Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Very Slow System- Painfully slow when opening pages or programs

Started by Steviep , May 05 2024 09:26 AM

Please log in to reply

#16
Steviep

Posted 08 May 2024 - 01:46 PM

Member

Topic Starter
Member
354 posts

Good

#17
Steviep

Posted 08 May 2024 - 01:46 PM

Member

Topic Starter
Member
354 posts

Good

#18
Steviep

Posted 08 May 2024 - 01:47 PM

Member

Topic Starter
Member
354 posts

It was Good

#19
DR M

Posted 08 May 2024 - 02:00 PM

The Grecian Geek

Malware Removal
4,174 posts

It's good that ... it's good.

I'll review your logs by tomorrow and be back to you with some other suggestions/fixes/scans.

#20
DR M

Posted Yesterday, 08:16 AM

The Grecian Geek

Malware Removal
4,174 posts

Hi.

1. F-Secure extension

I still see the extension in Chrome's profile 3. Please, remove it, as you did with the Default Profile before.

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "F:\unlock.exe" autoplay=true
Task: {8174534F-846C-43D6-9F52-56BA44C95357} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\steve\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File)
Task: {2DF26393-3B13-41E8-8885-11D78F2F04A9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\steve\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2022-03-16] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-02-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 MpKsl8b4d2d82; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9FF093F-9641-4574-88EB-31266A401FFF}\MpKslDrv.sys [X]
S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-10-30] (TEFINCOM S.A. -> WireGuard LLC)
C:\WINDOWS\system32\DRIVERS\nlwt.sys
C:\WINDOWS\System32\drivers\wintun.sys
C:\WINDOWS\System32\drivers\wireguard.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

In your next reply please post:

If you successfully uninstalled the extension
The fixlog.txt
Feedback: how is the computer running now. Please, if the issues are still there, describe them in some detail

#21
Steviep

Posted Yesterday, 11:32 AM

Member

Topic Starter
Member
354 posts

Hi Dr M,

I have been unable to uninstall the extension, I have 3 profiles on thePC and cannot see the F-Secure extension when I go into each profile and check under extensions

Here is the fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01

Ran by steven (09-05-2024 16:08:21) Run:2

Running from C:\Users\steve\Desktop

Loaded Profiles: steven & Hannah & Gillian

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "F:\unlock.exe" autoplay=true

Task: {8174534F-846C-43D6-9F52-56BA44C95357} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\steve\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)

Task: {2DF26393-3B13-41E8-8885-11D78F2F04A9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\steve\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)

S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2022-03-16] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-02-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

S3 MpKsl8b4d2d82; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9FF093F-9641-4574-88EB-31266A401FFF}\MpKslDrv.sys [X]

S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-10-30] (TEFINCOM S.A. -> WireGuard LLC)

C:\WINDOWS\system32\DRIVERS\nlwt.sys

C:\WINDOWS\System32\drivers\wintun.sys

C:\WINDOWS\System32\drivers\wireguard.sys

DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2

CMD: DISM /Online /Cleanup-Image /RestoreHealth

CMD: SFC /scannow

EmptyTemp:

End::

*****************

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9674c4fe-ccbc-11e8-8391-7c2a317b0e98} => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8174534F-846C-43D6-9F52-56BA44C95357}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8174534F-846C-43D6-9F52-56BA44C95357}" => removed successfully

C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DF26393-3B13-41E8-8885-11D78F2F04A9}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DF26393-3B13-41E8-8885-11D78F2F04A9}" => removed successfully

C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully

HKLM\System\CurrentControlSet\Services\wintun => removed successfully

wintun => service removed successfully

HKLM\System\CurrentControlSet\Services\WireGuard => removed successfully

WireGuard => service removed successfully

MpKsl8b4d2d82 => service not found.

HKLM\System\CurrentControlSet\Services\nlwt => removed successfully

nlwt => service removed successfully

C:\WINDOWS\system32\DRIVERS\nlwt.sys => moved successfully

C:\WINDOWS\System32\drivers\wintun.sys => moved successfully

C:\WINDOWS\System32\drivers\wireguard.sys => moved successfully

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Deployment Image Servicing and Management tool

Version: 10.0.22621.2792

Image Version: 10.0.22631.3447

[== 3.8% ]

[== 3.9% ]

[== 4.1% ]

[== 4.2% ]

[== 4.3% ]

[== 4.5% ]

[== 4.7% ]

[== 4.8% ]

[== 5.0% ]

[== 5.1% ]

[=== 5.3% ]

[=== 5.4% ]

[=== 5.5% ]

[=== 5.7% ]

[=== 6.0% ]

[=== 6.2% ]

[=== 6.4% ]

[=== 6.5% ]

[=== 6.6% ]

[=== 6.9% ]

[==== 7.0% ]

[==== 7.1% ]

[==== 7.2% ]

[==== 7.5% ]

[==== 7.7% ]

[==== 7.8% ]

[==== 7.9% ]

[==== 8.1% ]

[==== 8.2% ]

[==== 8.5% ]

[==== 8.6% ]

[===== 8.8% ]

[===== 9.1% ]

[===== 9.4% ]

[===== 9.7% ]

[===== 10.3% ]

[====== 10.9% ]

[====== 11.2% ]

[====== 11.3% ]

[====== 11.6% ]

[====== 11.8% ]

[======= 12.1% ]

[======= 12.3% ]

[======= 12.5% ]

[======= 12.8% ]

[======= 13.0% ]

[======= 13.2% ]

[======= 13.6% ]

[======= 13.7% ]

[======== 14.0% ]

[======== 14.4% ]

[======== 14.6% ]

[======== 14.9% ]

[======== 15.2% ]

[========= 15.5% ]

[========= 15.9% ]

[========= 16.2% ]

[========= 16.4% ]

[========= 16.5% ]

[========= 16.8% ]

[========= 17.1% ]

[========= 17.2% ]

[========== 17.4% ]

[========== 17.5% ]

[========== 17.7% ]

[========== 18.0% ]

[========== 18.2% ]

[========== 18.3% ]

[========== 18.6% ]

[========== 18.7% ]

[========== 18.8% ]

[========== 18.9% ]

[=========== 19.1% ]

[=========== 19.2% ]

[=========== 19.4% ]

[=========== 19.5% ]

[=========== 19.6% ]

[=========== 19.7% ]

[=========== 19.9% ]

[=========== 20.0% ]

[=========== 20.2% ]

[=========== 20.4% ]

[=========== 20.5% ]

[=========== 20.7% ]

[============ 20.8% ]

[============ 21.1% ]

[============ 21.3% ]

[============ 21.4% ]

[============ 21.5% ]

[============ 21.7% ]

[============ 22.0% ]

[============ 22.2% ]

[============= 22.4% ]

[============= 22.5% ]

[============= 22.7% ]

[============= 22.9% ]

[============= 23.2% ]

[============= 23.5% ]

[============= 23.6% ]

[============= 23.8% ]

[============= 24.0% ]

[============= 24.1% ]

[============== 24.3% ]

[============== 24.7% ]

[============== 24.8% ]

[============== 25.1% ]

[============== 25.2% ]

[============== 25.4% ]

[============== 25.7% ]

[=============== 25.9% ]

[=============== 26.2% ]

[=============== 26.4% ]

[=============== 26.5% ]

[=============== 26.7% ]

[=============== 26.9% ]

[=============== 27.0% ]

[=============== 27.2% ]

[=============== 27.5% ]

[================ 27.7% ]

[================ 27.8% ]

[================ 27.9% ]

[================ 28.2% ]

[================ 28.5% ]

[================ 28.6% ]

[================ 28.7% ]

[================ 28.8% ]

[================ 28.9% ]

[================ 29.0% ]

[================ 29.1% ]

[================ 29.2% ]

[================ 29.3% ]

[================= 29.4% ]

[================= 29.6% ]

[================= 30.1% ]

[================= 30.7% ]

[================= 30.9% ]

[================== 31.1% ]

[================== 31.2% ]

[================== 31.3% ]

[================== 31.5% ]

[================== 31.6% ]

[================== 31.8% ]

[================== 32.0% ]

[================== 32.1% ]

[================== 32.2% ]

[================== 32.3% ]

[================== 32.4% ]

[================== 32.5% ]

[================== 32.8% ]

[=================== 32.9% ]

[=================== 33.1% ]

