Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

startupchecklibrary.dll & winscomrssrv.dll errors

Started by Fyrewind , Dec 19 2020 02:36 PM
windows 10 dll error

  • Please log in to reply

#1
Fyrewind
Posted 19 December 2020 - 02:36 PM

Fyrewind

    New Member

  • Member
  • Pip
  • 5 posts

Okay so did an update the other day using the windows update assistant. For some reason windows update has been sporadic in functioning the last couple of weeks.

Anyway I now get both of these error popups after a restart.

There was a problem starting startupchecklibrary.dll - the specified module could not be found

There was a problem starting winscomrssrv.dll - the specified module could not be found

Any advice on how to remedy this would be really appreciated.

Thanks in advance...

 

Attached Thumbnails

  • Error messages 2020-12-19 123926.png

Attached Files


  • 0

Advertisements

#2
Fyrewind
Posted 19 December 2020 - 02:45 PM

Fyrewind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I've run the following, in the hopes of a quick solution as this has worked with other issues before:
 
SFC /scannow 
dism.exe /online /cleanup-image /scanhealth
dism.exe /online /cleanup-image /restorehealth
dism.exe /online /cleanup-image /startcomponentcleanup
 
all have been run in an admin command prompt.
But the errors still appear.

Edited by Fyrewind, 19 December 2020 - 02:46 PM.

  • 0

#3
RKinner
Posted 20 December 2020 - 10:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP

You answered your own post so took your post out of the list of posts with no replies which is what we usually look at to see what posts are outstanding.

 

Luckily I am bored so I checked the malware forum itself for unanswered posts and found your posts.

 

The two errors you get are caused by a Microsoft mistake.  There are two tasks that should have been removed but weren't even tho the files they point to were removed.  We can remove them with a fixlist along with two other suspicious tasks that FRST flagged.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   1.89KB   403 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Did you install anydesk for a reason? 


 


  • 0

#4
Fyrewind
Posted 20 December 2020 - 12:20 PM

Fyrewind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Yes Anydesk is one of the tools I use for work. I remote trouble shoot basic user issues at our other offices. And I use it for working from home as well.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by kevin (20-12-2020 11:17:37)
Running from D:\Desktop
Windows 10 Home Version 20H2 19042.685 (X64) (2020-12-16 22:19:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1594935762-1857880304-426175554-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1594935762-1857880304-426175554-503 - Limited - Disabled)
Guest (S-1-5-21-1594935762-1857880304-426175554-501 - Limited - Disabled)
kevin (S-1-5-21-1594935762-1857880304-426175554-1001 - Administrator - Enabled) => C:\Users\kevin
WDAGUtilityAccount (S-1-5-21-1594935762-1857880304-426175554-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2021 (HKLM-x32\...\PSE_19_0) (Version: 19.0 - Adobe Inc.)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Adobe Spark (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\0912fe44b191ae5b4e461fcb229de8a1) (Version: 1.0 - Adobe Spark)
AIDA64 Extreme v6.25 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.25 - FinalWire Ltd.)
Amazon Kindle (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
Amazon Music (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Amazon Music) (Version: 7.12.0.2203 - Amazon.com Services LLC)
Amazon Photos (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Photos) (Version: 7.6.2 - Amazon.com, Inc.)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.1.250 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{16BA964D-698D-4663-8FA7-B9613DA7958B}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.1.0 - philandro Software GmbH)
AnyDesk MSI (HKLM-x32\...\{62853EBF-E9DD-4AA5-B20A-5A6C3DD74FF3}) (Version: 6.0.7 - philandro Software GmbH)
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.1.0.17816 - Perfect World Entertainment)
Autodesk Fusion 360 (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.8609 - Autodesk, Inc.)
AutoHotkey 1.1.33.02 (HKLM\...\AutoHotkey) (Version: 1.1.33.02 - Lexikos)
Backup and Sync from Google (HKLM\...\{3A8CD593-8CF9-45B4-9932-FC41CBC14E15}) (Version: 3.53.3404.7585 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{0185ADA8-A025-46A7-8A5C-7F5C2C000CC5}) (Version: 4.21.0 - Kovid Goyal)
Canon CanoScan LiDE 120 On-screen Manual (HKLM-x32\...\Canon CanoScan LiDE 120 On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.11.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CanoScan LiDE 120 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2415) (Version: 1.02 - Canon Inc.)
Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 65.0.2.15 - COMODO)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.7 - Ursa Minor Ltd)
CORSAIR iCUE Software (HKLM-x32\...\{F59B42DC-B192-409E-A0B9-79BB6D37A5F5}) (Version: 3.34.170 - Corsair)
CPUID HWMonitor 1.42 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.42 - CPUID, Inc.)
Customer Support (HKLM-x32\...\{B33D89E4-FB43-6749-447E-2E469AC9EB5B}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Disney+ _ Movies and Shows (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\b8fe3528afee2da2f3924cab8c6eeb69) (Version: 1.0 - Disney+ _ Movies and Shows)
EaseUS Partition Master 13.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Elevated Installer (HKLM-x32\...\{877496C2-70B0-42F1-835A-FAFE2CF0199C}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden
EU Waste Recycling Information (HKLM-x32\...\{42DF7152-0B7D-7917-4633-94E00C7BE684}) (Version: 1.0.0.0 - Lexmark International, Inc.)
FastStone Photo Resizer 4.3 (HKLM-x32\...\FastStone Photo Resizer) (Version: 4.3 - FastStone Soft.)
Fire Toolbox V9.1 version   (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{63274841-9C5F-4B30-B181-AECE757BB62C}_is1) (Version:   - Datastream)
Garmin Express (HKLM-x32\...\{235f2ee5-7383-44df-a298-01221caa5532}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E944FA32-8BCF-474F-BFB2-D1EF24555873}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Information Center (HKLM-x32\...\{851828ED-8353-E017-70EE-BF284CE2B799}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel® Corporation) Hidden
Intel® USB 3.1 Device Driver (HKLM\...\{7DFE2F7E-3154-45D6-A468-4725DE033AC8}) (Version: 15.2.30.250 - Intel Corporation)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{79951B67-3DC8-45DF-A516-86F89DA95924}) (Version: 12.11.0.26 - Apple Inc.)
JPEGminiPro (HKLM-x32\...\{562DB2AC-3EBD-4D8F-882C-DB19FECA7AE5}) (Version: 2.1.1.1 - Beamr Imaging Ltd)
Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks)
Lexmark Network Twain Scan Driver (HKLM-x32\...\{3376919A-5F1D-4383-4E76-11B5CDBA1069}) (Version: 1.21.169.0 - Lexmark International, Inc.)
Lexmark Printer Software G4 HBP Print Driver (HKLM\...\{8882B0EE-907E-44AA-9756-BF0B3AF051FA}) (Version: 4.2.0.0 - Lexmark International, Inc.)
Lexmark Printer Software G4 Scan Driver (HKLM\...\{A1229F7D-4CDB-6C36-09BB-017B230DB998}) (Version: 4.2.0.0 - Lexmark International, Inc.)
Lexmark Status Center (HKLM-x32\...\{C81FE7E1-4FDF-43C6-ACB6-53CB40EA1B88}) (Version: 2.5.59.0 - Lexmark International, Inc.)
Lexmark USB Bidi Solution (HKLM\...\{4C0B7166-C37D-434B-88A5-56D55F240448}) (Version: 1.3.64.0 - Lexmark International, Inc.)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.5.0 - LG Electronics)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Messenger 81.6.118 (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 81.6.118 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Beta (HKLM-x32\...\Microsoft Edge Beta) (Version: 88.0.705.22 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MSI Kombustor 4.1.7.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version:  - MSI / Geeks3D)
mydlink services plugin (HKLM-x32\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NoxPlayer (HKLM-x32\...\Nox) (Version: 6.6.1.5 - Duodian Technology Co. Ltd.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 457.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Postbox 7.0.42 (x86 en-US) (HKLM-x32\...\Postbox 7.0.42 (x86 en-US)) (Version: 7.0.42 - Postbox, Inc.)
PuTTY release 0.74 (64-bit) (HKLM\...\{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 - Simon Tatham)
qBittorrent 4.2.3 (HKLM-x32\...\qBittorrent) (Version: 4.2.3 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.12.1002.1309 - Razer Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
RoboForm 8-9-6-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-9-6-6 - Siber Systems)
SecurityCenter (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC)
Simplify3D Software (HKLM\...\Simplify3D Software 4.1.2) (Version: 4.1.2 - Simplify3D)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synology Drive Client (remove only) (HKLM\...\Synology Drive) (Version: 6.0.2.11078 - Synology, Inc.)
TELUS Business Connect Phone (HKLM-x32\...\{75F75BA3-15FC-4F3D-A8EA-9B2A878768C2}) (Version: 20.4.0.41051 - TELUS)
Thunderbolt™ Software (HKLM-x32\...\{D6676AF9-720E-428B-A51B-08FBD281D25F}) (Version: 17.2.71.250 - Intel Corporation)
TNAS PC (HKLM-x32\...\{5726F42F-DEAE-49BA-86EA-05D58B38BD92}) (Version: 32.00.000 - Terra Master)
Topaz Adjust AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{4942a4a6-f04c-4d0a-806f-fba8f7d0f444}) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz DeNoise AI (HKLM\...\Topaz DeNoise AI 2.2.2) (Version: 2.3.4 - Topaz Labs LLC)
Topaz Gigapixel AI (HKLM\...\Topaz Gigapixel AI 4.9.3.2) (Version: 5.3.1 - Topaz Labs LLC)
Topaz JPEG to RAW AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{9ee67d49-2018-4f64-bd14-c5fe15dfa3f7}) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Mask AI (HKLM\...\Topaz Mask AI 1.2.0) (Version: 1.3.3 - Topaz Labs LLC)
Topaz Mask AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{5e31f254-f4f2-4393-91ae-4efef050413e}) (Version: 0.0.0 - Topaz Labs, LLC)
Topaz Sharpen AI (HKLM\...\Topaz Sharpen AI 2.0.5) (Version: 2.2.1 - Topaz Labs LLC)
Topaz Studio 2 (HKLM\...\Topaz Studio 2 2.2.0) (Version: 2.3.1 - Topaz Labs LLC)
TurboTax 2018 (HKLM-x32\...\{A44A24D7-CC5A-4C02-A702-F112B47089A9}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2019 (HKLM-x32\...\{176AF9FD-3AF6-4C10-9F68-A3AA455B3D51}) (Version: 1.00.0000 - Intuit Canada)
Vivaldi (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Vivaldi) (Version: 3.4.2066.94 - Vivaldi Technologies AS.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.177 - McAfee, LLC)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Lexmark International Printer  (01/29/2016 4.0.0.0) (HKLM\...\34DC397FE8B1BE8ED89856F5656D9FEAD70A7447) (Version: 01/29/2016 4.0.0.0 - Lexmark International)
Windows Driver Package - Lexmark International Printer  (01/29/2016 4.2.0.0) (HKLM\...\A9A8A66323C6477EA1EDA3DACDB6A4377E868B45) (Version: 01/29/2016 4.2.0.0 - Lexmark International)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
ZOC Terminal 8.0 (64-bit) (HKLM\...\ZOC8) (Version: 8.01.2 - EmTec Innovative Software)
Zoom (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{0B76DE11-5937-4491-A66A-617E42170AFF}) (Version: 5.4.58864 - Zoom)
 
