Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2022
Ran by Marie (25-05-2022 16:46:51)
Running from C:\Users\Marie\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) (2022-05-20 23:14:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2964040095-1466076873-307546714-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2964040095-1466076873-307546714-503 - Limited - Disabled)
Guest (S-1-5-21-2964040095-1466076873-307546714-501 - Limited - Disabled)
Marie (S-1-5-21-2964040095-1466076873-307546714-1001 - Administrator - Enabled) => C:\Users\Marie
WDAGUtilityAccount (S-1-5-21-2964040095-1466076873-307546714-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Out of date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM-x32\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{9D569A6E-C9DF-490E-93E0-7AFD28D1F9BB}) (Version: 20.23.401.14519 - Alcor Micro Corp.)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Input Configuration (HKLM-x32\...\{7DDF7571-64BD-4232-9729-20FF10CE6C62}) (Version: 1.0.3 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.11 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0047 - ASUS)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.1.19 - ICEpower a/s)
Bitdefender Agent (HKLM-x32\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM-x32\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.17.192 - Bitdefender)
Blender (HKLM-x32\...\{D6E38255-FB12-4724-A6FF-075B43272C66}) (Version: 2.92.0 - Blender Foundation)
calibre 64bit (HKLM-x32\...\{0FD8DB9D-5D78-4919-9413-0940F43334DD}) (Version: 4.23.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MX530 series MP Drivers (HKLM-x32\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX530_series) (Version: 1.01 - Canon Inc.)
Canon MX530 series On-screen Manual (HKLM-x32\...\Canon MX530 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX530 series User Registration (HKLM-x32\...\Canon MX530 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
CLIP STUDIO 1.8.0 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.8.0 - CELSYS)
CLIP STUDIO PAINT 1.8.2 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.8.2 - CELSYS)
Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
DiagnosticsHub_CollectionService (HKLM-x32\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32\...\{9EC04694-BDDB-470F-9986-4D8A059D64C5}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
f.lux (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\Flux) (Version:  - f.lux Software LLC)
Gadget Collection version 1.0 (HKLM-x32\...\{99807D63-6EE7-424B-9F30-B581CD2E5795}_is1) (Version: 1.0 - Zomb's Lair)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 101.0.4951.67 - Google LLC)
icecap_collection_neutral (HKLM-x32\...\{705A0B76-17AA-47A8-A363-243C1A9E65AA}) (Version: 16.2.29111 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM-x32\...\{D7609B51-0FF2-40C8-81B6-FF525B16E425}) (Version: 16.2.29111 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{911B9EB8-F286-4324-8493-5FF9D2F00486}) (Version: 16.2.29111 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{112C7251-6110-40E3-8FE7-7D0F53D96995}) (Version: 16.1.28829 - Microsoft Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{3AE6FD56-D431-4B53-94F0-95E844206ADF}) (Version: 10.1.1.32 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{8E1338CD-2B65-47CB-94F1-8092443EC46B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{E04E7192-DD1D-4266-80F3-D5C94E264B9D}) (Version: 11.5.0.1015 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7325 - Intel Corporation)
Intel(R) Serial IO (HKLM-x32\...\{958B0D39-70C4-4C0A-A09C-2DBC9DF499FF}) (Version: 30.63.1620.03 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM-x32\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{09B8FFA4-5222-4271-8AA9-CDC98AD64863}) (Version: 18.1.1613.3274 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0961a92c-ad83-40dd-a0fc-29ba41e5349d}) (Version: 20.50.3 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM-x32\...\{9E9EC22E-5FB0-40D1-AC22-C3700EA76185}) (Version: 20.50.3.1498 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM-x32\...\{3973721B-C2ED-4505-98B6-752897ECF2F1}) (Version: 1.42.680.1 - Intel Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{1C92D642-AD8C-4319-8E7B-5D6AA55F430B}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