[=================== 33.2% ]

[=================== 33.4% ]

[=================== 33.5% ]

[=================== 33.7% ]

[=================== 33.8% ]

[=================== 34.0% ]

[=================== 34.2% ]

[=================== 34.3% ]

[=================== 34.4% ]

[==================== 34.5% ]

[==================== 34.6% ]

[==================== 34.7% ]

[==================== 34.8% ]

[==================== 34.9% ]

[==================== 35.0% ]

[==================== 35.1% ]

[==================== 35.2% ]

[==================== 35.3% ]

[==================== 35.4% ]

[==================== 35.5% ]

[==================== 35.6% ]

[==================== 35.7% ]

[==================== 35.8% ]

[==================== 35.9% ]

[==================== 36.0% ]

[==================== 36.1% ]

[==================== 36.2% ]

[===================== 36.2% ]

[===================== 36.3% ]

[===================== 36.4% ]

[===================== 36.5% ]

[===================== 36.6% ]

[===================== 36.7% ]

[===================== 36.8% ]

[===================== 36.9% ]

[===================== 37.0% ]

[===================== 37.1% ]

[===================== 37.2% ]

[===================== 37.3% ]

[===================== 37.4% ]

[===================== 37.5% ]

[===================== 37.7% ]

[===================== 37.8% ]

[===================== 37.9% ]

[====================== 38.0% ]

[====================== 38.1% ]

[====================== 38.2% ]

[====================== 38.3% ]

[====================== 38.6% ]

[====================== 38.9% ]

[====================== 39.2% ]

[====================== 39.4% ]

[====================== 39.5% ]

[====================== 39.6% ]

[======================= 39.8% ]

[======================= 39.9% ]

[======================= 40.1% ]

[======================= 40.2% ]

[======================= 40.3% ]

[======================= 40.4% ]

[======================= 40.5% ]

[======================= 40.6% ]

[======================= 40.8% ]

[======================= 41.0% ]

[======================= 41.2% ]

[======================== 41.5% ]

[======================== 41.9% ]

[======================== 42.1% ]

[======================== 42.3% ]

[======================== 42.6% ]

[========================= 43.2% ]

[========================= 43.6% ]

[========================= 43.7% ]

[========================= 44.2% ]

[========================= 44.4% ]

[========================= 44.8% ]

[========================== 45.2% ]

[========================== 45.5% ]

[========================== 46.1% ]

[===========================46.6% ]

[===========================46.7% ]

[===========================46.9% ]

[===========================47.2% ]

[===========================47.5% ]

[===========================48.2% ]

[===========================48.6% ]

[===========================49.0% ]

[===========================49.1% ]

[===========================49.2% ]

[===========================49.5% ]

[===========================50.3% ]

[===========================50.6% ]

[===========================50.9% ]

[===========================51.0% ]

[===========================51.2% ]

[===========================51.5% ]

[===========================51.7% ]

[===========================51.8% ]

[===========================52.0% ]

[===========================52.1% ]

[===========================52.2% ]

[===========================52.6% ]

[===========================52.8% ]

[===========================52.9% ]

[===========================53.0% ]

[===========================53.1% ]

[===========================53.2% ]

[===========================53.3% ]

[===========================53.4% ]

[===========================53.5% ]

[===========================53.6% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================53.9% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.5% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.0% ]

[===========================56.1% ]

[===========================56.2% ]

[===========================56.3% ]

[===========================56.4% ]

[===========================56.5% ]

[===========================56.7% ]

[===========================56.8% ]

[===========================56.9%= ]

[===========================57.0%= ]

[===========================57.1%= ]

[===========================57.8%= ]

[===========================57.9%= ]

[===========================58.0%= ]

[===========================58.6%= ]

[===========================59.2%== ]

[===========================59.4%== ]

[===========================59.9%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]

The restore operation completed successfully.

The operation completed successfully.

========= End of CMD: =========

========= SFC /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.

Verification 1% complete.

Verification 2% complete.

Verification 3% complete.

Verification 4% complete.

Verification 5% complete.

Verification 6% complete.

Verification 7% complete.

Verification 8% complete.

Verification 9% complete.

Verification 10% complete.

Verification 11% complete.

Verification 12% complete.

Verification 13% complete.

Verification 14% complete.

Verification 15% complete.

Verification 16% complete.

Verification 17% complete.

Verification 18% complete.

Verification 19% complete.

Verification 20% complete.

Verification 21% complete.

Verification 22% complete.

Verification 23% complete.

Verification 24% complete.

Verification 25% complete.

Verification 26% complete.

Verification 27% complete.

Verification 28% complete.

Verification 29% complete.

Verification 30% complete.

Verification 31% complete.

Verification 32% complete.

Verification 33% complete.

Verification 34% complete.

Verification 35% complete.

Verification 36% complete.

Verification 37% complete.

Verification 38% complete.

Verification 39% complete.

Verification 40% complete.

Verification 41% complete.

Verification 42% complete.

Verification 43% complete.

Verification 44% complete.

Verification 45% complete.

Verification 46% complete.

Verification 47% complete.

Verification 48% complete.

Verification 49% complete.

Verification 50% complete.

Verification 51% complete.

Verification 52% complete.

Verification 53% complete.

Verification 54% complete.

Verification 55% complete.

Verification 56% complete.

Verification 57% complete.

Verification 58% complete.

Verification 59% complete.

Verification 60% complete.

Verification 61% complete.

Verification 62% complete.

Verification 63% complete.

Verification 64% complete.

Verification 65% complete.

Verification 66% complete.

Verification 67% complete.

Verification 68% complete.

Verification 69% complete.

Verification 70% complete.

Verification 71% complete.

Verification 72% complete.

Verification 73% complete.

Verification 74% complete.

Verification 75% complete.

Verification 76% complete.

Verification 77% complete.

Verification 78% complete.

Verification 79% complete.

Verification 80% complete.

Verification 81% complete.

Verification 82% complete.

Verification 83% complete.

Verification 84% complete.

Verification 85% complete.

Verification 86% complete.

Verification 87% complete.

Verification 88% complete.

Verification 89% complete.

Verification 90% complete.

Verification 91% complete.

Verification 92% complete.

Verification 93% complete.

Verification 94% complete.

Verification 95% complete.

Verification 96% complete.

Verification 97% complete.

Verification 98% complete.

Verification 99% complete.

Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed

BITS transfer queue => 1572864 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37144111 B

Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B

Windows/system/drivers => 5104894 B

Edge => 0 B

Chrome => 191393633 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 7490 B

NetworkService => 11000 B

steve => 1059522 B

Hannah => 1782640 B

Gillian => 211840242 B

RecycleBin => 110552 B

EmptyTemp: => 429.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:05:10 ====

I switched off the PC and then back on and it did appear a bit quicker to get to a usable state

When I switched the power on it took 44 seconds to move from the Acer Logo to a black screen with Please wait on it for a minute and then my desktop appeared and i clicked on Google Browser and it took 1 min 15 seconds for the search box to load and a further 35 secs before it would let me type in the box - hope that makes sense ?

It does appear a bit faster than it was

#22
DR M

Posted Yesterday, 12:53 PM

The Grecian Geek

Malware Removal
4,174 posts

At this stage, considering the corruptions found and the computer's state, my suggestion is to go for an in-place upgrade. This will reinstall and update the operating system and fix any corruptions, without removing any file or program.

Go to Windows 11 website: https://www.microsof...wnload/windows11
Under Download Windows 11 Disk Image (ISO) select Windows 11 (multi-edition ISO)
Once done downloading the ISO, kindly right-click on ISO then click Mount> then Click Setup.exe
You may be prompted by User Account Control. If so, click on Yes.
In the Install Windows 11 dialog, click Next.
Setup will check your PC and show a license agreement. Click on Accept in the license terms dialog.
Wait for the setup program to check for the available free space.
On the Ready to install page, make sure Keep personal files and apps has been checked.
Then click Install and just follow the prompt.
Windows 11 will restart your device several times, and lead you to the lock screen. Depending on the options you set, it will keep all your files, apps, and user accounts.

#23
Steviep

Posted Yesterday, 02:21 PM

Member

Topic Starter
Member
354 posts

Hi Dr M,

I have downloaded the iso but when I right click on it there is no option which says Mount?