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-05-12] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-12-19] (Amazon.com)
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.42.0_x64__pwbj9vvecjh7j [2020-12-16] (Amazon Development Centre (London) Ltd)
Best Video Converter -> C:\Program Files\WindowsApps\22450.BestVideoConverter_2.5.17.0_x64__0aqw1zw0x2snt [2020-12-19] (韵华软件) [MS Ad]
HEIC Image Viewer - Support Converter -> C:\Program Files\WindowsApps\35487uwpdeveloper.HEICImageConverterPro_2.12.45.0_x64__09s05jk6m8d1c [2020-07-28] (uwpdeveloper)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-06-01] (Instagram)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_830.5.128.0_x64__8xx8rvfyw5nnt [2020-12-17] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-16] (Microsoft Corporation) [MS Ad]
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2020-12-16] (0)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-12-19] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2020-12-16] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BB2020}\localserver32 -> C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BB2021}\localserver32 -> C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\kevin\AppData\Local\Vivaldi\Application\3.4.2066.94\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\kevin\AppData\Local\Autodesk\webdeploy\production\bc9c725a70f09cde6da1d8ccb49780b84d161bee\NPreview10.dll (Autodesk, Inc. -> )
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [   02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [   03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [   04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [   05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-11-01] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_250.dll [2020-04-20] (Amazon Services LLC -> Amazon.com, Inc.)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\nvshext.dll [2020-11-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1594935762-1857880304-426175554-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2020-12-12] () [File not signed]
ContextMenuHandlers6_S-1-5-21-1594935762-1857880304-426175554-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2020-12-12] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\kevin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Microsoft Edge Beta.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\kevin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Web Applications\_crx__mbjafbmjpcimpkkihihoideiofnoalmh\Disney+ _ Movies and Shows.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=mbjafbmjpcimpkkihihoideiofnoalmh
ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Spark.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=biilbcfkfcjcppaoognbchpjbjihinil
ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disney+ _ Movies and Shows.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=mbjafbmjpcimpkkihihoideiofnoalmh
ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb
 