King of Dragon Pass (HKLM-x32\...\King of Dragon Pass_is1) (Version:  - GOG.com)
Microsoft OneDrive (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\OneDriveSetup.exe) (Version: 22.089.0426.0003 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM-x32\...\Mozilla Firefox 100.0.2 (x64 en-GB)) (Version: 100.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM-x32\...\Notepad++) (Version: 7.6 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM-x32\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
paint.net (HKLM-x32\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
Pathologic Classic HD (HKLM-x32\...\1444818876_is1) (Version: 2.0.0.1 - GOG.com)
Pentablet version 1.6.4.200810 (HKLM-x32\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 1.6.4.200810 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8858.1 - Realtek Semiconductor Corp.)
RPG Maker 2000 RTP 1.60 (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\RPG Maker 2000 RTP) (Version: 1.60 - KADOKAWA GAMES)
RPG Maker 2003 RTP 1.10a (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\RPG Maker 2003 RTP) (Version: 1.10a - KADOKAWA GAMES)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Skype version 8.64 (HKLM-x32\...\Skype_is1) (Version: 8.64 - Skype Technologies S.A.)
SoulseekQt version 2019.7.22 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2019.7.22 - Soulseek LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Shock 2 (HKLM-x32\...\1207659172_is1) (Version: 2.46_nd - GOG.com)
Thief 2 - The Metal Age (HKLM-x32\...\GOGPACKTHIEF2_is1) (Version: 2.0.0.18 - GOG.com)
Thief GOLD (HKLM-x32\...\GOGPACKTHIEF1GOLD_is1) (Version: 2.0.0.46 - GOG.com)
Thief Gold (HKLM-x32\...\Thief Gold_is1) (Version:  - GOG.com)
Ultimate Doom Builder (HKLM-x32\...\Ultimate Doom Builder_is1) (Version:  - ZZYZX)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM-x32\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{BFFDC70B-C973-41D3-B009-E64E08230E7D}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{78500789-0EBE-4490-BE43-F9EF8250BF42}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM-x32\...\{4137D3AB-5B44-4AC9-83A4-5273F2E2547E}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{213DB54D-B2BA-4517-B126-21514CAA79D3}) (Version: 16.2.29111 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{19A2A8BC-4971-415D-84BF-11FD94BC7C30}) (Version: 16.2.29012 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{B6302FE7-B486-490B-AEE8-CB7858DD1B6F}) (Version: 16.2.29012 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{7E846069-BA07-434B-9037-ECDCFFFEEF97}) (Version: 16.2.29006 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{9DB417AD-0662-44E9-989F-E7102C5CC386}) (Version: 16.2.29111 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{92B3118C-3214-4BFA-89A0-5FF5EDFA2AEA}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.1 - ASUS)
Yume Nikki 0.10 English (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\Yume Nikki 0.10 English) (Version:  - )
Zoom (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-05-23] (Canon Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-05-23] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-16] (Microsoft Corporation)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.0.30391.0_x64__8wekyb3d8bbwe [2022-05-23] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-13] (Notepad++ -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxDTCM.dll [2019-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Marie\Desktop\Media\old work\MISC STUFF I WAS SCARED TO DELETE\First user - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Marie\Desktop\Media\old work\MISC STUFF I WAS SCARED TO DELETE\Marie - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) =============