#24
DR M

Posted Yesterday, 02:23 PM

The Grecian Geek

Malware Removal
4,174 posts

You can also double click on the ISO to mount it.

#25
Steviep

Posted Yesterday, 02:28 PM

Member

Topic Starter
Member
354 posts

Sorry, got it, will report ack when done. Thanks again

#26
Steviep

Posted Today, 12:37 AM

Member

Topic Starter
Member
354 posts

Morning Dr M,

Completed the windows upgrade and did a couple of restarts

When I switched on I get the Acer screen then blank screens- took 1min 45, then got Please wait for 2 mins 20 until my log in screen came up, then took 1 min 20 for desktop to load and i then clicked on google search and took 1 mi 12 for search results to come up but now searches are instant

#27
DR M

Posted Today, 12:44 AM

The Grecian Geek

Malware Removal
4,174 posts

Make another restart and check what happens.

Let's see another set of FRST logs.

#28
Steviep

Posted Today, 01:07 AM

Member

Topic Starter
Member
354 posts

Hi Again,

Did another restartand got Acer screen, blank screen, please wait then sign in screen- took 1 min 58, signed in and desktop took 38 secs to load, clicked on Google browser and took 1 min 38 for results- then works normally.

Here are the new logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01

Ran by steven (administrator) on DESKTOP-T3QOQ8M (Acer Carlos) (10-05-2024 07:54:30)

Running from C:\Users\steve\Desktop\FRST64.exe

Loaded Profiles: steven

Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United Kingdom)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxEM.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(services.exe ->) (CLEVERFILES INC. -> CleverFiles) C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe

(services.exe ->) (Freemake) [File not signed] C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxCUIService.exe

(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHDCPSvc.exe

(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHeciSvc.exe

(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe

(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe

(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe

(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(services.exe ->) (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(services.exe ->) (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21888.0_x64__8wekyb3d8bbwe\HxTsr.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\Gillian\AppData\Local\WebEx\ciscowebexstart.exe [4524368 2021-07-09] (Cisco WebEx LLC -> Cisco Webex LLC)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Gillian\AppData\Local\Microsoft\Teams\Update.exe [2459280 2021-11-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [MicrosoftEdgeAutoLaunch_48384B2561019AB55907B5F47EEE2793] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKLM\...\Print\Monitors\EPSON XP-205 207 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMILE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)

HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [File not signed]

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\124.0.6367.156\Installer\chrmstp.exe [2024-05-09] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5CC0CF3A-06D7-4E03-A4CF-3340F57198A7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

Task: {A57E628C-F035-4822-9F08-B86702D0669A} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "9dac4439-e6f9-4785-9ff9-123e643f51d6" --version "6.23.11010" --silent

Task: {8A0C1B65-5EE5-44B6-907A-891CD267093C} - System32\Tasks\CCleanerSkipUAC - steven => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

Task: {A0EAF409-0596-4FA2-9F1A-1AF53A1AACD1} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5381288 2024-05-09] (Microsoft Windows -> Microsoft Corporation)

Task: {E5FC2B2C-7012-43E3-826E-A51D6D69FD46} - System32\Tasks\DashlaneUpgradeCheck => C:\WINDOWS\system32\net.exe [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

Task: {7B9D1478-F15C-46FB-AE8D-53EA04481FC7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{0F38F499-FEA7-498F-97F7-540E97C9CF93} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

Task: {32E448FD-2360-4740-B753-0608DE34EC79} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1741543102-3776721137-2454621359-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2171640 2024-05-07] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)

Task: {B367E369-CE61-47E3-8B3D-789BA26ECA7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {8C150CE0-B4C3-4072-AB4F-C8F41617CA50} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {AF6D2717-7927-497D-8746-C20B12031BE2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Task: {48312CF6-4646-4F67-BA50-7CBD7DDD1EF1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Task: {8F33B895-D57A-4AEB-91A2-E5B8AA9596AE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168488 2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)

Task: {60749C3D-268F-4140-AE8F-D0FBBECB711D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {E7625689-ADC1-456D-9ECF-21ED64B3FA7B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {099FEBAC-23E3-4CC4-857A-BC3FBA3EFBD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {ABCB7FB3-CA71-437F-B392-60E8D7DD7DF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {BF342BB0-ADA7-44F2-925B-A375009F6CEA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2018-08-03] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Tcpip\..\Interfaces\{47a49dfe-5532-4bd4-b40a-03730b7d6cd7}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-10]

Edge DownloadDir: Default -> C:\Users\steve\Downloads

Edge Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-11]

Edge Extension: (Edge relevant text changes) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-14]

FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-03-06] [Legacy] [not signed]

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2024-05-10]

CHR StartupUrls: Default -> "hxxp://google.co.uk/"

CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-05-07]

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-05-07]

CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-09]

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-05-07]

CHR Extension: (Adaware AdBlock) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2023-06-21]

CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17]

CHR Extension: (Browsing Protection by F-Secure) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2023-10-14]

CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-21]

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\System Profile [2024-05-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

R2 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [309128 2023-03-23] (CLEVERFILES INC. -> CleverFiles)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221280 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)

S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [74752 2021-07-14] (Freemake) [File not signed]

S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-08] (Malwarebytes Inc. -> Malwarebytes)

S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)

R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)

R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)

S4 StreamingCore; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [6788416 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WsaService; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2311.40000.5.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe [312832 2024-02-15] (Microsoft Corporation -> )

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218592 2024-05-09] (Microsoft Windows -> Microsoft Corporation)

R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181824 2019-12-27] (GENESYS LOGIC, INC. -> Genesys Logic)

S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1089512 2020-04-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)

R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [234856 2024-05-10] (Malwarebytes Inc. -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-05-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-05-10] (Malwarebytes Inc. -> Malwarebytes)

S3 MpKsld7ed2574; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42DDE77B-D2E6-41F8-B491-A79CF5EB9B42}\MpKslDrv.sys [271648 2024-05-10] (Microsoft Windows -> Microsoft Corporation)

R3 MpKslf391dcd1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42DDE77B-D2E6-41F8-B491-A79CF5EB9B42}\MpKslDrv.sys [271648 2024-05-10] (Microsoft Windows -> Microsoft Corporation)

R2 NDivert; C:\Program Files\NordVPN\7.23.2.0\Drivers\NDivert.sys [131472 2024-04-08] (nordvpn s.a. -> Nordvpn S.A.)

R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-10-14] (TEFINCOM S.A. -> TEFINCOM S.A.)

S0 ProtectedELAM; C:\WINDOWS\System32\drivers\protected_elam.sys [18912 2023-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> TODO: <Company name>)

R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [73464 2021-03-08] (Corel Corporation -> Corel Corporation)

R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [46392 2021-12-14] (Corel Corporation -> Corel Corporation)

R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [38200 2021-12-14] (Corel Corporation -> Corel Corporation)

R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [45880 2021-12-14] (Corel Corporation -> Corel Corporation)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

R2 StreamingFSD; C:\WINDOWS\System32\DRIVERS\StreamingFSD.sys [791288 2018-01-08] (Numecent, Inc. -> Numecent, Inc.)

R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)

S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2024-05-09] (Microsoft Windows -> )

R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-05-05] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-05-05] (Microsoft Windows -> Microsoft Corporation)

S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-10 07:48 - 2024-05-10 07:48 - 000234856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys

2024-05-10 07:48 - 2024-05-10 07:48 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2024-05-10 07:16 - 2024-05-10 07:16 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2024-05-10 07:12 - 2024-05-10 07:12 - 000000020 ___SH C:\Users\steve\ntuser.ini

2024-05-10 00:40 - 2024-05-10 07:51 - 000003508 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck

2024-05-10 00:40 - 2024-05-10 07:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2024-05-10 00:40 - 2024-05-10 00:41 - 000002954 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting

2024-05-10 00:40 - 2024-05-10 00:41 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1003

2024-05-10 00:40 - 2024-05-10 00:41 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1002

2024-05-10 00:40 - 2024-05-10 00:41 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1001

2024-05-10 00:40 - 2024-05-10 00:41 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask

2024-05-10 00:40 - 2024-05-10 00:41 - 000002256 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - steven

2024-05-10 00:40 - 2024-05-10 00:40 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application

2024-05-10 00:40 - 2024-05-10 00:40 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2024-05-10 00:40 - 2024-05-10 00:40 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2024-05-10 00:40 - 2024-05-10 00:40 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1003