==================== Loaded Modules (Whitelisted) =============
 
2020-10-16 16:36 - 2020-10-16 16:36 - 000352256 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-10-16 16:04 - 2020-10-16 16:04 - 000759808 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-10-16 16:04 - 2020-10-16 16:04 - 000743936 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-10-16 16:03 - 2020-10-16 16:03 - 000537600 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-10-16 16:04 - 2020-10-16 16:04 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-10-16 16:03 - 2020-10-16 16:03 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-10-16 16:03 - 2020-10-16 16:03 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2020-11-28 06:06 - 2020-11-28 06:06 - 048966144 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\AdobePIE.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 060800000 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_core410.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 003119104 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_imgcodecs410.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 045977600 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_imgproc410.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 000283136 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\PhotoCreations.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 000137728 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\ToastNotification.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 017214464 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\usd_win.dll
2016-06-06 09:33 - 2016-06-06 09:33 - 000268288 _____ () [File not signed] C:\Program Files\Lexmark\Bidi\LM__inpa.dll
2020-12-04 15:13 - 2020-12-04 15:13 - 000799744 _____ () [File not signed] C:\Users\kevin\AppData\Local\Amazon Drive\sqlite3.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000345600 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\fct-qt.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 021790171 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icudt53.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 003506395 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuin53.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 002223218 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuuc53.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000033280 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qgif.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000043008 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qicns.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000032768 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qico.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000507904 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjp2.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000239104 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjpeg.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000430080 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qtiff.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000834555 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libcurl-4.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000121524 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libgcc_s_dw2-1.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 003331103 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libsqlite3-0.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 001547595 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libstdc++-6.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000691712 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\platforms\qwindows.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000156160 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\WinCFWrapper.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000124430 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\zlib1.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 000446976 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\AdobeSVGAGM.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 002861568 _____ (Apache Software Foundation) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\xerces.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 051178496 _____ (Cognitec Systems GmbH) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\frsdk-9.4.0.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000028672 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Concurrent.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 004620288 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Core.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 003921408 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Gui.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 001448448 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Network.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 006133760 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Widgets.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000065629 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libwinpthread-1.dll
2020-12-04 15:13 - 2020-12-04 15:13 - 000125952 _____ (Robert Vazan) [File not signed] C:\Users\kevin\AppData\Local\Amazon Drive\crc32c.dll
2020-08-18 15:10 - 2020-08-18 15:10 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 027534336 _____ (The ICU Project) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\icudt64.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 002430976 _____ (The ICU Project) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\icuuc64.dll
2018-04-06 11:29 - 2018-04-06 11:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll
2018-04-06 11:29 - 2018-04-06 11:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 002781303 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\LIBEAY32.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000809896 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\SSLEAY32.dll
2020-09-02 12:05 - 2020-09-02 12:05 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-09-02 12:05 - 2020-09-02 12:05 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 002822144 _____ (TODO: <Company name>) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 002957312 _____ (WinSoft S.A.) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\WRServices.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ca/?pc=UE01&ocid=UE01DHP
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Neverwinter\Arc\Plugins\ArcPluginIE.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: intu-tt2018 - {c10cb859-8e11-44f1-833b-68a8e1ed7e1d} - C:\Program Files (x86)\TurboTax 2018\ic2018pp.dll [2019-05-15] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2019 - {F526FF07-B913-4B56-85DC-D7014178A5B4} - C:\Program Files (x86)\TurboTax 2019\ic2019pp.dll [2020-05-14] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\sharepoint.com -> hxxps://behrendsgroup-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 21:49 - 2020-04-20 12:19 - 000001996 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na1r.services.adobe.com na2m-pr.licenses.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com 
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kevin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
DNS Servers: 64.59.184.13 - 64.59.190.242
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IceDragonUpdater => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ThunderboltService => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk MSI.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Calendar Sync Pro.lnk"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "LM___SCE"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0E8D758D-4B8B-4277-BDFB-AA082D7BF743}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe => No File
FirewallRules: [{DEA994C0-1802-4E53-A889-95931CC7D915}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.22\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA1F1338-D46D-4777-9524-BE106072938D}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{618FCA40-6972-42E8-98CE-75DE33F18AEF}C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe] => (Allow) C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe (RingCentral, Inc. -> TELUS)
FirewallRules: [TCP Query User{6698E9F5-D2EA-4990-882B-8F296A5AD431}C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe] => (Allow) C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe (RingCentral, Inc. -> TELUS)
FirewallRules: [UDP Query User{526A370E-F30B-4355-8ED7-D02204898172}C:\users\kevin\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\kevin\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [TCP Query User{BF0ED3FA-3ECC-4DB7-8C77-3F06AF370AA1}C:\users\kevin\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\kevin\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [{85254FBB-3432-454B-835E-877DD66BE4A3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F6B2DC7A-A0C7-45EF-AC41-E4B6E4E93C04}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A6288DC8-D85C-41B4-BB59-DE3ABB80F96A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{444817FC-63ED-4842-8711-2C1161DADAFA}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.18\msedgewebview2.exe => No File
FirewallRules: [{CC1A8B44-A93C-4AFC-9BFA-80AF85576E4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B629EB14-FE97-46AE-8EAF-A26E2D192C96}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.57\msedgewebview2.exe => No File
FirewallRules: [{8BEEDC1F-960B-464B-866E-6CB82261C411}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.55\msedgewebview2.exe => No File
FirewallRules: [{5B6C23A8-D561-482F-8A9C-11792B81C507}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.52\msedgewebview2.exe => No File
FirewallRules: [UDP Query User{E5B1BC38-A1A6-4975-A646-73649D3D5147}D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [TCP Query User{F3CF8D2E-8E28-4096-B1A0-408D2F22C88A}D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [{A203527B-6235-4A55-B1A4-A689ADFC0AA0}] => (Allow) D:\SteamLibrary\steamapps\common\Marvels Avengers\avengers.exe (Crystal Dynamics, Inc.) [File not signed]
FirewallRules: [{BBE3ED30-E518-461C-AE69-9F2B12B59849}] => (Allow) D:\SteamLibrary\steamapps\common\Marvels Avengers\avengers.exe (Crystal Dynamics, Inc.) [File not signed]
FirewallRules: [{E52E36BF-DA11-48E3-8029-9A5615219715}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{755FA6E4-89DD-4C61-B7BD-5C2EEA9E700E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{6844A719-9460-4F2F-AF07-D8BD4CA9182C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B9A40349-2894-48D7-9BAE-48DAE1B28785}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FDE58AFD-8720-46FB-B5D3-D5D5A988736D}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> Nox Limited Corporation)
FirewallRules: [{FCE312DB-E5FC-4D22-A2D4-4A6B6F8F94B9}] => (Allow) D:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{1473070C-7B58-487B-B98B-F769D1DAAE88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1FECC8AA-62E9-479C-826E-89F2DA0EC76A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{77412A0A-985B-4546-B253-DC65B4CFB204}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C522A61-EAC7-49C7-BD65-FE6B2AFA28A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3726EFF4-378C-4984-974E-7F2453F7355B}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.47\msedgewebview2.exe => No File
FirewallRules: [{4088A64B-906C-4728-8F3C-66D553BDF69B}] => (Allow) E:\Itunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84FB4AF2-1D65-45F8-9608-9A958CF974A1}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.41\msedgewebview2.exe => No File
FirewallRules: [{936E41B2-6EE8-43DA-8825-FF01D28C83E4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.40\msedgewebview2.exe => No File
FirewallRules: [{95FC046E-1CCD-450A-A818-99D9C7762217}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.36\msedgewebview2.exe => No File
FirewallRules: [{D36CDABB-7F63-4B4F-8CDD-7351CBD55906}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.30\msedgewebview2.exe => No File
FirewallRules: [{170B4AC3-6726-49DC-A0D4-B7C1A973ECB7}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.24\msedgewebview2.exe => No File
FirewallRules: [{D1C4A25B-861C-4230-92B1-9F20D93844E9}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.18\msedgewebview2.exe => No File
FirewallRules: [{8518E440-FD04-4035-B2CC-406C7747AE82}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.12\msedgewebview2.exe => No File
FirewallRules: [{D8EFB38C-1417-4244-9227-9BA6A9CBA3E1}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.43\msedgewebview2.exe => No File
FirewallRules: [UDP Query User{39214D58-BBA2-4AF2-9079-2A0552F15D2E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> TODO: <Company name>)
FirewallRules: [TCP Query User{4201D7F5-D49C-4AD6-BA05-985B7CD1E46E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> TODO: <Company name>)
FirewallRules: [{63E8831D-6604-436C-80F7-410BBF94BB26}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.38\msedgewebview2.exe => No File
FirewallRules: [{4544CF9D-0F41-4F61-8D91-D0B228DB63AC}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.36\msedgewebview2.exe => No File
FirewallRules: [{7BE013B9-22BB-4794-BB43-C28F6C2ABE48}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.31\msedgewebview2.exe => No File
FirewallRules: [{7EAEAFC2-CF16-4EC6-91EE-E2A16BCC768B}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.28\msedgewebview2.exe => No File
FirewallRules: [{460F9A5F-3701-4746-BF7A-5B4E6D6462E2}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.19\msedgewebview2.exe => No File
FirewallRules: [{B5410A0A-B57A-4A29-82DD-6C81D03EA2F2}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.15\msedgewebview2.exe => No File
FirewallRules: [{534FBA5D-9E85-49BA-8A06-975FF09B293E}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.11\msedgewebview2.exe => No File
FirewallRules: [{BB46A02A-F97B-4029-9857-6F0A1A8331E4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.44\msedgewebview2.exe => No File
FirewallRules: [{7D25FD06-71E9-41A7-8AEF-D52F50770737}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.41\msedgewebview2.exe => No File
FirewallRules: [{33FC7E18-D52E-45F7-89E6-94E0DE1EDD22}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.40\msedgewebview2.exe => No File
FirewallRules: [{141AF645-62B6-466A-AC59-9E2FCD589E85}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.36\msedgewebview2.exe => No File
FirewallRules: [{5DBC6F90-9244-4A2E-810F-B37AB17362D8}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.30\msedgewebview2.exe => No File
FirewallRules: [{478D09A3-4664-490C-B36D-032E42618B32}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.23\msedgewebview2.exe => No File
FirewallRules: [{8D5C8D0F-F1A5-43E5-BE70-BEE35CAA4FBC}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.18\msedgewebview2.exe => No File
FirewallRules: [{07F2C21F-5CD4-49C9-938E-B1FB0F6B73BD}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.44\msedgewebview2.exe => No File
FirewallRules: [{0FC1AA6B-DF28-4C76-81E6-79B307D8C3C5}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{545E19E5-E98E-4963-97A1-0483DBD68868}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{88C420CC-B0CB-407D-AC87-D6A8A8DD0404}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{2F7166C8-C4C9-4C38-B72C-3E811F6D69F0}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{84653DF2-D5F4-4F70-BBA6-B014FD11E375}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{CA4D34C0-9074-4005-8A86-26E26D35DB44}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{3D93626D-F892-4D21-895D-E74792B1DEAD}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{D4C74079-4DBD-43A1-8F3D-3D5AC67C7B67}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{358984B1-C691-4CFE-AE3E-02AC37C12346}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.39\msedgewebview2.exe => No File
FirewallRules: [{9A7A5AD8-0277-43AB-AA1D-72DDD9E85C12}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe => No File
FirewallRules: [{6DA66435-9E3D-48A7-9221-5CF573795E46}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.35\msedgewebview2.exe => No File
FirewallRules: [UDP Query User{96F35947-6CAF-4228-AC35-F02221E48AEE}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{5BF58A46-9E58-49BB-A742-B50247CDAB86}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{5FD76585-9AF6-4FC9-A8BD-CC0F629A8F4C}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.28\msedgewebview2.exe => No File
FirewallRules: [{7E18FEE3-6AFB-4526-872C-D29CE03271F8}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.26\msedgewebview2.exe => No File
FirewallRules: [UDP Query User{A579E7A8-CBBF-4626-94FA-D94DBFAAD121}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{71E487E2-7601-4DF4-AA42-E932AFF2EB48}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{F833EB83-8871-4F6A-A6F0-42DF9072471A}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.20\msedgewebview2.exe => No File
FirewallRules: [{A7DDFA5A-C199-4F98-909D-465FB4C38AF4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.15\msedgewebview2.exe => No File
FirewallRules: [{4D5B3263-FFAC-411C-82BB-E292389412DF}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.11\msedgewebview2.exe => No File
FirewallRules: [{5C45CFB4-C3BA-4C13-8F15-9D01D01F5465}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{73174BFA-04E5-4EA3-B7B5-E5FCB7635B7E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{377FFFB6-E13F-4A00-9FDD-276ADC923DE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{649D2B84-692F-41E1-901B-A340860B3171}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{832AEFCA-918B-453A-B42B-9101C1F8AB2F}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{D57A7D76-2B51-4FB6-9CB5-6AD0BED9AD2E}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{E8E0722C-7F80-4975-8987-3AE837F79FBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F64D2E1C-38AF-4523-A49A-AC08725CDC1B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EB1449ED-B9D6-49B7-99A1-9939AA40E195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFA18375-A1C4-452C-8CDF-D0EACD16E2CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{579FA8AB-60E5-4C93-9D06-8C3B96121776}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6DFEF05-4BEE-4738-B3D8-90184CDB0699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A6BAE4F-DEFE-421B-801B-4EF0518F5D62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0AD1E50C-A827-4280-86D6-F27D18C16332}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2AAE2A8F-BD8C-4573-85C3-4CED842865F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{FA275219-6F77-4AFE-B0C9-6AA3D5C8159D}C:\program files (x86)\terra master\tnas pc\tnaspc.exe] => (Allow) C:\program files (x86)\terra master\tnas pc\tnaspc.exe (Terra Master) [File not signed]
FirewallRules: [UDP Query User{A68A482D-7AAF-4981-806F-AFA44B3AFAF3}C:\program files (x86)\terra master\tnas pc\tnaspc.exe] => (Allow) C:\program files (x86)\terra master\tnas pc\tnaspc.exe (Terra Master) [File not signed]
FirewallRules: [{53B4C7C9-7B33-4CD3-8FDD-D60E51FB56A5}] => (Allow) J:\install\x64\installgui.exe => No File
FirewallRules: [{2C3F2A19-EA9F-4C07-B8F4-3D46D70A7BAE}] => (Allow) J:\install\x64\installgui.exe => No File
FirewallRules: [{8BD13980-59D2-416B-88DD-D747AF2C40F3}] => (Allow) C:\Users\kevin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9B30EF8C-CC6E-4651-8C6F-8BFC227C38D5}] => (Allow) C:\Users\kevin\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{51178299-E9BE-4E3E-BA32-8177E0AB0C73}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{17A9E4D5-B005-4C85-A3AE-ED1A36D9DC2C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{5335E494-38B2-46CA-808E-A45BC21D4084}D:\downloads\adobe tool v4.9.4.0\adobetool.exe] => (Allow) D:\downloads\adobe tool v4.9.4.0\adobetool.exe => No File
FirewallRules: [UDP Query User{D862A85A-4D25-418C-A144-816037575E1B}D:\downloads\adobe tool v4.9.4.0\adobetool.exe] => (Allow) D:\downloads\adobe tool v4.9.4.0\adobetool.exe => No File
FirewallRules: [{692A263A-59DE-4223-AEDE-E02897ED2FBA}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe => No File
FirewallRules: [{D750B1BE-A581-4422-83A6-DE5FC5A01968}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe => No File
FirewallRules: [{E44B4D25-33B3-4980-8288-B29374B6C657}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe => No File
FirewallRules: [{0A45937B-1A64-41FC-B04B-78AADE723B81}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe => No File
FirewallRules: [TCP Query User{E94D43EA-EC40-446C-9461-7A109602FED7}C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File
FirewallRules: [UDP Query User{1E2748AC-449E-40F6-BAD7-9367EF4BA02A}C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File
FirewallRules: [{9D973010-87D9-493A-819B-556FA64BF386}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{68234F13-6692-407E-8369-1E9162E50BBF}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{FC5E04F8-3475-4BE0-8E39-888F364021F7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{7311EF0D-4BDC-4772-8FDD-23277A4EAA68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7A6185DC-FADE-4635-96F8-417F0BAF8722}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4AB7F330-DBC2-47E5-8C60-4EC01A9E5BA5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{44587D76-8B63-4850-B496-C2D41F0C7647}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{43FEFF23-4C57-4842-8C93-0BAF59A4E54E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{0C152543-D06F-431D-9891-E7277F54E3FD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{0B9696E2-691C-404A-B5D3-A638B56B6FDB}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{D6CBD33B-0D6E-4E08-B570-4515570702FC}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{BAD7FA1C-2D6E-4912-B91A-7E1086A9098D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{88F6414B-D840-4C8D-A84E-E8F3C6A93DBC}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{10357721-6557-4D0A-BCB7-88959D2B481B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E83B4D3B-A929-49E9-B79C-E6ED4E205C74}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Restore Points =========================
 