2016-10-12 22:17 - 2016-10-12 22:17 - 000125440 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-10-12 22:17 - 2016-10-12 22:17 - 000033280 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2020-11-30 16:32 - 2022-03-04 03:23 - 126965248 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2020-11-30 16:32 - 2021-11-17 12:38 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2020-11-30 16:32 - 2021-11-17 12:38 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2016-10-12 22:17 - 2016-10-12 22:17 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2016-10-12 22:17 - 2016-10-12 22:17 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2016-10-12 22:17 - 2016-10-12 22:17 - 000165888 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2020-09-16 18:19 - 2017-07-05 13:49 - 000593920 _____ (CANON INC.) [File not signed] [File is in use] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2020-09-17 17:44 - 2013-08-02 08:43 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2020-09-17 17:44 - 2013-08-02 08:42 - 000307200 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2020-09-16 18:19 - 2017-07-05 13:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2020-03-07 22:54 - 2013-09-11 16:50 - 000360448 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2018-12-02 14:13 - 2018-04-30 13:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-04-20 15:02 - 2020-04-20 15:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-20 15:02 - 2020-04-20 15:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2020-11-30 16:32 - 2022-03-04 03:23 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2964040095-1466076873-307546714-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\dotnet\;C:\Program Files\Calibre2\
HKU\S-1-5-21-2964040095-1466076873-307546714-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie\Desktop\Media\zones\hiorns-seizure-25.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9DA19C3F-7562-46CB-9B04-8E0034598E2D}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe => No File
FirewallRules: [{14EE1769-2C28-4602-BB69-E00C7F03D0C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{B232E677-E582-48D7-B4AA-F455E7CC67EA}C:\users\marie\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\marie\appdata\local\discord\app-1.0.9004\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [TCP Query User{3AC4381A-27D4-4374-B5FD-047AFDA87737}C:\users\marie\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\marie\appdata\local\discord\app-1.0.9004\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [{E8EF1297-2FB6-414C-A998-8A36A225D43E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BadFaith-DEMO-market\BadFaith-DEMO-market\BadFaith.exe () [File not signed]
FirewallRules: [{DE3E3046-DA6C-4436-ABAE-F05C89C2CC0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BadFaith-DEMO-market\BadFaith-DEMO-market\BadFaith.exe () [File not signed]
FirewallRules: [{80265F6D-3B2E-4F70-9D91-F837F6B8310D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Get In The Car, Loser!\Get in the Car Loser.exe () [File not signed]
FirewallRules: [{BFF41271-C435-4971-9AB7-CB23CEA0A04B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Get In The Car, Loser!\Get in the Car Loser.exe () [File not signed]
FirewallRules: [{26550D8A-9BE1-46E4-BE9A-23D45D4D3DBF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{235F5BBC-573E-4E9F-BB4F-1E2A40B656B5}C:\users\marie\desktop\media\games\first-land-windows\first land\firstland.exe] => (Block) C:\users\marie\desktop\media\games\first-land-windows\first land\firstland.exe () [File not signed]
FirewallRules: [TCP Query User{D599DC57-7D98-46C0-A84A-A8AA440BFC7B}C:\users\marie\desktop\media\games\first-land-windows\first land\firstland.exe] => (Block) C:\users\marie\desktop\media\games\first-land-windows\first land\firstland.exe () [File not signed]
FirewallRules: [{A5EADFC8-8552-42C8-A906-2979B66FE765}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Umineko\Umineko1to4.exe (Studio OGA/insani/Haeleth/Sonozaki(UncleMion)) [File not signed]
FirewallRules: [{0B6FDD13-4788-4B23-BD2A-797F9331940F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Umineko\Umineko1to4.exe (Studio OGA/insani/Haeleth/Sonozaki(UncleMion)) [File not signed]
