.exe => No File
FirewallRules: [{2BEF1E29-974B-4EB5-9EB7-8610A8E79AB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\WindowsNoEditor\Poppy_Playtime.exe => No File
FirewallRules: [{8F88FA8B-2EDA-490E-8DE2-8BB80C635B14}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2094FDD-3A20-4FE3-A24E-E980F0CB726A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F40766D3-B326-47FC-9BD1-1C4D51E07637}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D72F69CA-2617-47F0-B067-C033B70E14F6}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{00A1FB83-4B37-4A00-9B7D-9F7A3ED9B5E8}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [{8FCCD849-5A39-43CA-B1A0-1B0C17200F4A}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0A45DCBA-40F4-403B-9984-B169577E287A}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{E9C7A885-8D50-4A99-BCC1-4E4B6F0693C1}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{03A8DFDB-C9E9-44AA-828F-F2F8496B66FA}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{77CF5B79-C372-4FB8-9CDD-11366C6CD504}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{E47F69A7-72D8-49BA-A0E0-38D653CC8671}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A53B1CF8-7C82-4F3D-BFC4-5BBD1198433B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\PlaytimeLauncher\PlaytimeLauncher.exe => No File
FirewallRules: [{6CB29672-FFDD-43E7-925C-8E66C3256FA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\PlaytimeLauncher\PlaytimeLauncher.exe => No File
FirewallRules: [{12DC7A43-1739-43BE-B96A-A2004F688270}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B986D6FF-F406-43EC-9445-58BB61F2E5C5}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DACDDFED-298B-4962-B48B-6C65AE641A38}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{007D4C7A-A61F-49B7-858B-DCDB98F51BBA}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{433B2A26-C00B-4B0C-866B-A7BF2B4B01D6}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{CD710D27-FDBA-47D4-A8DE-15A2C51AEA00}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B141ADAA-8B80-403A-A1D0-1DEF598B033E}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4D04FBB6-E0F2-460E-827A-87767EA208B9}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{217BB43E-5DCE-4AFA-96FD-6577004F946C}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F03D3705-3570-49F2-9162-8C9304F5E30F}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{915C9A39-A9B0-42C0-9D71-8B2CF6985646}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A17AD442-5141-4D27-B26A-D4DB1B2F62B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15601.20088.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{54AFCD9B-6A8A-4A2B-AF65-1C8202AEE4C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13D747FA-FDA6-420D-BBFB-1D2D7B9C00D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B740358B-0A04-4C65-9185-9F51E4017960}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{825F3E5E-A8D7-48F9-BE1A-3AE4A6C81F06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3AE6C8B7-C0AF-4241-8579-45B9C59A0F7E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.33\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE18D0D9-1A89-4E52-A5A1-2D6C612C6DA0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E277AC70-1E54-45DF-A85E-85048C527134}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD1F8054-D2DC-44BF-A9C1-57BB221CC36E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14D1C562-D312-4230-911C-99B2FD77E03F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2EEB219-E43A-4FA2-A411-1E0123F43636}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BDA32733-B5E0-42CB-8DA1-345B077BC3A8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{88039947-F365-4457-90FF-A91A173297E5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7953DAFF-7D2F-4A6F-939B-1A32AF57AE1A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
13-09-2022 20:06:59 Windows Modules Installer
13-09-2022 20:10:09 Windows Modules Installer
13-09-2022 20:23:30 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/15/2022 03:56:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.0.24:57166 to 192.168.0.10:5353 length 0 too short
Error: (09/15/2022 10:52:41 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-MNATPML$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority "amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 15 Sep 2022 16:52:40 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 83ebe822-abe2-444f-9996-d72a6eb983e3
Method: GET(781ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/15/2022 06:31:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1949 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 510
Start Time: 01d8c8fe2eda71ef
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 8d93b841-343d-494a-8b9a-2fde6ddb4919
Faulting package full name: Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Hang type: Quiesce
Error: (09/15/2022 06:20:02 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-MNATPML$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority "amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 15 Sep 2022 12:20:02 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: e9bafee5-6a30-44d0-a673-c4bc886f145c
Method: GET(1906ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/14/2022 09:34:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (09/14/2022 09:34:45 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (09/14/2022 07:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.0.17:59871 to 192.168.0.10:5353 length 0 too short
Error: (09/14/2022 05:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.0.28:50399 to 192.168.0.10:5353 length 0 too short
System errors:
=============
Error: (09/15/2022 11:05:15 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffa1004d351010, 0x00000000000000ff, 0x0000000000000000, 0xfffff802bde695ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 02a3a725-472c-4781-9211-4bd091f4867e.
Error: (09/15/2022 11:03:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
Error: (09/15/2022 10:52:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDWSCService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/15/2022 10:52:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the SDWSCService service to connect.
Error: (09/15/2022 10:52:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/15/2022 10:52:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the SDScannerService service to connect.
Error: (09/15/2022 10:50:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:18:29 AM on 9/15/2022 was unexpected.
Error: (09/15/2022 06:24:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Windows Defender:
================
Date: 2021-07-08 20:25:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2022-03-20 07:09:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.361.345.0
Previous security intelligence Version: 1.343.658.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.19000.8
Previous Engine Version: 1.1.18300.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2022-03-20 07:09:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.361.345.0
Previous security intelligence Version: 1.343.658.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.19000.8
Previous Engine Version: 1.1.18300.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2022-03-20 07:09:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.19000.8
Previous Engine Version: 1.1.18300.4
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===============
Date: 2022-09-15 15:31:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Microsoft signing level requirements.
Date: 2022-09-15 11:52:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-15 11:04:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\setup\uat_3452.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-15 10:57:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2022-09-15 10:56:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.05 01/29/2018
Motherboard: HP 8433
Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G
Percentage of memory in use: 37%
Total physical RAM: 15788.77 MB
Available physical RAM: 9798.73 MB
Total Virtual: 18220.77 MB
Available Virtual: 9922.57 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:915.17 GB) (Free:446.27 GB) (Model: ST1000DM003-1SB102) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:1.75 GB) (Model: ST1000DM003-1SB102) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{15888f61-fc32-4387-9ceb-4a16a8a4cf76}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
\\?\Volume{3a67c860-4f4a-07bf-1000-5763d3e2c1e4}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{70f7596f-bd69-4bba-9479-6592ca6c93bd}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
==================== End of Addition.txt =======================