17-12-2020 13:17:56 Windows Modules Installer
19-12-2020 14:51:51 Malwarebytes Anti-Rootkit Restore Point
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/20/2020 11:15:27 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: THEWHITETOWER)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
Error: (12/20/2020 11:15:27 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: THEWHITETOWER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (12/20/2020 11:13:55 AM) (Source: DCOM) (EventID: 10010) (User: THEWHITETOWER)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
 
Date: 2020-12-20 11:17:57.7050000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-20 11:17:57.7000000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-20 11:17:57.6950000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-20 11:17:57.6900000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-20 11:17:57.6830000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-20 11:17:57.6780000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-20 11:17:57.6730000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-20 11:17:57.6670000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. ALASKA - 1072009 06/09/2017
Motherboard: Gigabyte Technology Co., Ltd. X99-Ultra Gaming-CF
Processor: Intel® Core™ i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 19%
Total physical RAM: 32602.55 MB
Available physical RAM: 26392.25 MB
Total Virtual: 37466.55 MB
Available Virtual: 29272.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:237.84 GB) (Free:115.15 GB) NTFS
Drive d: (Users) (Fixed) (Total:931.51 GB) (Free:730.66 GB) NTFS
Drive e: (Programs) (Fixed) (Total:3725.9 GB) (Free:3717.54 GB) NTFS
Drive y: (Gaming) (Fixed) (Total:223.57 GB) (Free:154.34 GB) NTFS
 
\\?\Volume{86dd5f42-87c6-4772-84d4-bcb2378f5481}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{9ce114ca-1580-453c-bfb0-957e0201ae95}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: A5426BEB)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8005979F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 01807300)
 
Partition: GPT.
 