FirewallRules: [UDP Query User{BD72EDBC-B79A-46CC-B893-23F57F7B044C}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [TCP Query User{B4FC8FA8-660B-4385-B241-FDFDE87C4A4E}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [UDP Query User{B6B884FB-2931-4973-8FE7-B743319B3510}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{27BD57E0-0458-4149-9CD2-375513B2C697}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{EDAB5042-08AA-43EF-B456-856D2A172636}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cruelty Squad\crueltysquad.exe (Godot Engine) [File not signed]
FirewallRules: [{F449C93B-C043-43CF-8605-2ABA0EC9C43A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cruelty Squad\crueltysquad.exe (Godot Engine) [File not signed]
FirewallRules: [{1A6A7C90-2B19-4E9D-98C8-01D4F8A03145}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi When They Cry Hou - Ch.8 Matsuribayashi\HigurashiEp08.exe () [File not signed]
FirewallRules: [{9C5DDE70-5E70-49EC-8D2E-151ACCF5F28B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi When They Cry Hou - Ch.8 Matsuribayashi\HigurashiEp08.exe () [File not signed]
FirewallRules: [UDP Query User{D7732202-53EB-43F6-8CC4-0E50BF664960}C:\users\marie\desktop\projects\3ds modding\newsuperultimateinjector3ds_beta26\release\new super ultimate injector for 3ds.exe] => (Allow) C:\users\marie\desktop\projects\3ds modding\newsuperultimateinjector3ds_beta26\release\new super ultimate injector for 3ds.exe (Asdolo) [File not signed]
FirewallRules: [TCP Query User{D85570C4-72AC-485D-A404-36297EFE7E14}C:\users\marie\desktop\projects\3ds modding\newsuperultimateinjector3ds_beta26\release\new super ultimate injector for 3ds.exe] => (Allow) C:\users\marie\desktop\projects\3ds modding\newsuperultimateinjector3ds_beta26\release\new super ultimate injector for 3ds.exe (Asdolo) [File not signed]
FirewallRules: [{FF947786-EDCA-4306-90AC-FDA05EB3CE46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hello Charlotte EP1\Game.exe () [File not signed]
FirewallRules: [{4773033F-2A02-47F3-BA7C-EFBB710BEFA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hello Charlotte EP1\Game.exe () [File not signed]
FirewallRules: [{786547FA-0757-4BE6-BCE8-DACDA16E930C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{286BA3E5-3C12-4333-8FC5-D727D4EE0982}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F137624A-DBE4-46D3-964B-CAFCAC7D2BA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{47E65306-9BFC-4229-B37E-2B2510380843}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [UDP Query User{9157C0EF-FEAB-4F90-AD1A-4C9A4C90B58D}C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe] => (Allow) C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe => No File
FirewallRules: [TCP Query User{E63FA332-9178-48B2-85CE-072DD3D2FB3E}C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe] => (Allow) C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe => No File
FirewallRules: [UDP Query User{35A67AAE-5964-4DAF-94FD-ED6B3E6C38B0}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe => No File
FirewallRules: [TCP Query User{3B28BC87-997C-4D35-AB70-F2EF685087CB}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe => No File
FirewallRules: [UDP Query User{DFF7CF1A-740E-49DC-931D-96FF9D402DF0}C:\users\marie\downloads\wad_collection_(the_ultimate_doom,_doom_ii,_final_doom,_heretic,_hexen,_hexen_deathkings_of_the_dark_citadel_and_strife_wads)_by_lovok\doom\chocolate-doom-3.0.0-win32\chocolate-doom.exe] => (Allow) C:\users\marie\downloads\wad_collection_(the_ultimate_doom,_doom_ii,_final_doom,_heretic,_hexen,_hexen_deathkings_of_the_dark_citadel_and_strife_wads)_by_lovok\doom\chocolate-doom-3.0.0-win32\chocolate-doom.exe (chocolate-doom-dev-list@chocolate-doom.org) [File not signed]
FirewallRules: [TCP Query User{CDAACABB-4D97-43F6-8005-883A9F60FAC3}C:\users\marie\downloads\wad_collection_(the_ultimate_doom,_doom_ii,_final_doom,_heretic,_hexen,_hexen_deathkings_of_the_dark_citadel_and_strife_wads)_by_lovok\doom\chocolate-doom-3.0.0-win32\chocolate-doom.exe] => (Allow) C:\users\marie\downloads\wad_collection_(the_ultimate_doom,_doom_ii,_final_doom,_heretic,_hexen,_hexen_deathkings_of_the_dark_citadel_and_strife_wads)_by_lovok\doom\chocolate-doom-3.0.0-win32\chocolate-doom.exe (chocolate-doom-dev-list@chocolate-doom.org) [File not signed]