2024-05-10 00:40 - 2024-05-10 00:40 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1002

2024-05-10 00:40 - 2024-05-10 00:40 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1001

2024-05-10 00:40 - 2024-05-10 00:40 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update

2024-05-10 00:40 - 2024-05-10 00:40 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime

2024-05-10 00:33 - 2024-05-10 00:40 - 000022863 _____ C:\WINDOWS\diagwrn.xml

2024-05-10 00:33 - 2024-05-10 00:40 - 000022863 _____ C:\WINDOWS\diagerr.xml

2024-05-10 00:29 - 2024-05-10 00:29 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network

2024-05-10 00:25 - 2024-05-10 07:32 - 000852164 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2024-05-10 00:18 - 2024-05-10 00:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2024-05-10 00:18 - 2024-05-10 00:18 - 000646496 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2024-05-10 00:17 - 2024-05-10 07:24 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK

2024-05-10 00:15 - 2024-05-10 00:41 - 000000000 ____D C:\Windows.old

2024-05-09 23:41 - 2024-05-10 00:16 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Crypto

2024-05-09 23:41 - 2024-05-09 23:41 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\SystemCertificates

2024-05-09 23:41 - 2024-05-09 23:41 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Network

2024-05-09 23:38 - 2024-05-10 00:16 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Crypto

2024-05-09 23:38 - 2024-05-09 23:38 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\SystemCertificates

2024-05-09 23:38 - 2024-05-09 23:38 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Network

2024-05-09 23:37 - 2024-05-10 00:16 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Crypto

2024-05-09 23:37 - 2024-05-09 23:37 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\SystemCertificates

2024-05-09 23:37 - 2024-05-09 23:37 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Network

2024-05-09 23:29 - 2024-05-10 00:15 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate

2024-05-09 23:25 - 2024-05-09 23:25 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\CLR Security Config

2024-05-09 23:24 - 2024-05-10 07:12 - 000000000 ____D C:\Users\steve

2024-05-09 23:24 - 2024-05-10 00:29 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows

2024-05-09 23:24 - 2024-05-10 00:29 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Windows

2024-05-09 23:24 - 2024-05-10 00:16 - 000000000 ____D C:\Users\Hannah

2024-05-09 23:24 - 2024-05-10 00:16 - 000000000 ____D C:\Users\Gillian

2024-05-09 23:24 - 2024-05-10 00:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Spelling

2024-05-09 23:24 - 2024-05-10 00:15 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Spelling

2024-05-09 23:24 - 2024-05-10 00:15 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Spelling

2024-05-09 23:24 - 2024-05-09 23:37 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Windows

2024-05-09 23:23 - 2024-05-09 23:23 - 000000000 ____D C:\WINDOWS\Firmware

2024-05-09 23:21 - 2024-05-09 23:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2024-05-09 23:12 - 2024-05-09 23:13 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs

2024-05-09 22:55 - 2024-05-09 22:55 - 000024320 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json

2024-05-09 22:51 - 2024-05-09 22:51 - 000024320 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json

2024-05-09 22:41 - 2024-05-09 22:41 - 000000000 ____D C:\Program Files\Reference Assemblies

2024-05-09 22:41 - 2024-05-09 22:41 - 000000000 ____D C:\Program Files\MSBuild

2024-05-09 22:41 - 2024-05-09 22:41 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies

2024-05-09 22:41 - 2024-05-09 22:41 - 000000000 ____D C:\Program Files (x86)\MSBuild

2024-05-09 22:40 - 2024-05-09 22:40 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp

2024-05-09 22:40 - 2024-05-09 22:40 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2024-05-09 22:40 - 2024-05-09 22:40 - 000000000 ____D C:\WINDOWS\addins

2024-05-09 22:17 - 2024-05-09 22:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff

2024-05-09 21:29 - 2024-05-10 07:12 - 000000000 ___DC C:\WINDOWS\Panther

2024-05-09 21:08 - 2024-05-09 21:15 - 2502727680 _____ C:\Users\steve\Downloads\Win11_23H2_EnglishInternational_x64v2.iso

2024-05-09 16:08 - 2024-05-09 17:05 - 000039510 _____ C:\Users\steve\Desktop\Fixlog.txt

2024-05-08 20:00 - 2024-05-08 20:00 - 000007883 _____ C:\Users\steve\Desktop\CrystalDiskInfo_20240508200044.txt

2024-05-08 19:30 - 2024-05-10 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo

2024-05-08 19:30 - 2024-05-08 19:30 - 000001832 _____ C:\Users\steve\Desktop\CrystalDiskInfo.lnk

2024-05-08 19:30 - 2024-05-08 19:30 - 000000000 ____D C:\Program Files\CrystalDiskInfo

2024-05-08 19:29 - 2024-05-08 19:29 - 005921600 _____ (Crystal Dew World ) C:\Users\steve\Desktop\CrystalDiskInfo9_3_0.exe

2024-05-08 19:26 - 2024-05-08 19:26 - 000197679 _____ C:\Users\steve\Downloads\ListChkdskResult (1).exe

2024-05-08 16:50 - 2024-05-08 19:27 - 000017186 _____ C:\Users\steve\Desktop\ListChkdskResult.txt

2024-05-08 16:49 - 2024-05-08 16:49 - 000197679 _____ C:\Users\steve\Desktop\ListChkdskResult.exe

2024-05-08 16:43 - 2024-05-08 16:46 - 000064759 _____ C:\Users\steve\Desktop\Addition.txt

2024-05-08 16:39 - 2024-05-10 07:56 - 000025724 _____ C:\Users\steve\Desktop\FRST.txt

2024-05-07 20:06 - 2024-05-07 20:06 - 008389496 _____ (ESET) C:\Users\steve\Desktop\esetonlinescanner.exe

2024-05-07 18:25 - 2024-05-07 18:25 - 008790880 _____ (Malwarebytes) C:\Users\steve\Desktop\adwcleaner(3).exe

2024-05-07 18:15 - 2024-05-07 18:15 - 008790880 _____ (Malwarebytes) C:\Users\steve\Desktop\adwcleaner(2).exe

2024-05-07 15:42 - 2024-05-07 18:16 - 000000000 ____D C:\AdwCleaner

2024-05-07 15:42 - 2024-05-07 15:42 - 008790880 _____ (Malwarebytes) C:\Users\steve\Desktop\adwcleaner(1).exe

2024-05-07 15:41 - 2024-05-07 15:41 - 008791352 _____ (Malwarebytes) C:\Users\steve\Desktop\AdwCleaner.exe

2024-05-07 15:03 - 2024-05-07 15:03 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2024-05-07 15:03 - 2024-05-07 15:03 - 000002085 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2024-05-07 15:02 - 2024-05-07 15:02 - 000000000 ____D C:\ProgramData\Malwarebytes

2024-05-07 15:00 - 2024-05-07 15:00 - 002589624 _____ (Malwarebytes) C:\Users\steve\Desktop\MBSetup.exe

2024-05-07 12:13 - 2024-05-07 12:13 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\SKYBOX

2024-05-05 16:10 - 2024-05-10 07:55 - 000000000 ____D C:\FRST

2024-05-05 16:08 - 2024-05-05 16:10 - 002394112 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe

2024-05-05 16:00 - 2024-05-05 16:00 - 000063936 _____ C:\WINDOWS\system32\lc.dat

2024-05-05 11:48 - 2024-05-05 11:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-10 07:55 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF

2024-05-10 07:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp

2024-05-10 07:52 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2024-05-10 07:48 - 2020-11-09 16:43 - 000012288 ___SH C:\DumpStack.log.tmp

2024-05-10 07:47 - 2022-05-07 06:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI

2024-05-10 07:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness

2024-05-10 07:33 - 2018-10-10 18:55 - 000000000 ____D C:\Users\steve\AppData\Local\Packages

2024-05-10 07:30 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog

2024-05-10 07:29 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate

2024-05-10 07:26 - 2023-06-11 11:49 - 000000000 ____D C:\Users\steve\AppData\LocalLow\IGDump

2024-05-10 07:13 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2024-05-10 07:13 - 2018-07-12 18:24 - 000000000 __RHD C:\Users\Public\AccountPictures