==========================================================
Disk: 3 (Size: 238.5 GB) (Disk ID: 0A77A4EE)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by kevin (administrator) on THEWHITETOWER (Gigabyte Technology Co., Ltd. Default string) (20-12-2020 11:16:41)
Running from D:\Desktop
Loaded Profiles: kevin
Platform: Windows 10 Home Version 20H2 19042.685 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Inc. -> Adobe) C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe
(Amazon.com Services LLC -> Amazon.com Inc.) C:\Users\kevin\AppData\Local\Amazon Drive\AmazonPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel® Client Connectivity Division SW -> Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\ConditionalAppStarter.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_6\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\NVDisplay.Container.exe <2>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\PMRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\PMRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe
(Synology Inc. -> Synology Inc.) C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-connect.exe
(Synology Inc. -> Synology Inc.) C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe
(Synology Inc. -> Synology Inc.) C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => E:\Itunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdobePSE19AutoAnalyzer] => C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe [2653808 2020-11-28] (Adobe Inc. -> Adobe)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [266624 2020-12-08] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-11-28] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-10-16] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> )
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [LM___SCE] => C:\Program Files (x86)\Lexmark\StatusCenter\LM___SCE.EX
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Amazon Music Helper] => C:\Users\kevin\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107848 2020-05-22] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\kevin\AppData\Local\Vivaldi\Application\update_notifier.exe [1883208 2020-11-02] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Amazon Photos] => C:\Users\kevin\AppData\Local\Amazon Drive\AmazonPhotos.exe [10028720 2020-12-04] (Amazon.com Services LLC -> Amazon.com Inc.)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145680 2020-11-21] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31046640 2020-09-21] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\kevin\AppData\Local\Programs\Messenger\Messenger.exe [110794184 2020-12-07] (Facebook, Inc. -> Facebook, Inc.)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\LMU04R4C: C:\Windows\System32\spool\prtprocs\x64\LMU04R4C.DLL [291840 2019-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Lexmark International Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\stkMonitor: C:\Windows\system32\stkMonitor.dll [519848 2020-04-20] (Amazon Services LLC -> Amazon.com, Inc.)
HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.22\Installer\setup.exe [2020-12-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk MSI.lnk [2020-08-27]
ShortcutTarget: AnyDesk MSI.lnk -> C:\Windows\Installer\{62853EBF-E9DD-4AA5-B20A-5A6C3DD74FF3}\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-12]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calendar Sync Pro.lnk [2020-05-20]
ShortcutTarget: Calendar Sync Pro.lnk -> C:\Program Files (x86)\Calendar Sync Pro\Calendar Sync Pro.exe (PPP) [File not signed]
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2020-03-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive Client.lnk [2020-12-20]
ShortcutTarget: Synology Drive Client.lnk -> C:\Program Files (x86)\Synology\SynologyDrive\bin\launcher.exe (Synology Inc. -> Synology Inc.)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13967337-CD68-4EEE-96BA-E2F08949CC70} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.126\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
Task: {1528EC90-B282-4A5E-8233-CE215CE028DC} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {220C66AF-39F7-426C-AB84-14A84572AE38} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {26586D81-36E8-4083-9332-76CACC8C3259} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {26C27446-AEE0-4862-921B-E9F5EA8F0ECB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-10-19] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {2977BCC6-7FFB-4A9E-A566-1944DA2D2E9A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {313C80F4-8EFA-4774-B862-0A71254BCDD6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {31BEC3B2-4EDE-404D-8030-50958C06CE54} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {426B0B0B-1E97-4DBE-84E7-E8B5FA9273C4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {548AF97E-7BCD-407E-B38F-C059EBCAD168} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5521ED8E-D951-40F3-BD0A-06AAA7C6F6D2} - System32\Tasks\EOSv3 Scheduler onTime => D:\Downloads\Updated software tools\esetonlinescanner.exe
Task: {55A026C6-2BD0-4B9B-9945-D9997DB1DC9E} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1594935762-1857880304-426175554-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-16] (Microsoft Windows -> )
Task: {55BEBB59-8835-43E8-80AC-B15059CE53CC} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Downloads\Updated software tools\esetonlinescanner.exe
Task: {5F33E2D6-ED4B-4C50-8514-EE7D6A8E65EC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2263784 2017-10-19] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {64F62C11-944A-400E-95AF-B528DD70BAAC} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {721290E0-B175-41EA-811E-3DF176039E66} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.11.630\mcdatrep.exe [1888160 2020-12-16] (McAfee, Inc. -> McAfee, LLC.)
Task: {7520DB9D-4D99-4EE4-B0E2-961714DF4F58} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {89ABAC86-8114-4EE8-B2D7-50A2D78D7D67} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B03B495-F3B3-4671-AD8D-D1AF8BDFC7D5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93119F8F-DD82-4B18-93A9-BD1C4FFEC109} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-29] (Google LLC -> Google LLC)
Task: {93B7AECC-5AD2-47D2-82A2-4370DBB8EC3E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-09] (McAfee, LLC -> McAfee, LLC)
Task: {967B414A-A702-462C-801B-0B19D213E38F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9E218E8D-4C7A-4A64-ABD2-AEFADB8A059D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A1D64ACC-FA73-4E9A-990E-D8C423E90B0F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6316F55-CC79-439E-BC6B-5617DCE516AA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-10-19] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {ABF00D45-20D5-4159-BC3A-A9F2D8D392F3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145680 2020-11-21] (Siber Systems -> Siber Systems)
Task: {AE462DB9-708E-46A4-8ECF-C9D7D5565F95} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {AF288C8A-AFD7-45AC-8CDF-7A0574589539} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BB455FD5-78F9-4DB8-8B9A-002232169300} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC5792A6-EDD5-42B9-B545-74F745BF2D35} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD62A9C6-DDBD-4BCE-AD5F-5217CBC8A836} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "https://www.roboform...KMCMPMJNJMCMPM"
Task: {C092CA43-228B-4006-8134-50E69BC15B32} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0E34583-F40D-4FEB-BEFD-FEE47CFB90C6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C15E9356-A17A-4FFF-9E1A-FD6BFB3F324D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE405F7B-769A-4A59-BC15-ED4C20FB8C1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-29] (Google LLC -> Google LLC)
Task: {D67B07B3-4DC0-46DF-BFA8-DD18E2004C67} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-09-21] (Garmin International, Inc. -> )
Task: {E60320F5-0DC2-413F-B6C4-DD15F81736EB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {ECBAEA52-4F31-4840-BDF5-1A61BCF3615C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-10-19] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {F6E5730A-75C0-42D6-B0B8-7B0D34C2E68B} - System32\Tasks\Run RoboForm Process => C:\Program Files\Comodo\IceDragon\icedragon.exe [596928 2019-05-29] (Comodo Security Solutions, Inc. -> Comodo Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.184.13 64.59.190.242
Tcpip\..\Interfaces\{34a80106-3e77-462c-b5d8-e55afc6be5a8}: [DhcpNameServer] 64.59.184.13 64.59.190.242
Tcpip\..\Interfaces\{50b32c7d-183e-4e1c-a0fe-dbdd6215c5bf}: [DhcpNameServer] 64.59.184.13 64.59.190.242
 
Edge: 
======
DownloadDir: C:\Users\kevin\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-20]
Edge DownloadDir: D:\Downloads
Edge StartupUrls: Default -> "hxxps://www.google.ca/?gws_rd=ssl"
Edge NewTab: Default ->  Active:"chrome-extension://dlnejlppicbjfcfcedcflplfjajinajd/index.html"
Edge Extension: (F.B.(FluffBusting)Purity) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbadpifemeclpdmgelgehgclmeohdoge [2020-12-19]
Edge Extension: (Super Downloader for Instagram) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjbpbjdhaoepfngpakiiocajbcjddoeg [2020-12-19]
Edge Extension: (Bonjourr) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlnejlppicbjfcfcedcflplfjajinajd [2020-09-07]
Edge Extension: (Social Video Downloader) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfnnoammpigcglgbhcbbdpnekbcddahe [2020-11-26]
Edge Extension: (RoboForm Password Manager) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2020-12-10]
Edge Extension: (uBlock Origin) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2020-12-19]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
 