FirewallRules: [UDP Query User{94B5D445-BBDC-4368-A86C-FF8FDC0AE98A}C:\gog games\shadowrun hong kong extended edition\srhk.exe] => (Allow) C:\gog games\shadowrun hong kong extended edition\srhk.exe => No File
FirewallRules: [TCP Query User{F43788DE-83ED-4619-A9DB-C3896C4CED55}C:\gog games\shadowrun hong kong extended edition\srhk.exe] => (Allow) C:\gog games\shadowrun hong kong extended edition\srhk.exe => No File
FirewallRules: [{3D4BC587-495B-4263-AB71-ABDDA23EE4AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{0AB1A933-A620-4467-917C-22489567617F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{04733B03-BD48-48FF-AF0F-B19548F69A5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [{149DB85A-30F1-4560-9D32-8693DFD5DC62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [UDP Query User{C4B9FF35-0E9B-4828-83EB-CA37955AE3BF}C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe] => (Allow) C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe => No File
FirewallRules: [TCP Query User{94D0D0F1-6F42-48F2-B012-452E01595270}C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe] => (Allow) C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe => No File
FirewallRules: [{6D4C50A0-6DBD-44D4-B1BA-6F4D69A5269E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{C72BC142-B600-4309-A656-DEE2DF738059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{D637D393-5EFB-4F68-9177-D5D9550CE17B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe => No File
FirewallRules: [{CBCEAF9A-5E51-4971-8AFA-58C185175D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe => No File
FirewallRules: [{66E6AA2E-5208-4B0D-B878-E965F54BB1D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [{0B52DA8F-076D-4935-B5FF-60023D6476DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [{D4E0DB3B-D416-4425-807A-15033926880E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{59021CD3-CCF2-476D-9B39-C3D618DC40D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hylics\Game.exe => No File
FirewallRules: [{42F5F655-9A24-4A96-A613-C6F15056823D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hylics\Game.exe => No File
FirewallRules: [{21102713-5DB3-4898-A273-51F79839BAD6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{03F04FE3-E90F-477E-AC88-1DFCFD766AF4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F4D295AA-CBB4-4AD0-9744-A3266CEDF26B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => No File
FirewallRules: [{DC3C219B-F2CD-4442-8B87-F42C4EF05C3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => No File
FirewallRules: [{4BF7BB51-D08A-4713-844E-F538ED3AB544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File
FirewallRules: [{71265262-6C56-4087-A472-C97A8BEDFE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File
FirewallRules: [UDP Query User{68A4B211-A6AD-4003-A5A0-ED5635EEC0F2}C:\users\marie\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\marie\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [TCP Query User{C1ECB21B-D5C9-49F7-8470-C20739FDC21E}C:\users\marie\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\marie\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [{3D43AFD2-E5C0-439C-8B68-EDFA79B0E842}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe => No File
FirewallRules: [{1942E64B-322B-43A9-B88B-E08570E0B4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe => No File
FirewallRules: [{AC14D700-00A7-4A43-B82C-0E8A33DE0375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{6CEA770F-B4F9-456F-9B42-96D68032ABDA}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{349422F6-C616-41C5-91BC-5F0CAAE0DD7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{DD1A0923-7E95-456C-99B7-47FF317EA91E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{6A3504FE-4B96-49B5-AACB-C8C0C6528683}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1E0144E6-CCF1-4767-981E-B99EA2365C79}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{711FDEEF-B510-4133-9C34-81F1A0686771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe => No File
FirewallRules: [{2566CD25-F04E-4F1A-A3BC-A23E0CAF71DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe => No File
FirewallRules: [{5BCAD969-125F-480A-8889-017E507B042D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{DCE6D5A3-09A3-42DE-8C2F-6C0DFBC3C51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{B67ECDFD-9C58-452E-86C2-AE9D792AE669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Our Asias\All Our Asias.exe => No File
FirewallRules: [{F99743CA-D186-4E1A-B468-9D91D82CFDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Our Asias\All Our Asias.exe => No File
FirewallRules: [{61A7D82F-A2E2-4FB2-8E25-1DB5DF022193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hook\hook.exe => No File
FirewallRules: [{EA1889EC-8F00-4AB4-8744-C99D4672C2A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hook\hook.exe => No File
FirewallRules: [{B0B9867A-98F2-455A-A1CA-299AAF5AD844}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Engare\Engare.exe => No File
FirewallRules: [{D74A4762-A7B0-4399-BFAE-841A65468FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Engare\Engare.exe => No File
FirewallRules: [{57EB884D-7C27-4006-B77A-A16ABDCFFBFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mountain\Mountain.exe => No File
FirewallRules: [{F740F60E-3029-46CB-8F31-0A9A6C5233BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mountain\Mountain.exe => No File
FirewallRules: [{D8EF20DC-6E92-4A93-86D7-894AC74A17F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe => No File
FirewallRules: [{0B8B652A-1420-4FA5-BE71-ED4B6B8AD080}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe => No File
FirewallRules: [{C9E922BB-B8B4-49AB-926B-7B3A012D3FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora RUtM\MomodoraRUtM.exe => No File
FirewallRules: [{4840A2DE-9C68-4981-9726-D35961EEBFAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora RUtM\MomodoraRUtM.exe => No File
FirewallRules: [TCP Query User{E8AE2D59-5EBD-473F-B822-B867AB82C869}C:\program files\fox\no one lives forever\ereg\navbrowser.exe] => (Block) C:\program files\fox\no one lives forever\ereg\navbrowser.exe => No File
FirewallRules: [UDP Query User{26DF90D8-B9F9-40DF-8AD9-46605D9AE9DF}C:\program files\fox\no one lives forever\ereg\navbrowser.exe] => (Block) C:\program files\fox\no one lives forever\ereg\navbrowser.exe => No File
FirewallRules: [TCP Query User{BD5A5C88-C536-4F93-A9FA-8BB199CF97C4}C:\program files (x86)\halo combat evolved\halo.exe] => (Allow) C:\program files (x86)\halo combat evolved\halo.exe => No File
FirewallRules: [UDP Query User{E8B9DF46-CCA8-4D99-856A-DB86E3FF3EE2}C:\program files (x86)\halo combat evolved\halo.exe] => (Allow) C:\program files (x86)\halo combat evolved\halo.exe => No File
FirewallRules: [TCP Query User{7599CEC9-651C-4CCC-AB6D-BAE0E45A2DDB}C:\users\marie\appdata\local\temp\ss2tool\rsync.exe] => (Allow) C:\users\marie\appdata\local\temp\ss2tool\rsync.exe => No File
FirewallRules: [UDP Query User{DB5CCA03-D5D5-49E9-BFD9-3D792C7C3FF2}C:\users\marie\appdata\local\temp\ss2tool\rsync.exe] => (Allow) C:\users\marie\appdata\local\temp\ss2tool\rsync.exe => No File
FirewallRules: [TCP Query User{D21F674E-3017-4C98-B800-B780EEC27CA2}C:\gog games\divinity - original sin 2\bin\eocapp.exe] => (Block) C:\gog games\divinity - original sin 2\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{F77F8FFA-C3F5-4AD3-9FEA-16F6E42B0840}C:\gog games\divinity - original sin 2\bin\eocapp.exe] => (Block) C:\gog games\divinity - original sin 2\bin\eocapp.exe => No File
FirewallRules: [{429C0AF1-52DA-4D37-98AC-BC92CCB2AB5A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A8345EF4-F0BB-47CE-9BA3-C22CA3A49FB9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{71666B9D-1B10-4E2D-86B7-76A11BDCD128}] => (Allow) C:\Users\Marie\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BC3AA50D-CF7D-4386-B513-12BB81AF071E}] => (Allow) C:\Users\Marie\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{623B99CE-5E9D-42FC-B6F5-3C6F1B3725AB}] => (Allow) C:\Users\Marie\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{684A1CB3-EB3F-4505-A2EB-5A7BCAF4FB8E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9FAC2ACF-50BE-476D-90EB-5EE412BEAAFD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{18A1C940-9AB5-4499-98D2-CE1D2E695E94}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EC1AF86E-821E-467C-A7FE-188F56B1B727}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

23-05-2022 16:27:59 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/25/2022 03:05:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 23.5.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2b1c

Start Time: 01d8703fc48a0f4c

Termination Time: 30

Application Path: C:\Users\Marie\Desktop\Tools\FRST64.exe

Report Id: 6a8d5eab-3995-4013-b99a-11be515a1742

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (05/25/2022 01:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.8.5.0, time stamp: 0x595c7036
Faulting module name: combase.dll, version: 10.0.19041.1682, time stamp: 0xccf6903a
Exception code: 0xc0000005
Fault offset: 0x000a2824
Faulting process ID: 0x3730
Faulting application start time: 0x01d870372c8b2230
Faulting application path: C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
Faulting module path: C:\WINDOWS\System32\combase.dll
Report ID: dbb5e360-cdec-4328-a1dd-6fdedf2f61e2
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/23/2022 11:56:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (05/23/2022 11:56:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (05/21/2022 12:08:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1409.

Error: (05/21/2022 12:08:28 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (05/21/2022 12:08:28 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (05/21/2022 12:08:28 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.


System errors:
=============
Error: (05/25/2022 02:04:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Display - 26.20.100.7325.

Error: (05/24/2022 02:43:32 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147500053.

Error: (05/23/2022 11:59:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Display - 26.20.100.7325.

Error: (05/23/2022 02:01:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (05/23/2022 02:01:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (05/21/2022 04:40:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.367.260.0).

Error: (05/21/2022 04:24:25 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/21/2022 04:24:18 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Windows Defender:
================
Date: 2022-05-25 15:11:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-05-25 15:01:18
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner!MSR&threatid=2147743972&enterprise=0
Name: Trojan:Win32/CoinMiner!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450; file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Marie\Desktop\Tools\FRST64.exe
Security intelligence Version: AV: 1.367.457.0, AS: 1.367.457.0, NIS: 1.367.457.0
Engine Version: AM: 1.1.19200.6, NIS: 1.1.19200.6

Date: 2022-05-25 15:01:17
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner!MSR&threatid=2147743972&enterprise=0
Name: Trojan:Win32/CoinMiner!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Marie\Desktop\Tools\FRST64.exe
Security intelligence Version: AV: 1.367.457.0, AS: 1.367.457.0, NIS: 1.367.457.0
Engine Version: AM: 1.1.19200.6, NIS: 1.1.19200.6

Date: 2022-05-25 14:41:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-05-25 14:29:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-05-25 15:49:55
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-25 15:42:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. UX330UAK.315 04/19/2019
Motherboard: ASUSTeK COMPUTER INC. UX330UAK
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 81%
Total physical RAM: 8077.25 MB
Available physical RAM: 1533.64 MB
Total Virtual: 11533.25 MB
Available Virtual: 3476.74 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:475.36 GB) (Free:112.68 GB) (Model: Micron_1100_MTFDDAV512TBN) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{fdc253f9-eac6-4428-916f-4ce085b83e79}\ () (Fixed) (Total:0.52 GB) (Free:0.05 GB) NTFS
\\?\Volume{673d29a5-520f-446d-82f4-f8f67091c820}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.44 GB) NTFS
\\?\Volume{cb042d9b-634c-4cba-bd86-5ae9561d65f8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: B4A946F2)

Partition: GPT.

==================== End of Addition.txt =======================