2024-05-10 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat

2024-05-10 00:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe

2024-05-10 00:40 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender

2024-05-10 00:32 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps

2024-05-10 00:32 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth

2024-05-10 00:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Media

2024-05-10 00:21 - 2020-01-10 19:16 - 000000000 __SHD C:\IntelOptaneData

2024-05-10 00:19 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template

2024-05-10 00:16 - 2024-02-27 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software

2024-05-10 00:16 - 2024-01-05 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management

2024-05-10 00:16 - 2023-08-16 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2

2024-05-10 00:16 - 2023-08-16 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer 2

2024-05-10 00:16 - 2023-08-16 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NX Studio

2024-05-10 00:16 - 2023-08-16 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon

2024-05-10 00:16 - 2023-07-31 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleverFiles Disk Drill (x64)

2024-05-10 00:16 - 2023-01-04 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SKYBOX

2024-05-10 00:16 - 2022-11-18 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake

2024-05-10 00:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2024-05-10 00:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc

2024-05-10 00:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated

2024-05-10 00:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool

2024-05-10 00:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF

2024-05-10 00:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData

2024-05-10 00:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState

2024-05-10 00:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2024-05-10 00:16 - 2022-03-13 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

2024-05-10 00:16 - 2021-12-20 18:44 - 000000000 ____D C:\WINDOWS\system32\Samsung

2024-05-10 00:16 - 2021-05-25 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7

2024-05-10 00:16 - 2021-02-21 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2024-05-10 00:16 - 2020-10-30 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec

2024-05-10 00:16 - 2019-11-14 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudpaging Player

2024-05-10 00:16 - 2019-11-14 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics

2024-05-10 00:16 - 2019-04-10 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

2024-05-10 00:16 - 2018-11-10 08:46 - 000000000 ____D C:\WINDOWS\system32\Intel

2024-05-10 00:16 - 2018-10-10 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2024-05-10 00:16 - 2018-10-10 21:45 - 000000000 ____D C:\WINDOWS\system32\MRT

2024-05-10 00:16 - 2018-10-10 17:43 - 000000000 ____D C:\WINDOWS\oem

2024-05-10 00:16 - 2018-07-12 19:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14

2024-05-10 00:16 - 2018-07-12 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2024-05-10 00:16 - 2018-07-12 18:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2024-05-10 00:16 - 2018-07-12 18:38 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles

2024-05-10 00:15 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2024-05-10 00:15 - 2021-03-09 19:26 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop App

2024-05-10 00:15 - 2021-03-02 13:59 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

2024-05-10 00:15 - 2021-01-24 17:46 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom

2024-05-10 00:15 - 2021-01-06 13:49 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NordSec

2024-05-10 00:15 - 2019-06-29 11:20 - 000000000 ____D C:\Program Files\UNP

2024-05-10 00:15 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc

2024-05-10 00:15 - 2018-07-12 18:26 - 000000000 ____D C:\Program Files\Intel

2024-05-10 00:12 - 2023-06-01 14:25 - 000000000 ____D C:\Users\steve\AppData\Local\Malwarebytes

2024-05-10 00:03 - 2018-10-10 20:49 - 000000000 ____D C:\Users\Gillian\AppData\Local\Packages

2024-05-10 00:01 - 2018-10-10 20:33 - 000000000 ____D C:\Users\Hannah\AppData\Local\Packages

2024-05-09 23:54 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup

2024-05-09 23:44 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Registration

2024-05-09 23:43 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries

2024-05-09 23:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Resources

2024-05-09 23:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Help

2024-05-09 23:29 - 2022-05-27 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty

2024-05-09 23:29 - 2021-03-03 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery

2024-05-09 23:27 - 2022-05-07 06:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows

2024-05-09 23:26 - 2022-11-18 23:42 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake

2024-05-09 23:15 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2024-05-09 23:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources

2024-05-09 23:12 - 2023-12-04 07:28 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView

2024-05-09 23:12 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\en-GB

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\et-EE

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\es-MX

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\DDFs

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\BrowserCore

2024-05-09 23:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr

2024-05-09 23:12 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing

2024-05-09 22:44 - 2023-12-04 07:22 - 000706032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000628200 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000628192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe

2024-05-09 22:44 - 2023-12-04 07:22 - 000517504 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvpci.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000439768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000406912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmscrub.exe

2024-05-09 22:44 - 2023-12-04 07:22 - 000378224 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmflexio.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000366056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe

2024-05-09 22:44 - 2023-12-04 07:22 - 000366048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmiccore.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000324992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000316904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmCrashDump.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000271728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys

2024-05-09 22:44 - 2023-12-04 07:22 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnsdiag.exe

2024-05-09 22:44 - 2023-12-04 07:22 - 000255464 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000218592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fse.sys

2024-05-09 22:44 - 2023-12-04 07:22 - 000185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys

2024-05-09 22:44 - 2023-12-04 07:22 - 000169456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvirtio.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpapi.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000144864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmhbmgmt.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000128368 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe

2024-05-09 22:44 - 2023-12-04 07:22 - 000094208 _____ C:\WINDOWS\system32\Drivers\vmbusproxy.sys

2024-05-09 22:44 - 2023-12-04 07:22 - 000087520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l2bridge.sys

2024-05-09 22:44 - 2023-12-04 07:22 - 000066928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys

2024-05-09 22:44 - 2023-12-04 07:22 - 000050656 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll

2024-05-09 22:44 - 2023-12-04 07:22 - 000046552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 006436208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmfirmware.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000509288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000361832 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000132456 _____ C:\WINDOWS\system32\secfw_AuthenticAMD.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000124240 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpevents.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000120160 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys

2024-05-09 22:44 - 2022-05-07 06:20 - 000075104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys

2024-05-09 22:44 - 2022-05-07 06:20 - 000066912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NvAgent.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000058704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hnswfpdriver.sys

2024-05-09 22:44 - 2022-05-07 06:20 - 000046888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000042344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000025960 _____ (Microsoft Corporation) C:\WINDOWS\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000025960 _____ (Microsoft Corporation) C:\WINDOWS\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000025952 _____ (Microsoft Corporation) C:\WINDOWS\system32\f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000025952 _____ (Microsoft Corporation) C:\WINDOWS\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000025952 _____ (Microsoft Corporation) C:\WINDOWS\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll

2024-05-09 22:44 - 2022-05-07 06:20 - 000006658 _____ C:\WINDOWS\system32\VmFirmwareHcl Third-Party Notices.txt

2024-05-09 22:44 - 2022-05-07 06:20 - 000006658 _____ C:\WINDOWS\system32\VmFirmware Third-Party Notices.txt

2024-05-09 22:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR

2024-05-09 22:37 - 2022-05-07 11:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2024-05-09 22:37 - 2022-05-07 11:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2024-05-09 22:37 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN

2024-05-09 22:37 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WCN

2024-05-09 22:37 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2024-05-09 22:37 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12

2024-05-09 22:37 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2024-05-09 22:37 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz

2024-05-09 22:37 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender

2024-05-09 21:01 - 2018-10-10 20:55 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2024-05-09 21:01 - 2018-10-10 20:55 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2024-05-09 17:46 - 2024-01-02 18:01 - 000000000 ____D C:\Users\Hannah\AppData\Local\Malwarebytes

2024-05-09 16:01 - 2023-06-11 12:42 - 000000000 ____D C:\Users\Gillian\AppData\Local\Malwarebytes

2024-05-09 15:58 - 2020-11-09 15:01 - 000002435 _____ C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2024-05-09 15:51 - 2020-09-13 11:46 - 000000000 ____D C:\Users\Hannah\AppData\Local\D3DSCache

2024-05-09 15:51 - 2018-10-10 20:33 - 000000000 __SHD C:\Users\Hannah\IntelGraphicsProfiles

2024-05-09 15:46 - 2018-10-10 20:49 - 000000000 __SHD C:\Users\Gillian\IntelGraphicsProfiles

2024-05-08 15:34 - 2020-10-30 16:03 - 000000000 ____D C:\Program Files\NordVPN

2024-05-08 14:53 - 2022-10-24 17:07 - 000000000 ____D C:\Users\steve\AppData\Local\ESET

2024-05-07 15:02 - 2020-01-09 22:26 - 000000000 ____D C:\Program Files\Malwarebytes

2024-05-07 14:55 - 2018-10-10 22:17 - 000000000 ____D C:\ProgramData\Packages

2024-05-07 14:41 - 2022-01-06 10:51 - 000000000 ____D C:\Users\Gillian\AppData\Local\CrashDumps

2024-05-07 10:04 - 2018-10-23 21:09 - 000000000 ____D C:\Users\steve\AppData\Local\D3DSCache

2024-05-07 07:42 - 2020-07-04 13:21 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2024-05-07 07:42 - 2020-07-04 13:21 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2024-05-05 16:10 - 2022-10-25 15:01 - 000000000 ____D C:\Users\steve\AppData\Roaming\calibre

2024-05-05 16:09 - 2022-10-25 15:01 - 000000000 ____D C:\Users\steve\Calibre Library

2024-05-05 15:58 - 2018-10-10 22:43 - 000000000 ____D C:\Users\steve\AppData\Local\CrashDumps

2024-05-05 15:52 - 2021-02-21 15:25 - 000000000 ____D C:\Program Files\CCleaner

2024-05-05 15:13 - 2022-10-08 20:44 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job

2024-05-05 13:06 - 2018-10-14 10:38 - 000000000 ____D C:\Users\steve\AppData\Local\ElevatedDiagnostics

2024-05-05 13:01 - 2018-10-10 21:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2024-05-05 12:44 - 2018-10-10 19:43 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Word

2024-05-05 12:36 - 2021-05-13 12:22 - 000002432 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2024-05-05 11:54 - 2018-10-10 21:45 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2024-05-05 11:51 - 2018-10-10 19:30 - 000000000 ____D C:\Program Files\Microsoft Office

2024-05-05 11:01 - 2023-07-13 10:42 - 000000443 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics

2024-05-05 10:54 - 2018-10-10 20:54 - 000000000 ____D C:\Program Files (x86)\Google

2024-05-05 10:50 - 2020-10-30 16:03 - 000000000 ____D C:\ProgramData\NordVPN

2024-05-05 10:49 - 2022-03-07 15:36 - 000000000 ____D C:\Program Files\NordUpdater

==================== Files in the root of some directories ========

2022-03-30 13:23 - 2022-03-30 13:23 - 020987948 _____ () C:\Users\steve\AppData\Local\004_Gift_To_Be_Simple.mid-compiled.wav

2022-03-30 13:24 - 2022-03-30 13:24 - 024735788 _____ () C:\Users\steve\AppData\Local\006_Smithwicks_Tavern.mid-compiled.wav

2022-03-30 13:23 - 2022-03-30 13:23 - 009547820 _____ () C:\Users\steve\AppData\Local\105_Ambient_High_Energy.mid-compiled.wav

2022-03-30 13:23 - 2022-03-30 13:23 - 033538092 _____ () C:\Users\steve\AppData\Local\106_Sweetly_Remembering.mid-compiled.wav

2022-03-30 16:52 - 2022-03-30 17:08 - 010846252 _____ () C:\Users\steve\AppData\Local\119_Club_Med.mid-compiled.wav

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01

Ran by steven (10-05-2024 07:59:09)

Running from C:\Users\steve\Desktop

Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2024-05-09 23:41:44)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1741543102-3776721137-2454621359-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1741543102-3776721137-2454621359-503 - Limited - Disabled)

Gillian (S-1-5-21-1741543102-3776721137-2454621359-1003 - Limited - Enabled) => C:\Users\Gillian

Guest (S-1-5-21-1741543102-3776721137-2454621359-501 - Limited - Disabled)

Hannah (S-1-5-21-1741543102-3776721137-2454621359-1002 - Limited - Enabled) => C:\Users\Hannah

steven (S-1-5-21-1741543102-3776721137-2454621359-1001 - Administrator - Enabled) => C:\Users\steve

WDAGUtilityAccount (S-1-5-21-1741543102-3776721137-2454621359-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)

Amazon Appstore (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\com.amazon.venezia) (Version: release-60.21.1.0.210058.0_639010 - amazon.com)

Amazon Photos (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Amazon Photos) (Version: 8.8.0 - Amazon.com, Inc.)

App Explorer (HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\Host App Service) (Version: 0.273.3.707 - SweetLabs) <==== ATTENTION

Avanquest Message (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.16.0 - Avanquest Software)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

calibre 64bit (HKLM\...\{0269E9B3-B0A8-4849-9D2A-1090C32982DF}) (Version: 7.3.0 - Kovid Goyal)

CCleaner (HKLM\...\CCleaner) (Version: 6.23 - Piriform)

Cisco Webex Meetings (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\ActiveTouchMeetingClient) (Version: 41.7.4 - Cisco Webex LLC)

Cloudpaging Player (HKLM\...\{23F6FB7C-C1E2-491B-91A1-0441D5191BC7}) (Version: 9.0.4.21424 - Numecent, Inc.)

Corel PaintShop Pro X7 (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)

Corel PaintShop Pro X7 (HKLM-x32\...\{17196252-8555-4E35-9C06-F743143D76D4}) (Version: 17.0.0.199 - Corel Corporation) Hidden

CrystalDiskInfo 8.17.8 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.8 - Crystal Dew World)

CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8216.01 - CyberLink Corp.)

CyberLink Shape Transitions Pack (HKLM-x32\...\{A49D8AB7-695A-4D72-BACB-A406008387BF}) (Version: 1.0 - CyberLink Corp.)

Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)

Disk Drill 5.3.826.0 (HKLM-x32\...\{49b90425-d03c-4b56-b8ba-0ccd425f5863}) (Version: 5.3.826.0 - CleverFiles)

Disk Drill 5.3.826.0 (x64) (HKLM\...\{219D8DEC-A93F-4A90-866B-20B5B37DAE94}) (Version: 5.3.826.0 - CleverFiles) Hidden

Distortion Control Data (HKLM-x32\...\{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.7 - Seiko Epson Corporation)

Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)

EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)

EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

Freemake Music Box (HKLM-x32\...\Freemake Music Box_is1) (Version: 1.0.8 - Ellora Assets Corporation)

Freemake Video Converter version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.156 - Google LLC)

IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp)

ICA (HKLM-x32\...\{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden

Intel® Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{B4F59074-915E-4DFE-BFD6-1B415B37AE2F}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{ED204DD8-2982-4B22-B077-0F70024D5FEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Driver (HKLM\...\{4B1DEC5C-ED0A-4DD1-ADB2-FD1117FF94D7}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{64A94A93-B0C4-4B16-8CDC-FDB06E8CC306}) (Version: 16.0.2.1086 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.40.0 - Intel Corporation)

Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{18ec79fd-8f83-4e12-bfa5-80c9872cc56b}) (Version: 20.40.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{F70E0149-0BD0-4933-ADD0-1DC74D8F513B}) (Version: 20.40.0.1365 - Intel Corporation) Hidden

IPM_PSP_COM (HKLM-x32\...\{174F9DF8-AC60-486A-8FF4-A22831D48E0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden

IPM_PSP_COM64 (HKLM\...\{17704FA2-B1D2-4D5C-A23D-BDA0D2BC9CC7}) (Version: 17.0.0.199 - Corel Corporation) Hidden

iPod Support (HKLM\...\{57D75376-1F31-4182-8EC8-31A6785ABF29}) (Version: 120.7.3.55 - Apple Inc.)

iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)

Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)

Microsoft .NET Host - 6.0.23 (x64) (HKLM\...\{1870DD0E-1583-44FF-8265-A9D1692CD89C}) (Version: 48.92.2594 - Microsoft Corporation) Hidden

Microsoft .NET Host - 7.0.8 (x64) (HKLM\...\{19FCE07F-2A75-44AC-9EA5-8E29FE2F8DBE}) (Version: 56.35.63143 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 6.0.23 (x64) (HKLM\...\{995CC82C-E3E8-4BB5-9AB8-2B95C611D59D}) (Version: 48.92.2594 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 7.0.8 (x64) (HKLM\...\{174E0D7C-F2C9-49A2-83FB-95A0FE6FA023}) (Version: 56.35.63143 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 6.0.23 (x64) (HKLM\...\{7C0437DA-6703-47F1-A116-CD138B0768AD}) (Version: 48.92.2594 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 7.0.8 (x64) (HKLM\...\{B45C77BA-0B4E-4FBB-99B9-9774ECBE20AA}) (Version: 56.35.63143 - Microsoft Corporation) Hidden

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.80 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.80 - Microsoft Corporation)

Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\OneDriveSetup.exe) (Version: 24.070.0407.0003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\OneDriveSetup.exe) (Version: 24.076.0414.0005 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)

Microsoft Teams (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Teams) (Version: 1.4.00.29469 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)

Microsoft VC++ redistributables repacked. (HKLM\...\{9F513024-FFAD-4466-8CF0-5348389196B8}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft VC++ redistributables repacked. (HKLM-x32\...\{C521A8D8-511F-43DF-B789-7DD0B3F7363B}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)

Microsoft Visual C++ 2019 X86 Additional Runtime - 14.26.28720 (HKLM-x32\...\{2F69FB2B-2C48-491C-B249-22C1BDCE1117}) (Version: 14.26.28720 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.26.28720 (HKLM-x32\...\{31C9EB3A-5F0C-49E7-8E6C-D404E48F433D}) (Version: 14.26.28720 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.23 (x64) (HKLM\...\{AA393199-374C-4AD1-9245-6CBB254D8146}) (Version: 48.92.2594 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.23 (x64) (HKLM-x32\...\{fbe8ac13-7063-40e6-81dd-7ddcc3781ecd}) (Version: 6.0.23.32930 - Microsoft Corporation)

Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM\...\{3133BC55-90BD-4B87-82A2-6670B3CAFB81}) (Version: 56.35.63153 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM-x32\...\{d260fcb6-95b8-4c81-8e07-ce75876ffca2}) (Version: 7.0.8.32619 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden

MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)

Nero SharedVideoCodecs (HKLM-x32\...\{2432E589-6256-4513-B0BF-EFA8E325D5F0}) (Version: 1.0.19014 - Nero AG) Hidden

Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.4.1 - Nikon Corporation)

Nikon Transfer 2 (HKLM-x32\...\{3FC564E4-C8EA-4887-AEF3-268962172514}) (Version: 2.17.0 - Nikon Corporation)

NordPass (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\285d85e1-fc76-5a0e-ba2d-20241a7fe9d2) (Version: 2.15.11 - NordPass Team)

NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.4.1 - Nord Security)

NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.23.2.0 - Nord Security)

NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)

NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)

NX Studio (HKLM\...\{2857A646-0456-40E7-ABE7-99787C915705}) (Version: 1.4.1 - Nikon Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20176 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden

Peugeot Update 1.4.0 (HKLM\...\46cf01d6-a405-5b47-a44f-4dd61ad5f7c2) (Version: 1.4.0 - PSA Automobiles SA)

PSPPContent (HKLM-x32\...\{17289BF4-5826-447B-A20A-738044D0B3E5}) (Version: 17.0.0.199 - Corel Corporation) Hidden

PSPPHelp (HKLM-x32\...\{1735F0DE-B173-4116-BABC-653A12FB9238}) (Version: 17.0.0.199 - Corel Corporation) Hidden

PSPPro64 (HKLM\...\{17511557-C430-486A-AB5A-87A8134B2613}) (Version: 17.0.0.199 - Corel Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)

Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)

Setup (HKLM-x32\...\{17088A4E-3CF3-4F12-926D-2A9E8085B8EC}) (Version: 17.0.0.199 - Corel Corporation) Hidden

SKYBOX (HKLM\...\SKYBOX) (Version: 1.0.0.0 - SKYBOX Team)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-6) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-7) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-8) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden

WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)

Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)

Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

WinX HD Video Converter Deluxe 5.6.0 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)

Zoom (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)

Packages:

=========

Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-10-21] (Acer Incorporated)

Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 [2024-05-08] (Acer Incorporated)

Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-04] (AMZN Mobile LLC.) [Startup Task]

Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1300.477.0_x64__8wekyb3d8bbwe [2024-05-10] (Microsoft Corporation)

Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.86.8.0_x64__q4d96b2w5wcc2 [2024-05-09] (Evernote) [Startup Task]

Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-02-19] (Meta)

Facebook -> C:\Program Files\WindowsApps\www.facebook.com-1C2D851A_2023.531.1.1_neutral__n468xs7erp6tc [2024-02-19] (www.facebook.com)

iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-09] (Apple Inc.) [Startup Task]

Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt [2024-05-07] (Meta) [Startup Task]

Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]

Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-01-02] (Microsoft Corp.)

Microsoft.HEVCVideoExtensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-09] (Microsoft Corporation)

Microsoft.LegacyPhotosAdd-on -> C:\Program Files\WindowsApps\Microsoft.LegacyPhotosAdd-on_2022.2206.0.0_x64__8wekyb3d8bbwe [2023-01-09] (Microsoft Corporation)

Microsoft.LegacyPhotosMediaEngineAdd-on -> C:\Program Files\WindowsApps\Microsoft.LegacyPhotosMediaEngineAdd-on_2022.2206.0.0_x64__8wekyb3d8bbwe [2023-01-09] (Microsoft Corporation)

Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-16] (Microsoft Corporation)

Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-05-09] (Microsoft Corporation)

MicrosoftWindows.Client.FileExp -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-05-10] (Microsoft Corporation)

MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24041.34.0_x64__cw5n1h2txyewy [2024-05-08] (Microsoft Windows) [Startup Task]

Movie Maker - Video Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.7.4.0_x64__bzg06mxvgh4fa [2024-05-05] (V3TApps)

PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2021-12-22] (CYBERLINK COM CORP)

Photos Legacy -> C:\Program Files\WindowsApps\Microsoft.PhotosLegacy_2024.11040.10002.0_x64__8wekyb3d8bbwe [2024-05-08] (Microsoft Corporation)

PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2022-01-19] (CYBERLINK COM CORP)

QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3001.0_x64__48frkmn4z8aw4 [2022-11-14] (Acer Incorporated)

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-07-07] (Realtek Semiconductor Corp)

Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_4.13.17.0_x64__3c1yjt4zspk6g [2024-02-14] (Samsung Electronics Co. Ltd.)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0 [2024-05-08] (Spotify AB) [Startup Task]

Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2022-11-14] (Ryan Tremblay) [MS Ad]

Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-05-08] (Microsoft Windows)

Windows Subsystem for Android™ -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2311.40000.5.0_x64__8wekyb3d8bbwe [2024-05-10] (Microsoft Corp.) [Startup Task]

Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_2.0.4.0_x86__1crh1k73ty8mg [2020-06-10] (Media Life)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)

CustomCLSID: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001_Classes\CLSID\{56512e36-c98f-d8d5-43c6-669ea60c4c0b}\localserver32 -> C:\Program Files\CleverFiles\Disk Drill\DD.exe (CLEVERFILES INC. -> 508 Software, LLC)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-07] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxDTCM.dll [2018-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-07] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\steve\Desktop\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg

ShortcutWithArgument: C:\Users\steve\Desktop\Steven - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

ShortcutWithArgument: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg

ShortcutWithArgument: C:\Users\steve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Stevie - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) =============

2018-12-03 22:19 - 2018-12-03 22:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll

2019-03-06 22:45 - 2007-09-18 17:44 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBIPDev.dll

2019-03-06 22:45 - 2007-09-10 16:03 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBLPBidiDev.dll

2019-03-06 22:45 - 2006-12-26 15:58 - 000233544 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBMSDev.dll

2019-03-06 22:45 - 2004-11-17 17:56 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBNWDev.dll

2019-03-06 22:45 - 2007-09-10 16:32 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBRSVC.dll

2019-03-06 22:45 - 2006-08-30 02:02 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll

2019-03-06 22:27 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

2019-03-06 22:27 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\sharepoint.com -> hxxps://strath-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2023-07-13 10:42 - 2024-05-05 11:01 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

172.27.128.1 DESKTOP-T3QOQ8M.mshome.net # 2029 5 5 4 10 1 35 900

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files\dotnet\;C:\Program Files\Calibre2\

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\steve\Pictures\Photos from S20\20200924_213048.jpg

HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Gillian\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\newyo.jpg

DNS Servers: 194.168.4.100 - 194.168.8.100

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

Network Binding:

=============

Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)

WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3

MSCONFIG\Services: Intel® TPM Provisioning Service => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: jhi_service => 2

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: MyEpson Portal Service => 2

MSCONFIG\Services: MyWiFiDHCPDNS => 3

MSCONFIG\Services: NAUpdate => 2

MSCONFIG\Services: NeroBackItUpBackgroundService2018 => 2

MSCONFIG\Services: QASvc => 3

MSCONFIG\Services: RegSrvc => 2

MSCONFIG\Services: RstMwService => 2

MSCONFIG\Services: RtkAudioUniversalService => 2

MSCONFIG\Services: StreamingCore => 2

MSCONFIG\Services: UEIPSvc => 3

MSCONFIG\Services: ZeroConfigService => 2

HKLM\...\StartupApproved\Run: => "RtkAudUService"

HKLM\...\StartupApproved\Run: => "IAStorIcon"

HKLM\...\StartupApproved\Run: => "Endeavors Technologies JukeboxPlayer"

HKLM\...\StartupApproved\Run32: => "Nero BackItUp"

HKLM\...\StartupApproved\Run32: => "EaseUS FixTool"

HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"

HKLM\...\StartupApproved\Run32: => "CAMTray"

HKLM\...\StartupApproved\Run32: => "DriveSpan"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "NordVPN"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "electron.app.NordPass"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPSDNMON"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "Avanquest Message"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "Amazon Photos"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{550D8F38-00DF-48E4-B360-185AB4605A00}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{A9709B81-5AA2-4468-8AF0-E75F8D0F388C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{8F0C2453-02C1-4101-9DFA-CA2F43926598}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{F53620E7-7B05-471B-B6A4-2B5B9AC5244F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{4FCD8D99-53E0-4DC2-903B-C6426330434A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{B3AE7351-F18D-4146-A1E9-B0056FB943E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{DEE624F7-3CC2-4CB2-8D01-AF05E049E050}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{DC6505CC-47F3-4BDF-BAD6-DCC04C04BD47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{7D62DFB5-91C6-4E29-B1F8-324D4B9403B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{CD6EDD1E-E0B5-4290-BAAD-03FE034A5FE6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{C46D55B7-0269-4B16-9D1A-963486D90B89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{196C2B4B-E04E-4379-A71A-8387CB138E01}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{69D4E43E-97B1-4DE6-94D2-58228D936C3A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{5BE05F8F-DD24-4CDD-B006-E80DC7FC74D9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{37EB7A35-B468-4463-B3AE-48B575EC906C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{52F89E3B-D192-4906-AF3F-E0F9DA5107FC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{8FCCFFC1-546D-46B0-BAE6-23C24C2653CE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{BDB9A1A5-7AFD-4807-9A6C-1019FC15188F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{5756E0DD-9A63-4C00-B4AF-2AFD74A1C392}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2311.40000.5.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe (Microsoft Corporation -> )

FirewallRules: [{9FA0A97A-416D-4C55-83A5-85D57BD552FA}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E72B7B2C-916C-4BE1-A2A2-0AC54E69B4CC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{65AE6FC3-31B2-4A1E-95E3-5DF8F563D540}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

FirewallRules: [{756BD03C-ADCD-44A4-A51F-74EF8CA87535}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

FirewallRules: [{862264D6-8207-4058-9A37-0E6FB0BF40AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

FirewallRules: [{C76FDE58-7DD2-4B40-9E36-A65FB99AC5FB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

FirewallRules: [{1F6007C5-90DF-4865-91C7-80FC8F034DD0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File

FirewallRules: [{AD78B310-82A7-4F55-9E1A-1F2AA542DB9F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File

FirewallRules: [{8137CBA0-B653-4A63-BFA6-DEC9AA9CCF11}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File

FirewallRules: [{EA8494E9-78FE-4949-976F-BE6A3FD37724}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File

FirewallRules: [{56D33FD8-594B-43B4-9C69-B6B50320D3F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{E5D0D6B2-7594-48A0-93F3-14BFC4369789}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{5CCC6300-7F0F-4950-AE6C-D96A36CC8E61}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{AF2EC385-4628-4C90-A140-5184E0A3C52B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{C027F577-66DD-402C-8F97-ADDE7CF8505B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{58C907D2-6B90-4282-9ABA-362F4AF64A56}] => (Block) C:\program files\skybox\skybox.exe (Beijing Zixiong Information Technology Co., Ltd. -> )

FirewallRules: [{03B62D2C-A904-4DC9-8446-2EC2851AA1D2}] => (Block) C:\program files\skybox\skybox.exe (Beijing Zixiong Information Technology Co., Ltd. -> )

FirewallRules: [UDP Query User{7D96304F-0400-4A6F-AFCF-83BAAE51461F}C:\program files\skybox\skybox.exe] => (Allow) C:\program files\skybox\skybox.exe (Beijing Zixiong Information Technology Co., Ltd. -> )

FirewallRules: [TCP Query User{9F00A981-A34E-4B80-921F-EF6348710D0F}C:\program files\skybox\skybox.exe] => (Allow) C:\program files\skybox\skybox.exe (Beijing Zixiong Information Technology Co., Ltd. -> )

FirewallRules: [UDP Query User{F5079F31-EED9-4BDC-95EF-AD1FBD2D6E39}C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{20BBCE53-FDDF-4432-9439-48EB3077AA00}C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [UDP Query User{46FECE41-9EA8-4721-AEB5-6B713875FF5D}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Allow) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]

FirewallRules: [TCP Query User{E64876CA-64B4-4268-981B-7174EC1A856D}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Allow) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]

FirewallRules: [UDP Query User{636FC029-9E9F-4501-AA25-856A109525D5}C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [TCP Query User{264C95F6-A57E-4E55-AF24-917262811A57}C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [UDP Query User{696A3737-CC6F-46FB-9216-570CEB929772}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]

FirewallRules: [TCP Query User{1D3B44E5-7570-4F13-B04C-111E72D6FC1E}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]

FirewallRules: [{38919211-491A-4399-942E-8B30C4EA6645}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{A16E47A8-211F-4C36-8DA0-694CCD4A95CB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{95236E62-7ACB-4C8D-8E14-7BAE7CD20548}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{F01C3573-9E22-458A-91CE-5DB8F87466B3}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{972566EC-13CB-4389-975F-449D3598E771}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{762E09DF-D209-4C13-A0E4-3B1D507301E2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{4C5CAB28-7A10-4992-B0C9-70236A8C60A9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{17D38086-9743-4EDF-A691-D604CA563BF2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{3E19D774-3AD9-40E7-8A57-3EC857B324B6}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{D8CD1526-D62D-4560-B9BE-5C7DD465AF66}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{1FF9056C-18B8-4C4C-9D20-C003728090EE}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{A784AB41-9E8F-46F0-9E57-AF1311F23631}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{923C6F2D-B29D-4895-BFA1-48EB43990A10}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{B0AB877D-0BC9-4591-95DF-99105791A82B}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{C4B06792-EBC8-4B07-9AED-66B147D119DC}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{8EBD3890-585B-4E72-A392-F0248E6A25D5}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{F7769D7A-AE6B-45E3-B473-81F59F1CF973}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{D43775B1-7D82-4961-B564-BAD29245AD03}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{D4AA9B30-D49F-40AB-B4D0-6972C69BA846}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{71B9035B-6E96-481F-B4D0-8879D188A65E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{7C5949E0-929E-4D54-A026-E04F2F4BE8C4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{E2924F25-34C0-4626-A9C9-19DA4B24F666}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{09EC6237-0455-4632-A697-D4D68AA27CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)

FirewallRules: [{FCBA071B-62BB-4133-A9A7-D361BFA1A0BB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)

FirewallRules: [{9722F32B-89D4-46D9-8C3B-E2337F9B9FA0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel® Wireless Connectivity Solutions -> )

FirewallRules: [{5EEB7081-F60A-45BE-ADF0-2E30DBC8AD5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{78BB51ED-5D88-48F8-817C-06FBDE65EAA0}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [UDP Query User{66B4C281-1F99-4970-84B4-25F781A17D8E}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{EC059BCF-5AFE-4F22-84C2-A1682F465CBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{6BD7DCFE-22AF-4891-8DCE-19CD07655E8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{97146C7B-99B4-437A-AC64-7101B5A4C313}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{421624A7-B80E-4380-97CB-48E6E6DB94CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [TCP Query User{E5F53477-DD35-4C1A-AC5D-1EA8805EDE0D}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [UDP Query User{D4AEB729-00CE-4595-8782-6186AFD67E91}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:465.19 GB) (Free:227.14 GB) (49%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================