FireFox:
========
FF DefaultProfile: 1izp1enj.default
FF DefaultProfile: wtvwx7w4.default
FF DefaultProfile: t7r0b1u8.default
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Waterfox\Profiles\1izp1enj.default [2020-08-26]
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Waterfox\Profiles\b4zjdg20.68-edition-default [2020-08-26]
FF ProfilePath: C:\Users\kevin\AppData\Roaming\PostboxApp\Profiles\wtvwx7w4.default [2020-12-20]
FF DownloadDir: D:\Downloads
FF Extension: (Cloud Service Providers for Postbox) - C:\Users\kevin\AppData\Roaming\PostboxApp\Profiles\wtvwx7w4.default\Extensions\p[email protected] [2020-03-28] [Legacy] [not signed]
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Postbox\Profiles\dfedwnxr.default [2020-03-28]
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Comodo\IceDragon\Profiles\t7r0b1u8.default [2020-12-12]
FF Homepage: Comodo\IceDragon\Profiles\t7r0b1u8.default -> about:newtab
FF Extension: (Online Security Pro) - C:\Users\kevin\AppData\Roaming\Comodo\IceDragon\Profiles\t7r0b1u8.default\Extensions\[email protected] [2020-08-26]
FF Extension: (Https Enforcement) - C:\Users\kevin\AppData\Roaming\Comodo\IceDragon\Profiles\t7r0b1u8.default\Extensions\[email protected] [2019-03-15]
FF Extension: (Media Downloader) - C:\Users\kevin\AppData\Roaming\Comodo\IceDragon\Profiles\t7r0b1u8.default\Extensions\{5e9eca63-6e0d-47ce-9862-07d938121575}.xpi [2019-03-15] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2020-04-20] [Legacy]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-11-28] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Neverwinter\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-11-28] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1594935762-1857880304-426175554-1001: www.mydlink.com/Uplayer -> C:\Users\kevin\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-LINK CORPORATION -> D-Link Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default [2020-12-06]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.google.ca/
CHR NewTab: Default ->  Not-active:"chrome-extension://dlnejlppicbjfcfcedcflplfjajinajd/index.html"
CHR Extension: (Google Translate) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-29]
CHR Extension: (Slides) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-29]
CHR Extension: (Docs) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-29]
CHR Extension: (Google Drive) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-29]
CHR Extension: (Advanced Font Settings) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2020-03-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-18]
CHR Extension: (Bonjourr) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnejlppicbjfcfcedcflplfjajinajd [2020-06-06]
CHR Extension: (Dropbox for Gmail) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2020-03-29]
CHR Extension: (Adobe Acrobat) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-19]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2020-03-29]
CHR Extension: (Sheets) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2020-11-18]
CHR Extension: (Clear Cache Shortcut) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnajhcakejgchhbjlchkfmdidgjefleg [2020-03-29]
CHR Extension: (mydlink services plugin) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2020-03-29]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2020-03-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-29]
CHR Extension: (Gmail) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-31]
CHR Extension: (RoboForm Password Manager) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2020-12-06]
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-08]
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-1594935762-1857880304-426175554-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-11-28] (Adobe Inc. -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3706832 2020-12-12] (philandro Software GmbH -> philandro Software GmbH)
R2 AnyDeskMSI; C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe [3669120 2020-07-28] (philandro Software GmbH -> philandro Software GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S3 ArcService; D:\Neverwinter\Arc\ArcService.exe [125488 2020-05-26] (Perfect World Entertainment -> Perfect World Entertainment Inc)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-10-16] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-10-16] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-18] (NVIDIA Corporation -> NVIDIA)
S4 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [2616792 2019-05-29] (Comodo Security Solutions, Inc. -> Comodo Inc.)
R2 LM__bdsvc; C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe [690688 2016-06-06] () [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [958216 2020-12-17] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\\McCSPServiceHost.exe [2726312 2020-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.22\elevation_service.exe [1523600 2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4221040 2020-07-29] (McAfee, LLC -> McAfee, LLC)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-09-22] (Razer USA Ltd. -> Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290864 2020-12-08] (Razer USA Ltd. -> Razer Inc.)
R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [371672 2020-05-07] (Synology Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\NisSrv.exe [2343112 2020-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MsMpEng.exe [128360 2020-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2020-12-20] (CPUID S.A.R.L.U. -> CPUID)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [36280 2019-12-25] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2019-12-25] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
S3 gdrv; C:\WINDOWS\gdrv.sys [25640 2020-10-10] (Giga-Byte Technology -> Windows ® Server 2003 DDK provider)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation -> Microsoft Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [595896 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107960 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2020-09-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428256 2020-09-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69856 2020-09-01] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2020-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-12-19 16:02 - 2020-12-19 16:02 - 000003822 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-12-19 16:02 - 2020-12-19 16:02 - 000003380 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-12-19 15:16 - 2020-12-19 15:16 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2020-12-19 15:16 - 2020-12-19 15:16 - 000000000 ____D C:\Program Files\Notepad++
2020-12-19 15:00 - 2020-12-19 15:00 - 000000812 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-12-19 15:00 - 2020-12-19 15:00 - 000000000 ____D C:\Users\kevin\AppData\Local\ESET
2020-12-19 14:46 - 2020-12-19 14:46 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\E114B549.sys
2020-12-19 14:46 - 2020-12-19 14:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-19 14:45 - 2020-12-19 14:58 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-12-19 14:45 - 2020-12-19 14:45 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2020-12-19 12:59 - 2020-12-20 11:16 - 000000000 ____D C:\FRST
2020-12-16 16:11 - 2020-12-16 15:19 - 000000000 ____D C:\Windows.old
2020-12-16 16:09 - 2020-12-16 16:12 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2020-12-16 16:09 - 2020-12-16 16:09 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-12-16 16:07 - 2020-12-16 16:07 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-16 16:07 - 2020-12-16 16:07 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-16 16:07 - 2020-12-16 16:07 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-16 16:07 - 2020-12-16 16:07 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-16 16:07 - 2020-12-16 16:07 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-16 16:06 - 2020-12-16 16:06 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-16 16:06 - 2020-12-16 16:06 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-16 16:06 - 2020-12-16 16:06 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-16 16:06 - 2020-12-16 16:06 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-16 16:06 - 2020-12-16 16:06 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-16 16:06 - 2020-12-16 16:06 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-16 16:06 - 2020-12-16 16:06 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-16 16:06 - 2020-12-16 16:06 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-16 16:03 - 2020-12-16 16:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-12-16 16:03 - 2020-12-16 16:03 - 000000000 ____D C:\Program Files\MSBuild
2020-12-16 16:03 - 2020-12-16 16:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-12-16 16:03 - 2020-12-16 16:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-12-16 15:30 - 2020-12-16 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-12-16 15:28 - 2020-05-26 00:11 - 000218960 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2020-12-16 15:27 - 2020-12-19 23:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-12-16 15:27 - 2020-12-19 12:20 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-12-16 15:27 - 2020-12-16 16:27 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2020-12-16 15:27 - 2020-12-16 15:27 - 000003332 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2020-12-16 15:27 - 2020-12-16 15:27 - 000000000 ____D C:\Program Files\McAfee.com
2020-12-16 15:27 - 2020-12-16 15:27 - 000000000 ____D C:\Program Files\Common Files\AV
2020-12-16 15:26 - 2020-12-19 12:18 - 000000000 ____D C:\ProgramData\McAfee
2020-12-16 15:26 - 2020-12-16 15:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2020-12-16 15:26 - 2020-06-02 03:30 - 000568216 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2020-12-16 15:23 - 2020-12-19 16:45 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-16 15:21 - 2020-12-16 15:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2020-12-16 15:19 - 2020-12-16 18:33 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1594935762-1857880304-426175554-1001
2020-12-16 15:19 - 2020-12-16 15:19 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2020-12-16 15:19 - 2020-12-16 15:19 - 000007623 _____ C:\WINDOWS\diagerr.xml
2020-12-16 15:19 - 2020-12-16 15:19 - 000003888 _____ C:\WINDOWS\system32\Tasks\Open URL by RoboForm
2020-12-16 15:19 - 2020-12-16 15:19 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-16 15:19 - 2020-12-16 15:19 - 000003200 _____ C:\WINDOWS\system32\Tasks\Run RoboForm TaskBar Icon
2020-12-16 15:19 - 2020-12-16 15:19 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-16 15:19 - 2020-12-16 15:19 - 000003034 _____ C:\WINDOWS\system32\Tasks\Run RoboForm Process
2020-12-16 15:19 - 2020-12-16 15:19 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1594935762-1857880304-426175554-500
2020-12-16 15:19 - 2020-12-16 15:19 - 000002802 _____ C:\WINDOWS\system32\Tasks\[email protected]
2020-12-16 15:19 - 2020-12-16 15:19 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002702 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2020-12-16 15:19 - 2020-12-16 15:19 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-12-16 15:19 - 2020-12-16 15:19 - 000000020 ___SH C:\Users\kevin\ntuser.ini
2020-12-16 15:19 - 2020-12-16 15:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2020-12-16 15:19 - 2020-12-16 15:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2020-12-16 15:18 - 2020-12-16 15:18 - 000000000 ____D C:\ProgramData\Lexmark B2200 Series HBP
2020-12-16 15:13 - 2020-12-16 18:33 - 000002363 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-16 15:13 - 2020-12-16 15:19 - 000000000 ____D C:\Users\kevin
2020-12-16 14:27 - 2020-12-16 15:19 - 000000000 ___DC C:\WINDOWS\Panther
2020-12-16 14:24 - 2020-12-16 15:19 - 000000000 ___HD C:\$GetCurrent
2020-12-16 07:19 - 2020-12-16 15:14 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-12-12 16:22 - 2020-12-12 16:22 - 000000000 ____D C:\Users\kevin\AppData\Roaming\D-Link
2020-12-12 12:00 - 2020-12-12 12:00 - 000001410 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TELUS Business Connect Phone.lnk
2020-12-12 11:59 - 2020-12-16 15:14 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TELUS
2020-12-12 11:59 - 2020-12-12 12:00 - 000000000 ____D C:\Users\kevin\AppData\Roaming\JabraSDK
2020-12-12 11:59 - 2020-12-12 11:59 - 000000000 ____D C:\Users\kevin\AppData\Local\Telus
2020-12-12 09:52 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2020-12-12 09:52 - 2020-12-12 12:53 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2020-12-12 09:42 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2020-12-12 09:42 - 2020-12-12 09:42 - 000000000 ____D C:\Program Files (x86)\Synology
2020-12-12 09:41 - 2020-12-20 11:15 - 000000000 ____D C:\Users\kevin\AppData\Local\SynologyDrive
2020-11-29 11:42 - 2020-11-06 21:01 - 000222112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-11-29 11:42 - 2020-11-06 21:01 - 000067456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2020-11-29 11:42 - 2020-11-06 21:01 - 000038632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-11-29 11:38 - 2020-11-07 10:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-11-29 11:38 - 2020-11-07 10:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-11-29 11:38 - 2020-11-07 10:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-11-29 11:38 - 2020-11-07 10:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 001506032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 001027992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000590576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2020-11-29 11:38 - 2020-11-07 10:38 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 006858992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 005520792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 002509720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2020-11-29 11:38 - 2020-11-07 10:37 - 000445848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2020-11-29 11:38 - 2020-11-07 10:36 - 007005008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-11-29 11:38 - 2020-11-07 10:36 - 005976296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-11-29 11:38 - 2020-11-06 21:01 - 000080930 _____ C:\WINDOWS\system32\nvinfo.pb
2020-11-29 09:03 - 2020-11-29 09:03 - 000000000 ____D C:\Users\kevin\AppData\Roaming\ArcApp
2020-11-29 08:54 - 2020-11-29 09:03 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Arc
2020-11-29 08:50 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2020-11-28 14:02 - 2020-11-28 14:02 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Crystal Dynamics
2020-11-28 13:27 - 2020-12-16 15:14 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-11-28 13:14 - 2020-11-28 13:14 - 000000000 ____D C:\Users\kevin\AppData\Local\Steam
2020-11-28 13:13 - 2020-12-20 11:15 - 000000000 ____D C:\Program Files (x86)\Steam
2020-11-28 13:13 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-11-28 07:44 - 2020-11-28 07:45 - 000000000 ____D C:\Users\kevin\.BigNox
2020-11-28 07:44 - 2020-11-28 07:44 - 000000000 ____D C:\Program Files (x86)\Bignox
2020-11-28 06:15 - 2020-11-28 06:30 - 000001708 _____ C:\ProgramData\StreamingMediaTechnologyLog.txt
2020-11-28 06:13 - 2020-11-28 06:13 - 000001415 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elements Creations Notification 2021.lnk
2020-11-28 06:13 - 2020-11-28 06:13 - 000001233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 2021.lnk
2020-11-28 05:31 - 2020-11-28 05:31 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Creative Memories
2020-11-28 05:31 - 2020-11-28 05:31 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Caspedia
2020-11-28 05:31 - 2020-11-28 05:31 - 000000000 ____D C:\ProgramData\Creative Memories
2020-11-27 17:26 - 2020-12-20 11:15 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Messenger
2020-11-27 17:26 - 2020-12-20 11:15 - 000000000 ____D C:\Users\kevin\AppData\Local\Messenger
2020-11-27 17:26 - 2020-12-10 17:24 - 000000000 ____D C:\Users\kevin\AppData\Local\messenger-updater
2020-11-27 17:26 - 2020-11-27 17:26 - 000002333 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2020-11-27 17:26 - 2020-11-27 17:26 - 000000000 ____D C:\Users\kevin\AppData\LocalLow\Messenger
2020-11-26 18:23 - 2020-12-07 20:29 - 000000000 ____D C:\Users\kevin\AppData\Local\Amazon Drive
2020-11-26 11:38 - 2020-11-26 12:06 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Topaz Labs LLC
2020-11-26 09:51 - 2020-10-18 22:42 - 000069608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2020-11-26 09:51 - 2020-10-18 22:42 - 000058344 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2020-11-25 16:19 - 2020-11-25 16:19 - 000000000 ____D C:\Users\kevin\AppData\Roaming\ajour
2020-11-25 09:56 - 2020-11-25 09:56 - 000000000 ____D C:\Users\kevin\AppData\Local\MultiPlayerManager
2020-11-24 06:14 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2020-11-21 20:57 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-11-21 20:57 - 2020-11-21 20:57 - 000000000 ____D C:\Program Files\iPod
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-12-20 11:17 - 2020-03-28 12:45 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-20 11:15 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-20 11:15 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-20 11:15 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-20 11:14 - 2020-11-19 00:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-20 11:14 - 2020-06-01 11:31 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-20 11:14 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-20 11:11 - 2020-03-28 15:35 - 000000000 ____D C:\Users\kevin\AppData\LocalLow\Mozilla
2020-12-20 10:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-12-20 09:11 - 2020-11-19 00:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-19 16:45 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-19 16:37 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-19 16:04 - 2020-11-15 08:51 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Amazon Cloud Drive
2020-12-19 15:29 - 2020-03-29 17:08 - 000000000 ____D C:\Users\kevin\AppData\Local\D3DSCache
2020-12-19 15:16 - 2020-03-29 15:30 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Notepad++
2020-12-19 15:15 - 2020-03-29 15:30 - 000000000 ____D C:\Program Files (x86)\Notepad++
2020-12-19 14:58 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-12-19 14:58 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-12-19 14:57 - 2020-03-28 12:36 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Adobe
2020-12-19 14:01 - 2020-11-19 00:32 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-17 13:17 - 2020-03-28 12:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-12-17 13:15 - 2020-03-28 12:59 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-12-17 03:27 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2020-12-16 16:12 - 2020-11-19 00:33 - 000000000 ____D C:\ProgramData\Packages
2020-12-16 16:12 - 2020-11-19 00:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-16 16:12 - 2020-11-11 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2020-12-16 16:12 - 2020-10-11 09:36 - 000000000 ____D C:\WINDOWS\ShellNew
2020-12-16 16:12 - 2020-10-11 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2020-12-16 16:12 - 2020-10-10 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2020-12-16 16:12 - 2020-08-27 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk MSI
2020-12-16 16:12 - 2020-08-27 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2020-12-16 16:12 - 2020-07-18 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
2020-12-16 16:12 - 2020-07-15 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-12-16 16:12 - 2020-07-03 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simplify3D Software
2020-12-16 16:12 - 2020-05-29 03:54 - 000000000 ____D C:\Program Files\UNP
2020-12-16 16:12 - 2020-05-18 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-12-16 16:12 - 2020-05-01 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 120 Manual
2020-12-16 16:12 - 2020-04-20 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2020-12-16 16:12 - 2020-04-20 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2020-12-16 16:12 - 2020-04-15 07:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2020-12-16 16:12 - 2020-04-13 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNAS PC
2020-12-16 16:12 - 2020-03-29 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2020-12-16 16:12 - 2020-03-29 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-12-16 16:12 - 2020-03-29 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2020-12-16 16:12 - 2020-03-29 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 13.8
2020-12-16 16:12 - 2020-03-29 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-12-16 16:12 - 2020-03-29 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2020-12-16 16:12 - 2020-03-29 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-12-16 16:12 - 2020-03-29 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-12-16 16:12 - 2020-03-29 11:40 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2020-12-16 16:12 - 2020-03-29 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
2020-12-16 16:12 - 2020-03-28 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postbox
2020-12-16 16:12 - 2020-03-28 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2020-12-16 16:12 - 2020-03-28 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax
2020-12-16 16:12 - 2020-03-28 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-12-16 16:12 - 2020-03-28 13:10 - 000000000 ____D C:\Program Files\Intel
2020-12-16 16:12 - 2020-03-28 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2020-12-16 16:12 - 2019-12-07 02:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Registration
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-12-16 16:12 - 2019-03-18 21:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2020-12-16 16:12 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-12-16 16:11 - 2019-12-07 02:14 - 000000000 __RHD C:\Users\Public\Libraries
2020-12-16 16:11 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate
2020-12-16 16:10 - 2020-10-10 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2020-12-16 16:10 - 2020-10-10 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2020-12-16 16:10 - 2020-08-26 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2020-12-16 16:10 - 2020-05-01 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2020-12-16 16:10 - 2020-04-03 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-16 16:05 - 2020-03-28 12:38 - 000000000 ____D C:\Users\kevin\AppData\Local\PlaceholderTileLogoFolder
2020-12-16 16:05 - 2020-03-28 12:36 - 000000000 ____D C:\Users\kevin\AppData\Local\Packages
2020-12-16 16:04 - 2019-12-07 02:18 - 000000000 ____D C:\WINDOWS\Setup
2020-12-16 15:39 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-12-16 15:35 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-12-16 15:28 - 2020-05-19 10:47 - 000000000 ____D C:\Program Files\McAfee
2020-12-16 15:26 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-16 15:25 - 2020-11-19 00:32 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-16 15:25 - 2020-11-19 00:32 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-16 15:21 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-12-16 15:19 - 2020-11-19 00:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-16 15:19 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-12-16 15:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-12-16 15:19 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-16 15:18 - 2020-03-29 15:56 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-16 15:18 - 2020-03-28 15:29 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2020-12-16 15:17 - 2019-12-07 02:14 - 000000000 __RSD C:\WINDOWS\Media
2020-12-16 15:14 - 2020-11-18 07:07 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 8.0 (64-bit)
2020-12-16 15:14 - 2020-11-13 17:33 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2020-12-16 15:14 - 2020-10-10 12:10 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2020-12-16 15:14 - 2020-07-07 10:34 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2020-12-16 15:14 - 2020-05-19 12:37 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2020-12-16 15:14 - 2020-05-17 15:53 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beamr Imaging
2020-12-16 15:14 - 2020-04-22 11:38 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2020-12-16 15:14 - 2020-04-16 14:28 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2020-12-16 15:14 - 2020-04-16 14:18 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs LLC
2020-12-16 15:14 - 2020-03-29 15:58 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2020-12-16 15:14 - 2020-03-28 14:59 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-12-16 15:13 - 2020-03-29 11:50 - 000000000 ____D C:\WINDOWS\SysWOW64\LifeCamTrueColor
2020-12-16 15:13 - 2020-03-29 11:50 - 000000000 ____D C:\WINDOWS\system32\LifeCamTrueColor
2020-12-16 15:13 - 2020-03-28 12:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2020-12-16 15:12 - 2020-11-19 00:30 - 005101952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-16 14:27 - 2020-06-01 11:04 - 000000036 _____ C:\WINDOWS\progress.ini
2020-12-16 14:24 - 2020-06-01 11:02 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2020-12-16 14:24 - 2020-06-01 11:02 - 000000000 ____D C:\Windows10Upgrade
2020-12-16 14:08 - 2020-09-13 16:36 - 000000000 ____D C:\Users\kevin\AppData\Local\ElevatedDiagnostics
2020-12-16 13:57 - 2020-09-06 08:14 - 000000072 _____ C:\WINDOWS\system32\perfdish001.dat
2020-12-16 13:41 - 2020-03-28 16:09 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-16 13:41 - 2020-03-28 15:31 - 000000000 ____D C:\Program Files (x86)\Postbox
2020-12-16 13:34 - 2020-03-28 12:40 - 000000000 ____D C:\Users\kevin\AppData\Local\PackageStaging
2020-12-16 08:10 - 2020-08-29 11:35 - 000000128 _____ C:\Users\kevin\AppData\Local\PUTTY.RND
2020-12-16 07:19 - 2020-04-19 12:44 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Zoom
2020-12-12 16:26 - 2020-08-26 16:17 - 000000000 ____D C:\Users\kevin\AppData\LocalLow\Comodo
2020-12-12 10:46 - 2020-03-30 12:04 - 000000000 ____D C:\Users\kevin\AppData\Local\CrashDumps
2020-12-12 10:22 - 2020-03-28 12:36 - 000000000 ____D C:\Users\kevin\AppData\Local\VirtualStore
2020-12-12 09:57 - 2020-08-27 16:55 - 000000000 ____D C:\Users\kevin\AppData\Roaming\AnyDesk
2020-12-12 09:52 - 2020-08-27 16:54 - 000000000 ____D C:\ProgramData\AnyDesk
2020-12-07 20:29 - 2020-11-15 08:51 - 000001219 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Photos.lnk
2020-12-06 13:16 - 2020-03-29 17:13 - 000000000 ____D C:\Users\kevin\AppData\Local\Battle.net
2020-11-29 13:36 - 2020-03-29 12:09 - 000000000 ____D C:\Users\kevin\AppData\Local\NVIDIA
2020-11-29 08:50 - 2020-07-05 09:24 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-11-28 08:39 - 2020-10-24 16:34 - 000000299 _____ C:\Users\kevin\d4ac4633ebd6440fa397b84f1bc94a3c.7z
2020-11-28 08:39 - 2020-10-24 16:00 - 000000000 ____D C:\Users\kevin\AppData\Local\Nox
2020-11-28 07:45 - 2020-10-24 16:01 - 000000000 ____D C:\Users\kevin\AppData\Local\NoxSrv
2020-11-28 07:45 - 2020-06-15 11:55 - 000000000 ____D C:\Users\kevin\.android
2020-11-28 07:44 - 2020-11-13 17:33 - 000000000 ____D C:\Users\kevin\AppData\Roaming\NoxSrv
2020-11-28 07:44 - 2020-11-07 10:34 - 000000069 _____ C:\Users\kevin\AppData\Local\update_progress.txt
2020-11-28 07:44 - 2020-10-24 16:01 - 000000000 ____D C:\Users\kevin\vmlogs
2020-11-28 07:25 - 2020-03-28 17:24 - 000000000 ____D C:\Users\kevin\AppData\Local\Adobe
2020-11-28 06:15 - 2020-03-28 17:23 - 000000000 ____D C:\ProgramData\Adobe
2020-11-28 06:13 - 2020-03-29 11:45 - 000000000 ____D C:\Program Files\Adobe
2020-11-28 06:13 - 2020-03-29 11:43 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-11-28 06:04 - 2020-05-01 11:39 - 000001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2020-11-26 09:51 - 2020-03-29 14:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-11-26 09:51 - 2020-03-28 12:34 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-11-26 09:51 - 2020-03-28 12:34 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-11-25 16:32 - 2020-10-10 12:10 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-11-25 16:30 - 2020-11-07 13:45 - 000001377 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbox Updater.lnk
2020-11-25 16:30 - 2020-11-07 13:45 - 000001340 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TBShell.lnk
2020-11-25 16:30 - 2020-10-24 15:12 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Live Writer
2020-11-25 16:30 - 2020-10-24 15:12 - 000000000 ____D C:\Users\kevin\AppData\Local\OpenLiveWriter
2020-11-24 06:18 - 2020-07-30 07:06 - 000000000 ____D C:\Users\kevin\AppData\Local\Garmin
2020-11-24 06:18 - 2020-07-30 07:02 - 000000000 ____D C:\ProgramData\Garmin
2020-11-24 06:14 - 2020-07-30 07:05 - 000000000 ____D C:\Program Files (x86)\Garmin
2020-11-24 06:14 - 2020-03-28 13:10 - 000000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories ========
 
2020-03-29 13:30 - 2020-04-20 10:21 - 000000132 _____ () C:\Users\kevin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2020-06-15 14:20 - 2020-06-15 14:20 - 000038505 _____ () C:\Users\kevin\AppData\Roaming\Comma Separated Values.ADR
2020-04-08 13:33 - 2020-10-31 09:39 - 000001456 _____ () C:\Users\kevin\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-04-22 09:34 - 2020-04-22 09:34 - 000000000 _____ () C:\Users\kevin\AppData\Local\oobelibMkey.log
2020-08-29 11:35 - 2020-12-16 08:10 - 000000128 _____ () C:\Users\kevin\AppData\Local\PUTTY.RND
2020-11-07 10:34 - 2020-11-28 07:44 - 000000069 _____ () C:\Users\kevin\AppData\Local\update_progress.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#5
RKinner
Posted 20 December 2020 - 02:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP

Can I see the fixlog?  I had the fixlist check a couple of files to make sure they were legit.

 

I asked about anydesk because I've had a few cases where people got talked into installing it by one of the bogus 1-800 "Windows Support" alerts.  Just wanted to make sure you had installed it and knew what it did.


  • 0

#6
Fyrewind
Posted 24 December 2020 - 11:35 AM

Fyrewind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

sorry for the late reply, being on call sucks sometimes...

Here you go.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by kevin (20-12-2020 11:13:24) Run:1
Running from D:\Desktop
Loaded Profiles: kevin
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {4070DDBB-F7EE-4EF8-A36C-4171AFBEA1B9} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {C3D9E364-7279-4459-9BAB-9824D81E1BD8} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {F76C3338-9187-43E4-BC3B-30BF7DAF5E33} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: {BD63D88A-25FC-440E-A3C1-771025144BF3} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
File: C:\Windows\System32\winlogui.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Unlock: C:\WINDOWS\system32\sysmain.dll
FILE: C:\WINDOWS\system32\sysmain.dll
FILE: C:\Windows\System32\winscomrssrv.dll
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4070DDBB-F7EE-4EF8-A36C-4171AFBEA1B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4070DDBB-F7EE-4EF8-A36C-4171AFBEA1B9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3D9E364-7279-4459-9BAB-9824D81E1BD8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3D9E364-7279-4459-9BAB-9824D81E1BD8}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F76C3338-9187-43E4-BC3B-30BF7DAF5E33}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F76C3338-9187-43E4-BC3B-30BF7DAF5E33}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\winrmsrv" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD63D88A-25FC-440E-A3C1-771025144BF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD63D88A-25FC-440E-A3C1-771025144BF3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\Winlogui => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Winlogui" => removed successfully
 
========================= File: C:\Windows\System32\winlogui.exe ========================
 
"C:\Windows\System32\winlogui.exe" => not found
====== End of File: ======
 
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
"C:\WINDOWS\system32\sysmain.dll" => was unlocked
 
========================= FILE: C:\WINDOWS\system32\sysmain.dll ========================
 
C:\WINDOWS\system32\sysmain.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package06~31bf3856ad364e35~amd64~~10.0.19041.685.cat
File is digitally signed
MD5: EEF13AA9823D86B6D597AB3CC0250548
Creation and modification date: 2020-12-16 16:07 - 2020-12-16 16:07
Size: 001006592
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: SysMain
Original Name: sysmain.dll
Product: Microsoft® Windows® Operating System
Description: SysMain Service Host
File Version: 10.0.19041.662 (WinBuild.160101.0800)
Product Version: 10.0.19041.662
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End of File: ======
 
 
========================= FILE: C:\Windows\System32\winscomrssrv.dll ========================
 
"C:\Windows\System32\winscomrssrv.dll" => not found
====== End of File: ======
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 11:13:38 ====

  • 0

#7
RKinner
Posted 24 December 2020 - 11:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP

Delays are no problem.  I do not keep track.

 

Looks OK.  How is it running now?  Any slowness?


  • 0

#8
Fyrewind
Posted 24 December 2020 - 11:51 AM

Fyrewind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Runs nice now, no errors and no noticeable slowness at this point.


  • 0

#9
RKinner
Posted 24 December 2020 - 02:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  UPDATE:  Flash is now officially extinct and should be removed (uninstalled).   Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge/Brave then get the Ublock Origin extension.  (Remove other adblockers)   You should be no longer using Internet Explorer.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Clear your history.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.


If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combefore you open them.

Due to a recent rise in the number of Cryptolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.  (Included with the regular MalwareBytres Anti-Malware program)

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.
 If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

If you are running Win 10 you probably want OpenShell:

https://github.com/O...Open-Shell-Menu

  This program will make Win 10 act like Win 7 with the same controls you are used to.
Download Link:
https://github.com/O...tup_4_4_131.exe


Recommended free software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Media Player it never seems to need extra files to work.
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Video Downloader Professional  To save online video.   This extension (available for Chrome or Firefox)  allows you to start a recording and then switch to a different window and record another video.
Download YouTube Videos:  4K Video Downloader (Separate Program) https://www.4kdownlo...videodownloader
You have to copy the URL then hit the + button on the program.  Then select quality. There is a license activate window but you just close it.
With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!



Ron

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: windows 10, dll error

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP