Yes Anydesk is one of the tools I use for work. I remote trouble shoot basic user issues at our other offices. And I use it for working from home as well.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by kevin (20-12-2020 11:17:37)
Running from D:\Desktop
Windows 10 Home Version 20H2 19042.685 (X64) (2020-12-16 22:19:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1594935762-1857880304-426175554-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1594935762-1857880304-426175554-503 - Limited - Disabled)
Guest (S-1-5-21-1594935762-1857880304-426175554-501 - Limited - Disabled)
kevin (S-1-5-21-1594935762-1857880304-426175554-1001 - Administrator - Enabled) => C:\Users\kevin
WDAGUtilityAccount (S-1-5-21-1594935762-1857880304-426175554-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2021 (HKLM-x32\...\PSE_19_0) (Version: 19.0 - Adobe Inc.)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Adobe Spark (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\0912fe44b191ae5b4e461fcb229de8a1) (Version: 1.0 - Adobe Spark)
AIDA64 Extreme v6.25 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.25 - FinalWire Ltd.)
Amazon Kindle (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
Amazon Music (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Amazon Music) (Version: 7.12.0.2203 - Amazon.com Services LLC)
Amazon Photos (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Photos) (Version: 7.6.2 - Amazon.com, Inc.)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.1.250 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{16BA964D-698D-4663-8FA7-B9613DA7958B}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.1.0 - philandro Software GmbH)
AnyDesk MSI (HKLM-x32\...\{62853EBF-E9DD-4AA5-B20A-5A6C3DD74FF3}) (Version: 6.0.7 - philandro Software GmbH)
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.1.0.17816 - Perfect World Entertainment)
Autodesk Fusion 360 (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.8609 - Autodesk, Inc.)
AutoHotkey 1.1.33.02 (HKLM\...\AutoHotkey) (Version: 1.1.33.02 - Lexikos)
Backup and Sync from Google (HKLM\...\{3A8CD593-8CF9-45B4-9932-FC41CBC14E15}) (Version: 3.53.3404.7585 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{0185ADA8-A025-46A7-8A5C-7F5C2C000CC5}) (Version: 4.21.0 - Kovid Goyal)
Canon CanoScan LiDE 120 On-screen Manual (HKLM-x32\...\Canon CanoScan LiDE 120 On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.11.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CanoScan LiDE 120 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2415) (Version: 1.02 - Canon Inc.)
Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 65.0.2.15 - COMODO)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.7 - Ursa Minor Ltd)
CORSAIR iCUE Software (HKLM-x32\...\{F59B42DC-B192-409E-A0B9-79BB6D37A5F5}) (Version: 3.34.170 - Corsair)
CPUID HWMonitor 1.42 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.42 - CPUID, Inc.)
Customer Support (HKLM-x32\...\{B33D89E4-FB43-6749-447E-2E469AC9EB5B}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Disney+ _ Movies and Shows (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\b8fe3528afee2da2f3924cab8c6eeb69) (Version: 1.0 - Disney+ _ Movies and Shows)
EaseUS Partition Master 13.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Elevated Installer (HKLM-x32\...\{877496C2-70B0-42F1-835A-FAFE2CF0199C}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden
EU Waste Recycling Information (HKLM-x32\...\{42DF7152-0B7D-7917-4633-94E00C7BE684}) (Version: 1.0.0.0 - Lexmark International, Inc.)
FastStone Photo Resizer 4.3 (HKLM-x32\...\FastStone Photo Resizer) (Version: 4.3 - FastStone Soft.)
Fire Toolbox V9.1 version (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{63274841-9C5F-4B30-B181-AECE757BB62C}_is1) (Version: - Datastream)
Garmin Express (HKLM-x32\...\{235f2ee5-7383-44df-a298-01221caa5532}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E944FA32-8BCF-474F-BFB2-D1EF24555873}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Information Center (HKLM-x32\...\{851828ED-8353-E017-70EE-BF284CE2B799}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel® Corporation) Hidden
Intel® USB 3.1 Device Driver (HKLM\...\{7DFE2F7E-3154-45D6-A468-4725DE033AC8}) (Version: 15.2.30.250 - Intel Corporation)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
iTunes (HKLM\...\{79951B67-3DC8-45DF-A516-86F89DA95924}) (Version: 12.11.0.26 - Apple Inc.)
JPEGminiPro (HKLM-x32\...\{562DB2AC-3EBD-4D8F-882C-DB19FECA7AE5}) (Version: 2.1.1.1 - Beamr Imaging Ltd)
Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks)
Lexmark Network Twain Scan Driver (HKLM-x32\...\{3376919A-5F1D-4383-4E76-11B5CDBA1069}) (Version: 1.21.169.0 - Lexmark International, Inc.)
Lexmark Printer Software G4 HBP Print Driver (HKLM\...\{8882B0EE-907E-44AA-9756-BF0B3AF051FA}) (Version: 4.2.0.0 - Lexmark International, Inc.)
Lexmark Printer Software G4 Scan Driver (HKLM\...\{A1229F7D-4CDB-6C36-09BB-017B230DB998}) (Version: 4.2.0.0 - Lexmark International, Inc.)
Lexmark Status Center (HKLM-x32\...\{C81FE7E1-4FDF-43C6-ACB6-53CB40EA1B88}) (Version: 2.5.59.0 - Lexmark International, Inc.)
Lexmark USB Bidi Solution (HKLM\...\{4C0B7166-C37D-434B-88A5-56D55F240448}) (Version: 1.3.64.0 - Lexmark International, Inc.)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.5.0 - LG Electronics)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Messenger 81.6.118 (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 81.6.118 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Beta (HKLM-x32\...\Microsoft Edge Beta) (Version: 88.0.705.22 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MSI Kombustor 4.1.7.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
mydlink services plugin (HKLM-x32\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NoxPlayer (HKLM-x32\...\Nox) (Version: 6.6.1.5 - Duodian Technology Co. Ltd.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 457.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Postbox 7.0.42 (x86 en-US) (HKLM-x32\...\Postbox 7.0.42 (x86 en-US)) (Version: 7.0.42 - Postbox, Inc.)
PuTTY release 0.74 (64-bit) (HKLM\...\{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 - Simon Tatham)
qBittorrent 4.2.3 (HKLM-x32\...\qBittorrent) (Version: 4.2.3 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.12.1002.1309 - Razer Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
RoboForm 8-9-6-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-9-6-6 - Siber Systems)
SecurityCenter (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC)
Simplify3D Software (HKLM\...\Simplify3D Software 4.1.2) (Version: 4.1.2 - Simplify3D)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synology Drive Client (remove only) (HKLM\...\Synology Drive) (Version: 6.0.2.11078 - Synology, Inc.)
TELUS Business Connect Phone (HKLM-x32\...\{75F75BA3-15FC-4F3D-A8EA-9B2A878768C2}) (Version: 20.4.0.41051 - TELUS)
Thunderbolt™ Software (HKLM-x32\...\{D6676AF9-720E-428B-A51B-08FBD281D25F}) (Version: 17.2.71.250 - Intel Corporation)
TNAS PC (HKLM-x32\...\{5726F42F-DEAE-49BA-86EA-05D58B38BD92}) (Version: 32.00.000 - Terra Master)
Topaz Adjust AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{4942a4a6-f04c-4d0a-806f-fba8f7d0f444}) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz DeNoise AI (HKLM\...\Topaz DeNoise AI 2.2.2) (Version: 2.3.4 - Topaz Labs LLC)
Topaz Gigapixel AI (HKLM\...\Topaz Gigapixel AI 4.9.3.2) (Version: 5.3.1 - Topaz Labs LLC)
Topaz JPEG to RAW AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{9ee67d49-2018-4f64-bd14-c5fe15dfa3f7}) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Mask AI (HKLM\...\Topaz Mask AI 1.2.0) (Version: 1.3.3 - Topaz Labs LLC)
Topaz Mask AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{5e31f254-f4f2-4393-91ae-4efef050413e}) (Version: 0.0.0 - Topaz Labs, LLC)
Topaz Sharpen AI (HKLM\...\Topaz Sharpen AI 2.0.5) (Version: 2.2.1 - Topaz Labs LLC)
Topaz Studio 2 (HKLM\...\Topaz Studio 2 2.2.0) (Version: 2.3.1 - Topaz Labs LLC)
TurboTax 2018 (HKLM-x32\...\{A44A24D7-CC5A-4C02-A702-F112B47089A9}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2019 (HKLM-x32\...\{176AF9FD-3AF6-4C10-9F68-A3AA455B3D51}) (Version: 1.00.0000 - Intuit Canada)
Vivaldi (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Vivaldi) (Version: 3.4.2066.94 - Vivaldi Technologies AS.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.177 - McAfee, LLC)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Lexmark International Printer (01/29/2016 4.0.0.0) (HKLM\...\34DC397FE8B1BE8ED89856F5656D9FEAD70A7447) (Version: 01/29/2016 4.0.0.0 - Lexmark International)
Windows Driver Package - Lexmark International Printer (01/29/2016 4.2.0.0) (HKLM\...\A9A8A66323C6477EA1EDA3DACDB6A4377E868B45) (Version: 01/29/2016 4.2.0.0 - Lexmark International)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
ZOC Terminal 8.0 (64-bit) (HKLM\...\ZOC8) (Version: 8.01.2 - EmTec Innovative Software)
Zoom (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{0B76DE11-5937-4491-A66A-617E42170AFF}) (Version: 5.4.58864 - Zoom)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-05-12] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-12-19] (Amazon.com)
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.42.0_x64__pwbj9vvecjh7j [2020-12-16] (Amazon Development Centre (London) Ltd)
Best Video Converter -> C:\Program Files\WindowsApps\22450.BestVideoConverter_2.5.17.0_x64__0aqw1zw0x2snt [2020-12-19] (韵华软件) [MS Ad]
HEIC Image Viewer - Support Converter -> C:\Program Files\WindowsApps\35487uwpdeveloper.HEICImageConverterPro_2.12.45.0_x64__09s05jk6m8d1c [2020-07-28] (uwpdeveloper)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-06-01] (Instagram)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_830.5.128.0_x64__8xx8rvfyw5nnt [2020-12-17] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-16] (Microsoft Corporation) [MS Ad]
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2020-12-16] (0)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-12-19] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2020-12-16] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BB2020}\localserver32 -> C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BB2021}\localserver32 -> C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\kevin\AppData\Local\Vivaldi\Application\3.4.2066.94\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\kevin\AppData\Local\Autodesk\webdeploy\production\bc9c725a70f09cde6da1d8ccb49780b84d161bee\NPreview10.dll (Autodesk, Inc. -> )
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-11-01] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_250.dll [2020-04-20] (Amazon Services LLC -> Amazon.com, Inc.)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\nvshext.dll [2020-11-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1594935762-1857880304-426175554-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2020-12-12] () [File not signed]
ContextMenuHandlers6_S-1-5-21-1594935762-1857880304-426175554-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2020-12-12] () [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\kevin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Microsoft Edge Beta.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\kevin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Web Applications\_crx__mbjafbmjpcimpkkihihoideiofnoalmh\Disney+ _ Movies and Shows.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=mbjafbmjpcimpkkihihoideiofnoalmh
ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Spark.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=biilbcfkfcjcppaoognbchpjbjihinil
ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disney+ _ Movies and Shows.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=mbjafbmjpcimpkkihihoideiofnoalmh
ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb
==================== Loaded Modules (Whitelisted) =============
2020-10-16 16:36 - 2020-10-16 16:36 - 000352256 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-10-16 16:04 - 2020-10-16 16:04 - 000759808 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-10-16 16:04 - 2020-10-16 16:04 - 000743936 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-10-16 16:03 - 2020-10-16 16:03 - 000537600 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-10-16 16:04 - 2020-10-16 16:04 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-10-16 16:03 - 2020-10-16 16:03 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-10-16 16:03 - 2020-10-16 16:03 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2020-11-28 06:06 - 2020-11-28 06:06 - 048966144 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\AdobePIE.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 060800000 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_core410.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 003119104 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_imgcodecs410.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 045977600 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_imgproc410.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 000283136 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\PhotoCreations.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 000137728 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\ToastNotification.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 017214464 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\usd_win.dll
2016-06-06 09:33 - 2016-06-06 09:33 - 000268288 _____ () [File not signed] C:\Program Files\Lexmark\Bidi\LM__inpa.dll
2020-12-04 15:13 - 2020-12-04 15:13 - 000799744 _____ () [File not signed] C:\Users\kevin\AppData\Local\Amazon Drive\sqlite3.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000345600 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\fct-qt.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 021790171 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icudt53.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 003506395 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuin53.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 002223218 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuuc53.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000033280 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qgif.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000043008 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qicns.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000032768 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qico.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000507904 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjp2.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000239104 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjpeg.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000430080 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qtiff.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000834555 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libcurl-4.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000121524 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libgcc_s_dw2-1.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 003331103 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libsqlite3-0.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 001547595 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libstdc++-6.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000691712 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\platforms\qwindows.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000156160 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\WinCFWrapper.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000124430 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\zlib1.dll
2020-11-28 06:05 - 2020-11-28 06:05 - 000446976 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\AdobeSVGAGM.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 002861568 _____ (Apache Software Foundation) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\xerces.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 051178496 _____ (Cognitec Systems GmbH) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\frsdk-9.4.0.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000028672 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Concurrent.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 004620288 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Core.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 003921408 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Gui.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 001448448 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Network.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 006133760 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Widgets.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000065629 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libwinpthread-1.dll
2020-12-04 15:13 - 2020-12-04 15:13 - 000125952 _____ (Robert Vazan) [File not signed] C:\Users\kevin\AppData\Local\Amazon Drive\crc32c.dll
2020-08-18 15:10 - 2020-08-18 15:10 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 027534336 _____ (The ICU Project) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\icudt64.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 002430976 _____ (The ICU Project) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\icuuc64.dll
2018-04-06 11:29 - 2018-04-06 11:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll
2018-04-06 11:29 - 2018-04-06 11:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 002781303 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\LIBEAY32.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 000809896 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\SSLEAY32.dll
2020-09-02 12:05 - 2020-09-02 12:05 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-09-02 12:05 - 2020-09-02 12:05 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2020-12-12 09:42 - 2020-12-12 09:42 - 002822144 _____ (TODO: <Company name>) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll
2020-11-28 06:04 - 2020-11-28 06:04 - 002957312 _____ (WinSoft S.A.) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\WRServices.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ca/?pc=UE01&ocid=UE01DHP
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Neverwinter\Arc\Plugins\ArcPluginIE.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: intu-tt2018 - {c10cb859-8e11-44f1-833b-68a8e1ed7e1d} - C:\Program Files (x86)\TurboTax 2018\ic2018pp.dll [2019-05-15] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2019 - {F526FF07-B913-4B56-85DC-D7014178A5B4} - C:\Program Files (x86)\TurboTax 2019\ic2019pp.dll [2020-05-14] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\sharepoint.com -> hxxps://behrendsgroup-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 21:49 - 2020-04-20 12:19 - 000001996 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na1r.services.adobe.com na2m-pr.licenses.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kevin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
DNS Servers: 64.59.184.13 - 64.59.190.242
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IceDragonUpdater => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ThunderboltService => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk MSI.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Calendar Sync Pro.lnk"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "LM___SCE"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0E8D758D-4B8B-4277-BDFB-AA082D7BF743}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe => No File
FirewallRules: [{DEA994C0-1802-4E53-A889-95931CC7D915}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.22\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA1F1338-D46D-4777-9524-BE106072938D}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{618FCA40-6972-42E8-98CE-75DE33F18AEF}C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe] => (Allow) C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe (RingCentral, Inc. -> TELUS)
FirewallRules: [TCP Query User{6698E9F5-D2EA-4990-882B-8F296A5AD431}C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe] => (Allow) C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe (RingCentral, Inc. -> TELUS)
FirewallRules: [UDP Query User{526A370E-F30B-4355-8ED7-D02204898172}C:\users\kevin\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\kevin\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [TCP Query User{BF0ED3FA-3ECC-4DB7-8C77-3F06AF370AA1}C:\users\kevin\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\kevin\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [{85254FBB-3432-454B-835E-877DD66BE4A3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F6B2DC7A-A0C7-45EF-AC41-E4B6E4E93C04}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A6288DC8-D85C-41B4-BB59-DE3ABB80F96A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{444817FC-63ED-4842-8711-2C1161DADAFA}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.18\msedgewebview2.exe => No File
FirewallRules: [{CC1A8B44-A93C-4AFC-9BFA-80AF85576E4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B629EB14-FE97-46AE-8EAF-A26E2D192C96}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.57\msedgewebview2.exe => No File
FirewallRules: [{8BEEDC1F-960B-464B-866E-6CB82261C411}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.55\msedgewebview2.exe => No File
FirewallRules: [{5B6C23A8-D561-482F-8A9C-11792B81C507}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.52\msedgewebview2.exe => No File
FirewallRules: [UDP Query User{E5B1BC38-A1A6-4975-A646-73649D3D5147}D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [TCP Query User{F3CF8D2E-8E28-4096-B1A0-408D2F22C88A}D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [{A203527B-6235-4A55-B1A4-A689ADFC0AA0}] => (Allow) D:\SteamLibrary\steamapps\common\Marvels Avengers\avengers.exe (Crystal Dynamics, Inc.) [File not signed]
FirewallRules: [{BBE3ED30-E518-461C-AE69-9F2B12B59849}] => (Allow) D:\SteamLibrary\steamapps\common\Marvels Avengers\avengers.exe (Crystal Dynamics, Inc.) [File not signed]
FirewallRules: [{E52E36BF-DA11-48E3-8029-9A5615219715}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{755FA6E4-89DD-4C61-B7BD-5C2EEA9E700E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{6844A719-9460-4F2F-AF07-D8BD4CA9182C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B9A40349-2894-48D7-9BAE-48DAE1B28785}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FDE58AFD-8720-46FB-B5D3-D5D5A988736D}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> Nox Limited Corporation)
FirewallRules: [{FCE312DB-E5FC-4D22-A2D4-4A6B6F8F94B9}] => (Allow) D:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{1473070C-7B58-487B-B98B-F769D1DAAE88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1FECC8AA-62E9-479C-826E-89F2DA0EC76A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{77412A0A-985B-4546-B253-DC65B4CFB204}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C522A61-EAC7-49C7-BD65-FE6B2AFA28A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3726EFF4-378C-4984-974E-7F2453F7355B}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.47\msedgewebview2.exe => No File
FirewallRules: [{4088A64B-906C-4728-8F3C-66D553BDF69B}] => (Allow) E:\Itunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84FB4AF2-1D65-45F8-9608-9A958CF974A1}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.41\msedgewebview2.exe => No File
FirewallRules: [{936E41B2-6EE8-43DA-8825-FF01D28C83E4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.40\msedgewebview2.exe => No File
FirewallRules: [{95FC046E-1CCD-450A-A818-99D9C7762217}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.36\msedgewebview2.exe => No File
FirewallRules: [{D36CDABB-7F63-4B4F-8CDD-7351CBD55906}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.30\msedgewebview2.exe => No File
FirewallRules: [{170B4AC3-6726-49DC-A0D4-B7C1A973ECB7}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.24\msedgewebview2.exe => No File
FirewallRules: [{D1C4A25B-861C-4230-92B1-9F20D93844E9}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.18\msedgewebview2.exe => No File
FirewallRules: [{8518E440-FD04-4035-B2CC-406C7747AE82}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.12\msedgewebview2.exe => No File
FirewallRules: [{D8EFB38C-1417-4244-9227-9BA6A9CBA3E1}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.43\msedgewebview2.exe => No File
FirewallRules: [UDP Query User{39214D58-BBA2-4AF2-9079-2A0552F15D2E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> TODO: <Company name>)
FirewallRules: [TCP Query User{4201D7F5-D49C-4AD6-BA05-985B7CD1E46E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> TODO: <Company name>)
FirewallRules: [{63E8831D-6604-436C-80F7-410BBF94BB26}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.38\msedgewebview2.exe => No File
FirewallRules: [{4544CF9D-0F41-4F61-8D91-D0B228DB63AC}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.36\msedgewebview2.exe => No File
FirewallRules: [{7BE013B9-22BB-4794-BB43-C28F6C2ABE48}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.31\msedgewebview2.exe => No File
FirewallRules: [{7EAEAFC2-CF16-4EC6-91EE-E2A16BCC768B}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.28\msedgewebview2.exe => No File
FirewallRules: [{460F9A5F-3701-4746-BF7A-5B4E6D6462E2}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.19\msedgewebview2.exe => No File
FirewallRules: [{B5410A0A-B57A-4A29-82DD-6C81D03EA2F2}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.15\msedgewebview2.exe => No File
FirewallRules: [{534FBA5D-9E85-49BA-8A06-975FF09B293E}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.11\msedgewebview2.exe => No File
FirewallRules: [{BB46A02A-F97B-4029-9857-6F0A1A8331E4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.44\msedgewebview2.exe => No File
FirewallRules: [{7D25FD06-71E9-41A7-8AEF-D52F50770737}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.41\msedgewebview2.exe => No File
FirewallRules: [{33FC7E18-D52E-45F7-89E6-94E0DE1EDD22}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.40\msedgewebview2.exe => No File
FirewallRules: [{141AF645-62B6-466A-AC59-9E2FCD589E85}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.36\msedgewebview2.exe => No File
FirewallRules: [{5DBC6F90-9244-4A2E-810F-B37AB17362D8}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.30\msedgewebview2.exe => No File
FirewallRules: [{478D09A3-4664-490C-B36D-032E42618B32}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.23\msedgewebview2.exe => No File
FirewallRules: [{8D5C8D0F-F1A5-43E5-BE70-BEE35CAA4FBC}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.18\msedgewebview2.exe => No File
FirewallRules: [{07F2C21F-5CD4-49C9-938E-B1FB0F6B73BD}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.44\msedgewebview2.exe => No File
FirewallRules: [{0FC1AA6B-DF28-4C76-81E6-79B307D8C3C5}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{545E19E5-E98E-4963-97A1-0483DBD68868}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{88C420CC-B0CB-407D-AC87-D6A8A8DD0404}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{2F7166C8-C4C9-4C38-B72C-3E811F6D69F0}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{84653DF2-D5F4-4F70-BBA6-B014FD11E375}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{CA4D34C0-9074-4005-8A86-26E26D35DB44}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{3D93626D-F892-4D21-895D-E74792B1DEAD}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{D4C74079-4DBD-43A1-8F3D-3D5AC67C7B67}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File
FirewallRules: [{358984B1-C691-4CFE-AE3E-02AC37C12346}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.39\msedgewebview2.exe => No File
FirewallRules: [{9A7A5AD8-0277-43AB-AA1D-72DDD9E85C12}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe => No File
FirewallRules: [{6DA66435-9E3D-48A7-9221-5CF573795E46}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.35\msedgewebview2.exe => No File
FirewallRules: [UDP Query User{96F35947-6CAF-4228-AC35-F02221E48AEE}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{5BF58A46-9E58-49BB-A742-B50247CDAB86}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{5FD76585-9AF6-4FC9-A8BD-CC0F629A8F4C}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.28\msedgewebview2.exe => No File
FirewallRules: [{7E18FEE3-6AFB-4526-872C-D29CE03271F8}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.26\msedgewebview2.exe => No File
FirewallRules: [UDP Query User{A579E7A8-CBBF-4626-94FA-D94DBFAAD121}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{71E487E2-7601-4DF4-AA42-E932AFF2EB48}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{F833EB83-8871-4F6A-A6F0-42DF9072471A}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.20\msedgewebview2.exe => No File
FirewallRules: [{A7DDFA5A-C199-4F98-909D-465FB4C38AF4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.15\msedgewebview2.exe => No File
FirewallRules: [{4D5B3263-FFAC-411C-82BB-E292389412DF}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.11\msedgewebview2.exe => No File
FirewallRules: [{5C45CFB4-C3BA-4C13-8F15-9D01D01F5465}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{73174BFA-04E5-4EA3-B7B5-E5FCB7635B7E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{377FFFB6-E13F-4A00-9FDD-276ADC923DE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{649D2B84-692F-41E1-901B-A340860B3171}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{832AEFCA-918B-453A-B42B-9101C1F8AB2F}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{D57A7D76-2B51-4FB6-9CB5-6AD0BED9AD2E}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{E8E0722C-7F80-4975-8987-3AE837F79FBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F64D2E1C-38AF-4523-A49A-AC08725CDC1B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EB1449ED-B9D6-49B7-99A1-9939AA40E195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFA18375-A1C4-452C-8CDF-D0EACD16E2CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{579FA8AB-60E5-4C93-9D06-8C3B96121776}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6DFEF05-4BEE-4738-B3D8-90184CDB0699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A6BAE4F-DEFE-421B-801B-4EF0518F5D62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0AD1E50C-A827-4280-86D6-F27D18C16332}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2AAE2A8F-BD8C-4573-85C3-4CED842865F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{FA275219-6F77-4AFE-B0C9-6AA3D5C8159D}C:\program files (x86)\terra master\tnas pc\tnaspc.exe] => (Allow) C:\program files (x86)\terra master\tnas pc\tnaspc.exe (Terra Master) [File not signed]
FirewallRules: [UDP Query User{A68A482D-7AAF-4981-806F-AFA44B3AFAF3}C:\program files (x86)\terra master\tnas pc\tnaspc.exe] => (Allow) C:\program files (x86)\terra master\tnas pc\tnaspc.exe (Terra Master) [File not signed]
FirewallRules: [{53B4C7C9-7B33-4CD3-8FDD-D60E51FB56A5}] => (Allow) J:\install\x64\installgui.exe => No File
FirewallRules: [{2C3F2A19-EA9F-4C07-B8F4-3D46D70A7BAE}] => (Allow) J:\install\x64\installgui.exe => No File
FirewallRules: [{8BD13980-59D2-416B-88DD-D747AF2C40F3}] => (Allow) C:\Users\kevin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9B30EF8C-CC6E-4651-8C6F-8BFC227C38D5}] => (Allow) C:\Users\kevin\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{51178299-E9BE-4E3E-BA32-8177E0AB0C73}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{17A9E4D5-B005-4C85-A3AE-ED1A36D9DC2C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{5335E494-38B2-46CA-808E-A45BC21D4084}D:\downloads\adobe tool v4.9.4.0\adobetool.exe] => (Allow) D:\downloads\adobe tool v4.9.4.0\adobetool.exe => No File
FirewallRules: [UDP Query User{D862A85A-4D25-418C-A144-816037575E1B}D:\downloads\adobe tool v4.9.4.0\adobetool.exe] => (Allow) D:\downloads\adobe tool v4.9.4.0\adobetool.exe => No File
FirewallRules: [{692A263A-59DE-4223-AEDE-E02897ED2FBA}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe => No File
FirewallRules: [{D750B1BE-A581-4422-83A6-DE5FC5A01968}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe => No File
FirewallRules: [{E44B4D25-33B3-4980-8288-B29374B6C657}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe => No File
FirewallRules: [{0A45937B-1A64-41FC-B04B-78AADE723B81}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe => No File
FirewallRules: [TCP Query User{E94D43EA-EC40-446C-9461-7A109602FED7}C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File
FirewallRules: [UDP Query User{1E2748AC-449E-40F6-BAD7-9367EF4BA02A}C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File
FirewallRules: [{9D973010-87D9-493A-819B-556FA64BF386}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{68234F13-6692-407E-8369-1E9162E50BBF}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{FC5E04F8-3475-4BE0-8E39-888F364021F7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{7311EF0D-4BDC-4772-8FDD-23277A4EAA68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7A6185DC-FADE-4635-96F8-417F0BAF8722}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4AB7F330-DBC2-47E5-8C60-4EC01A9E5BA5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{44587D76-8B63-4850-B496-C2D41F0C7647}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{43FEFF23-4C57-4842-8C93-0BAF59A4E54E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{0C152543-D06F-431D-9891-E7277F54E3FD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{0B9696E2-691C-404A-B5D3-A638B56B6FDB}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{D6CBD33B-0D6E-4E08-B570-4515570702FC}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{BAD7FA1C-2D6E-4912-B91A-7E1086A9098D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{88F6414B-D840-4C8D-A84E-E8F3C6A93DBC}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{10357721-6557-4D0A-BCB7-88959D2B481B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E83B4D3B-A929-49E9-B79C-E6ED4E205C74}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
==================== Restore Points =========================
17-12-2020 13:17:56 Windows Modules Installer
19-12-2020 14:51:51 Malwarebytes Anti-Rootkit Restore Point
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/20/2020 11:15:27 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: THEWHITETOWER)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (12/20/2020 11:15:27 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: THEWHITETOWER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
System errors:
=============
Error: (12/20/2020 11:13:55 AM) (Source: DCOM) (EventID: 10010) (User: THEWHITETOWER)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2020-12-20 11:17:57.7050000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-20 11:17:57.7000000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-20 11:17:57.6950000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-20 11:17:57.6900000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-20 11:17:57.6830000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-20 11:17:57.6780000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-20 11:17:57.6730000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-20 11:17:57.6670000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. ALASKA - 1072009 06/09/2017
Motherboard: Gigabyte Technology Co., Ltd. X99-Ultra Gaming-CF
Processor: Intel® Core i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 19%
Total physical RAM: 32602.55 MB
Available physical RAM: 26392.25 MB
Total Virtual: 37466.55 MB
Available Virtual: 29272.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.84 GB) (Free:115.15 GB) NTFS
Drive d: (Users) (Fixed) (Total:931.51 GB) (Free:730.66 GB) NTFS
Drive e: (Programs) (Fixed) (Total:3725.9 GB) (Free:3717.54 GB) NTFS
Drive y: (Gaming) (Fixed) (Total:223.57 GB) (Free:154.34 GB) NTFS
\\?\Volume{86dd5f42-87c6-4772-84d4-bcb2378f5481}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{9ce114ca-1580-453c-bfb0-957e0201ae95}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: A5426BEB)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8005979F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 01807300)
Partition: GPT.
==========================================================
Disk: 3 (Size: 238.5 GB) (Disk ID: 0A77A4EE)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by kevin (administrator) on THEWHITETOWER (Gigabyte Technology Co., Ltd. Default string) (20-12-2020 11:16:41)
Running from D:\Desktop
Loaded Profiles: kevin
Platform: Windows 10 Home Version 20H2 19042.685 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Inc. -> Adobe) C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe
(Amazon.com Services LLC -> Amazon.com Inc.) C:\Users\kevin\AppData\Local\Amazon Drive\AmazonPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel® Client Connectivity Division SW -> Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\ConditionalAppStarter.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_6\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\NVDisplay.Container.exe <2>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\PMRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\PMRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe
(Synology Inc. -> Synology Inc.) C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-connect.exe
(Synology Inc. -> Synology Inc.) C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe
(Synology Inc. -> Synology Inc.) C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => E:\Itunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdobePSE19AutoAnalyzer] => C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe [2653808 2020-11-28] (Adobe Inc. -> Adobe)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [266624 2020-12-08] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-11-28] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-10-16] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> )
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [LM___SCE] => C:\Program Files (x86)\Lexmark\StatusCenter\LM___SCE.EX
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Amazon Music Helper] => C:\Users\kevin\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107848 2020-05-22] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\kevin\AppData\Local\Vivaldi\Application\update_notifier.exe [1883208 2020-11-02] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Amazon Photos] => C:\Users\kevin\AppData\Local\Amazon Drive\AmazonPhotos.exe [10028720 2020-12-04] (Amazon.com Services LLC -> Amazon.com Inc.)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145680 2020-11-21] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31046640 2020-09-21] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\kevin\AppData\Local\Programs\Messenger\Messenger.exe [110794184 2020-12-07] (Facebook, Inc. -> Facebook, Inc.)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\LMU04R4C: C:\Windows\System32\spool\prtprocs\x64\LMU04R4C.DLL [291840 2019-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Lexmark International Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\stkMonitor: C:\Windows\system32\stkMonitor.dll [519848 2020-04-20] (Amazon Services LLC -> Amazon.com, Inc.)
HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.22\Installer\setup.exe [2020-12-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk MSI.lnk [2020-08-27]
ShortcutTarget: AnyDesk MSI.lnk -> C:\Windows\Installer\{62853EBF-E9DD-4AA5-B20A-5A6C3DD74FF3}\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-12]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calendar Sync Pro.lnk [2020-05-20]
ShortcutTarget: Calendar Sync Pro.lnk -> C:\Program Files (x86)\Calendar Sync Pro\Calendar Sync Pro.exe (PPP) [File not signed]
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2020-03-29]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive Client.lnk [2020-12-20]
ShortcutTarget: Synology Drive Client.lnk -> C:\Program Files (x86)\Synology\SynologyDrive\bin\launcher.exe (Synology Inc. -> Synology Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {13967337-CD68-4EEE-96BA-E2F08949CC70} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.126\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
Task: {1528EC90-B282-4A5E-8233-CE215CE028DC} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {220C66AF-39F7-426C-AB84-14A84572AE38} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {26586D81-36E8-4083-9332-76CACC8C3259} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {26C27446-AEE0-4862-921B-E9F5EA8F0ECB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-10-19] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {2977BCC6-7FFB-4A9E-A566-1944DA2D2E9A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {313C80F4-8EFA-4774-B862-0A71254BCDD6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {31BEC3B2-4EDE-404D-8030-50958C06CE54} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {426B0B0B-1E97-4DBE-84E7-E8B5FA9273C4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {548AF97E-7BCD-407E-B38F-C059EBCAD168} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5521ED8E-D951-40F3-BD0A-06AAA7C6F6D2} - System32\Tasks\EOSv3 Scheduler onTime => D:\Downloads\Updated software tools\esetonlinescanner.exe
Task: {55A026C6-2BD0-4B9B-9945-D9997DB1DC9E} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1594935762-1857880304-426175554-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-16] (Microsoft Windows -> )
Task: {55BEBB59-8835-43E8-80AC-B15059CE53CC} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Downloads\Updated software tools\esetonlinescanner.exe
Task: {5F33E2D6-ED4B-4C50-8514-EE7D6A8E65EC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2263784 2017-10-19] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {64F62C11-944A-400E-95AF-B528DD70BAAC} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {721290E0-B175-41EA-811E-3DF176039E66} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.11.630\mcdatrep.exe [1888160 2020-12-16] (McAfee, Inc. -> McAfee, LLC.)
Task: {7520DB9D-4D99-4EE4-B0E2-961714DF4F58} - System32\Tasks\
[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {89ABAC86-8114-4EE8-B2D7-50A2D78D7D67} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B03B495-F3B3-4671-AD8D-D1AF8BDFC7D5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93119F8F-DD82-4B18-93A9-BD1C4FFEC109} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-29] (Google LLC -> Google LLC)
Task: {93B7AECC-5AD2-47D2-82A2-4370DBB8EC3E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-09] (McAfee, LLC -> McAfee, LLC)
Task: {967B414A-A702-462C-801B-0B19D213E38F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9E218E8D-4C7A-4A64-ABD2-AEFADB8A059D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A1D64ACC-FA73-4E9A-990E-D8C423E90B0F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6316F55-CC79-439E-BC6B-5617DCE516AA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-10-19] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {ABF00D45-20D5-4159-BC3A-A9F2D8D392F3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145680 2020-11-21] (Siber Systems -> Siber Systems)
Task: {AE462DB9-708E-46A4-8ECF-C9D7D5565F95} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {AF288C8A-AFD7-45AC-8CDF-7A0574589539} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BB455FD5-78F9-4DB8-8B9A-002232169300} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC5792A6-EDD5-42B9-B545-74F745BF2D35} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C092CA43-228B-4006-8134-50E69BC15B32} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0E34583-F40D-4FEB-BEFD-FEE47CFB90C6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C15E9356-A17A-4FFF-9E1A-FD6BFB3F324D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE405F7B-769A-4A59-BC15-ED4C20FB8C1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-29] (Google LLC -> Google LLC)
Task: {D67B07B3-4DC0-46DF-BFA8-DD18E2004C67} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-09-21] (Garmin International, Inc. -> )
Task: {E60320F5-0DC2-413F-B6C4-DD15F81736EB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {ECBAEA52-4F31-4840-BDF5-1A61BCF3615C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2017-10-19] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {F6E5730A-75C0-42D6-B0B8-7B0D34C2E68B} - System32\Tasks\Run RoboForm Process => C:\Program Files\Comodo\IceDragon\icedragon.exe [596928 2019-05-29] (Comodo Security Solutions, Inc. -> Comodo Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.184.13 64.59.190.242
Tcpip\..\Interfaces\{34a80106-3e77-462c-b5d8-e55afc6be5a8}: [DhcpNameServer] 64.59.184.13 64.59.190.242
Tcpip\..\Interfaces\{50b32c7d-183e-4e1c-a0fe-dbdd6215c5bf}: [DhcpNameServer] 64.59.184.13 64.59.190.242
Edge:
======
DownloadDir: C:\Users\kevin\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-20]
Edge DownloadDir: D:\Downloads
Edge StartupUrls: Default -> "hxxps://www.google.ca/?gws_rd=ssl"
Edge NewTab: Default -> Active:"chrome-extension://dlnejlppicbjfcfcedcflplfjajinajd/index.html"
Edge Extension: (F.B.(FluffBusting)Purity) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbadpifemeclpdmgelgehgclmeohdoge [2020-12-19]
Edge Extension: (Super Downloader for Instagram) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjbpbjdhaoepfngpakiiocajbcjddoeg [2020-12-19]
Edge Extension: (Bonjourr) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlnejlppicbjfcfcedcflplfjajinajd [2020-09-07]
Edge Extension: (Social Video Downloader) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfnnoammpigcglgbhcbbdpnekbcddahe [2020-11-26]
Edge Extension: (RoboForm Password Manager) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2020-12-10]
Edge Extension: (uBlock Origin) - C:\Users\kevin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2020-12-19]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
FireFox:
========
FF DefaultProfile: 1izp1enj.default
FF DefaultProfile: wtvwx7w4.default
FF DefaultProfile: t7r0b1u8.default
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Waterfox\Profiles\1izp1enj.default [2020-08-26]
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Waterfox\Profiles\b4zjdg20.68-edition-default [2020-08-26]
FF ProfilePath: C:\Users\kevin\AppData\Roaming\PostboxApp\Profiles\wtvwx7w4.default [2020-12-20]
FF DownloadDir: D:\Downloads
FF Extension: (Cloud Service Providers for Postbox) - C:\Users\kevin\AppData\Roaming\PostboxApp\Profiles\wtvwx7w4.default\Extensions\p
[email protected] [2020-03-28] [Legacy] [not signed]
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Postbox\Profiles\dfedwnxr.default [2020-03-28]
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Comodo\IceDragon\Profiles\t7r0b1u8.default [2020-12-12]
FF Homepage: Comodo\IceDragon\Profiles\t7r0b1u8.default -> about:newtab
FF Extension: (Online Security Pro) - C:\Users\kevin\AppData\Roaming\Comodo\IceDragon\Profiles\t7r0b1u8.default\Extensions\
[email protected] [2020-08-26]
FF Extension: (Https Enforcement) - C:\Users\kevin\AppData\Roaming\Comodo\IceDragon\Profiles\t7r0b1u8.default\Extensions\
[email protected] [2019-03-15]
FF Extension: (Media Downloader) - C:\Users\kevin\AppData\Roaming\Comodo\IceDragon\Profiles\t7r0b1u8.default\Extensions\{5e9eca63-6e0d-47ce-9862-07d938121575}.xpi [2019-03-15] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2020-04-20] [Legacy]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-11-28] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Neverwinter\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-11-28] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1594935762-1857880304-426175554-1001: www.mydlink.com/Uplayer -> C:\Users\kevin\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-LINK CORPORATION -> D-Link Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default [2020-12-06]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.google.ca/
CHR NewTab: Default -> Not-active:"chrome-extension://dlnejlppicbjfcfcedcflplfjajinajd/index.html"
CHR Extension: (Google Translate) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-29]
CHR Extension: (Slides) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-29]
CHR Extension: (Docs) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-29]
CHR Extension: (Google Drive) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-29]
CHR Extension: (Advanced Font Settings) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2020-03-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-18]
CHR Extension: (Bonjourr) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnejlppicbjfcfcedcflplfjajinajd [2020-06-06]
CHR Extension: (Dropbox for Gmail) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2020-03-29]
CHR Extension: (Adobe Acrobat) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-19]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2020-03-29]
CHR Extension: (Sheets) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2020-11-18]
CHR Extension: (Clear Cache Shortcut) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnajhcakejgchhbjlchkfmdidgjefleg [2020-03-29]
CHR Extension: (mydlink services plugin) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2020-03-29]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2020-03-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-29]
CHR Extension: (Gmail) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-31]
CHR Extension: (RoboForm Password Manager) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2020-12-06]
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-08]
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-1594935762-1857880304-426175554-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-11-28] (Adobe Inc. -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3706832 2020-12-12] (philandro Software GmbH -> philandro Software GmbH)
R2 AnyDeskMSI; C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe [3669120 2020-07-28] (philandro Software GmbH -> philandro Software GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S3 ArcService; D:\Neverwinter\Arc\ArcService.exe [125488 2020-05-26] (Perfect World Entertainment -> Perfect World Entertainment Inc)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-10-16] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-10-16] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-18] (NVIDIA Corporation -> NVIDIA)
S4 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [2616792 2019-05-29] (Comodo Security Solutions, Inc. -> Comodo Inc.)
R2 LM__bdsvc; C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe [690688 2016-06-06] () [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [958216 2020-12-17] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\\McCSPServiceHost.exe [2726312 2020-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.22\elevation_service.exe [1523600 2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4221040 2020-07-29] (McAfee, LLC -> McAfee, LLC)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-09-22] (Razer USA Ltd. -> Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290864 2020-12-08] (Razer USA Ltd. -> Razer Inc.)
R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [371672 2020-05-07] (Synology Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\NisSrv.exe [2343112 2020-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MsMpEng.exe [128360 2020-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2020-12-20] (CPUID S.A.R.L.U. -> CPUID)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [36280 2019-12-25] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2019-12-25] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
S3 gdrv; C:\WINDOWS\gdrv.sys [25640 2020-10-10] (Giga-Byte Technology -> Windows ® Server 2003 DDK provider)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation -> Microsoft Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [595896 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107960 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2020-09-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428256 2020-09-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69856 2020-09-01] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2020-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-19 16:02 - 2020-12-19 16:02 - 000003822 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-12-19 16:02 - 2020-12-19 16:02 - 000003380 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-12-19 15:16 - 2020-12-19 15:16 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2020-12-19 15:16 - 2020-12-19 15:16 - 000000000 ____D C:\Program Files\Notepad++
2020-12-19 15:00 - 2020-12-19 15:00 - 000000812 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-12-19 15:00 - 2020-12-19 15:00 - 000000000 ____D C:\Users\kevin\AppData\Local\ESET
2020-12-19 14:46 - 2020-12-19 14:46 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\E114B549.sys
2020-12-19 14:46 - 2020-12-19 14:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-19 14:45 - 2020-12-19 14:58 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-12-19 14:45 - 2020-12-19 14:45 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2020-12-19 12:59 - 2020-12-20 11:16 - 000000000 ____D C:\FRST
2020-12-16 16:11 - 2020-12-16 15:19 - 000000000 ____D C:\Windows.old
2020-12-16 16:09 - 2020-12-16 16:12 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2020-12-16 16:09 - 2020-12-16 16:09 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-12-16 16:07 - 2020-12-16 16:07 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-16 16:07 - 2020-12-16 16:07 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-16 16:07 - 2020-12-16 16:07 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-16 16:07 - 2020-12-16 16:07 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-16 16:07 - 2020-12-16 16:07 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-16 16:06 - 2020-12-16 16:06 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-16 16:06 - 2020-12-16 16:06 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-16 16:06 - 2020-12-16 16:06 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-16 16:06 - 2020-12-16 16:06 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-16 16:06 - 2020-12-16 16:06 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-16 16:06 - 2020-12-16 16:06 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-16 16:06 - 2020-12-16 16:06 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-16 16:06 - 2020-12-16 16:06 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-16 16:06 - 2020-12-16 16:06 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-16 16:03 - 2020-12-16 16:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-12-16 16:03 - 2020-12-16 16:03 - 000000000 ____D C:\Program Files\MSBuild
2020-12-16 16:03 - 2020-12-16 16:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-12-16 16:03 - 2020-12-16 16:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-12-16 15:30 - 2020-12-16 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-12-16 15:28 - 2020-05-26 00:11 - 000218960 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2020-12-16 15:27 - 2020-12-19 23:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-12-16 15:27 - 2020-12-19 12:20 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-12-16 15:27 - 2020-12-16 16:27 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2020-12-16 15:27 - 2020-12-16 15:27 - 000003332 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2020-12-16 15:27 - 2020-12-16 15:27 - 000000000 ____D C:\Program Files\McAfee.com
2020-12-16 15:27 - 2020-12-16 15:27 - 000000000 ____D C:\Program Files\Common Files\AV
2020-12-16 15:26 - 2020-12-19 12:18 - 000000000 ____D C:\ProgramData\McAfee
2020-12-16 15:26 - 2020-12-16 15:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2020-12-16 15:26 - 2020-06-02 03:30 - 000568216 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2020-12-16 15:23 - 2020-12-19 16:45 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-16 15:21 - 2020-12-16 15:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2020-12-16 15:19 - 2020-12-16 18:33 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1594935762-1857880304-426175554-1001
2020-12-16 15:19 - 2020-12-16 15:19 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2020-12-16 15:19 - 2020-12-16 15:19 - 000007623 _____ C:\WINDOWS\diagerr.xml
2020-12-16 15:19 - 2020-12-16 15:19 - 000003888 _____ C:\WINDOWS\system32\Tasks\Open URL by RoboForm
2020-12-16 15:19 - 2020-12-16 15:19 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-16 15:19 - 2020-12-16 15:19 - 000003200 _____ C:\WINDOWS\system32\Tasks\Run RoboForm TaskBar Icon
2020-12-16 15:19 - 2020-12-16 15:19 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-16 15:19 - 2020-12-16 15:19 - 000003034 _____ C:\WINDOWS\system32\Tasks\Run RoboForm Process
2020-12-16 15:19 - 2020-12-16 15:19 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1594935762-1857880304-426175554-500
2020-12-16 15:19 - 2020-12-16 15:19 - 000002802 _____ C:\WINDOWS\system32\Tasks\
[email protected]
2020-12-16 15:19 - 2020-12-16 15:19 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-16 15:19 - 2020-12-16 15:19 - 000002702 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2020-12-16 15:19 - 2020-12-16 15:19 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-12-16 15:19 - 2020-12-16 15:19 - 000000020 ___SH C:\Users\kevin\ntuser.ini
2020-12-16 15:19 - 2020-12-16 15:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2020-12-16 15:19 - 2020-12-16 15:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2020-12-16 15:18 - 2020-12-16 15:18 - 000000000 ____D C:\ProgramData\Lexmark B2200 Series HBP
2020-12-16 15:13 - 2020-12-16 18:33 - 000002363 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-16 15:13 - 2020-12-16 15:19 - 000000000 ____D C:\Users\kevin
2020-12-16 14:27 - 2020-12-16 15:19 - 000000000 ___DC C:\WINDOWS\Panther
2020-12-16 14:24 - 2020-12-16 15:19 - 000000000 ___HD C:\$GetCurrent
2020-12-16 07:19 - 2020-12-16 15:14 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-12-12 16:22 - 2020-12-12 16:22 - 000000000 ____D C:\Users\kevin\AppData\Roaming\D-Link
2020-12-12 12:00 - 2020-12-12 12:00 - 000001410 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TELUS Business Connect Phone.lnk
2020-12-12 11:59 - 2020-12-16 15:14 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TELUS
2020-12-12 11:59 - 2020-12-12 12:00 - 000000000 ____D C:\Users\kevin\AppData\Roaming\JabraSDK
2020-12-12 11:59 - 2020-12-12 11:59 - 000000000 ____D C:\Users\kevin\AppData\Local\Telus
2020-12-12 09:52 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2020-12-12 09:52 - 2020-12-12 12:53 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2020-12-12 09:42 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2020-12-12 09:42 - 2020-12-12 09:42 - 000000000 ____D C:\Program Files (x86)\Synology
2020-12-12 09:41 - 2020-12-20 11:15 - 000000000 ____D C:\Users\kevin\AppData\Local\SynologyDrive
2020-11-29 11:42 - 2020-11-06 21:01 - 000222112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-11-29 11:42 - 2020-11-06 21:01 - 000067456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2020-11-29 11:42 - 2020-11-06 21:01 - 000038632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-11-29 11:38 - 2020-11-07 10:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-11-29 11:38 - 2020-11-07 10:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-11-29 11:38 - 2020-11-07 10:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-11-29 11:38 - 2020-11-07 10:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-11-29 11:38 - 2020-11-07 10:41 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 001506032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 001027992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000590576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2020-11-29 11:38 - 2020-11-07 10:38 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-11-29 11:38 - 2020-11-07 10:38 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 006858992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 005520792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 002509720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-11-29 11:38 - 2020-11-07 10:37 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2020-11-29 11:38 - 2020-11-07 10:37 - 000445848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2020-11-29 11:38 - 2020-11-07 10:36 - 007005008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-11-29 11:38 - 2020-11-07 10:36 - 005976296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-11-29 11:38 - 2020-11-06 21:01 - 000080930 _____ C:\WINDOWS\system32\nvinfo.pb
2020-11-29 09:03 - 2020-11-29 09:03 - 000000000 ____D C:\Users\kevin\AppData\Roaming\ArcApp
2020-11-29 08:54 - 2020-11-29 09:03 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Arc
2020-11-29 08:50 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2020-11-28 14:02 - 2020-11-28 14:02 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Crystal Dynamics
2020-11-28 13:27 - 2020-12-16 15:14 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-11-28 13:14 - 2020-11-28 13:14 - 000000000 ____D C:\Users\kevin\AppData\Local\Steam
2020-11-28 13:13 - 2020-12-20 11:15 - 000000000 ____D C:\Program Files (x86)\Steam
2020-11-28 13:13 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-11-28 07:44 - 2020-11-28 07:45 - 000000000 ____D C:\Users\kevin\.BigNox
2020-11-28 07:44 - 2020-11-28 07:44 - 000000000 ____D C:\Program Files (x86)\Bignox
2020-11-28 06:15 - 2020-11-28 06:30 - 000001708 _____ C:\ProgramData\StreamingMediaTechnologyLog.txt
2020-11-28 06:13 - 2020-11-28 06:13 - 000001415 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elements Creations Notification 2021.lnk
2020-11-28 06:13 - 2020-11-28 06:13 - 000001233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 2021.lnk
2020-11-28 05:31 - 2020-11-28 05:31 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Creative Memories
2020-11-28 05:31 - 2020-11-28 05:31 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Caspedia
2020-11-28 05:31 - 2020-11-28 05:31 - 000000000 ____D C:\ProgramData\Creative Memories
2020-11-27 17:26 - 2020-12-20 11:15 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Messenger
2020-11-27 17:26 - 2020-12-20 11:15 - 000000000 ____D C:\Users\kevin\AppData\Local\Messenger
2020-11-27 17:26 - 2020-12-10 17:24 - 000000000 ____D C:\Users\kevin\AppData\Local\messenger-updater
2020-11-27 17:26 - 2020-11-27 17:26 - 000002333 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2020-11-27 17:26 - 2020-11-27 17:26 - 000000000 ____D C:\Users\kevin\AppData\LocalLow\Messenger
2020-11-26 18:23 - 2020-12-07 20:29 - 000000000 ____D C:\Users\kevin\AppData\Local\Amazon Drive
2020-11-26 11:38 - 2020-11-26 12:06 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Topaz Labs LLC
2020-11-26 09:51 - 2020-10-18 22:42 - 000069608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2020-11-26 09:51 - 2020-10-18 22:42 - 000058344 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2020-11-25 16:19 - 2020-11-25 16:19 - 000000000 ____D C:\Users\kevin\AppData\Roaming\ajour
2020-11-25 09:56 - 2020-11-25 09:56 - 000000000 ____D C:\Users\kevin\AppData\Local\MultiPlayerManager
2020-11-24 06:14 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2020-11-21 20:57 - 2020-12-16 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-11-21 20:57 - 2020-11-21 20:57 - 000000000 ____D C:\Program Files\iPod
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-20 11:17 - 2020-03-28 12:45 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-20 11:15 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-20 11:15 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-20 11:15 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-20 11:14 - 2020-11-19 00:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-20 11:14 - 2020-06-01 11:31 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-20 11:14 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-20 11:11 - 2020-03-28 15:35 - 000000000 ____D C:\Users\kevin\AppData\LocalLow\Mozilla
2020-12-20 10:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-12-20 09:11 - 2020-11-19 00:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-19 16:45 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-19 16:37 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-19 16:04 - 2020-11-15 08:51 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Amazon Cloud Drive
2020-12-19 15:29 - 2020-03-29 17:08 - 000000000 ____D C:\Users\kevin\AppData\Local\D3DSCache
2020-12-19 15:16 - 2020-03-29 15:30 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Notepad++
2020-12-19 15:15 - 2020-03-29 15:30 - 000000000 ____D C:\Program Files (x86)\Notepad++
2020-12-19 14:58 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-12-19 14:58 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-12-19 14:57 - 2020-03-28 12:36 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Adobe
2020-12-19 14:01 - 2020-11-19 00:32 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-17 13:17 - 2020-03-28 12:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-12-17 13:15 - 2020-03-28 12:59 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-12-17 03:27 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2020-12-16 16:12 - 2020-11-19 00:33 - 000000000 ____D C:\ProgramData\Packages
2020-12-16 16:12 - 2020-11-19 00:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-16 16:12 - 2020-11-11 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2020-12-16 16:12 - 2020-10-11 09:36 - 000000000 ____D C:\WINDOWS\ShellNew
2020-12-16 16:12 - 2020-10-11 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2020-12-16 16:12 - 2020-10-10 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2020-12-16 16:12 - 2020-08-27 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk MSI
2020-12-16 16:12 - 2020-08-27 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2020-12-16 16:12 - 2020-07-18 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
2020-12-16 16:12 - 2020-07-15 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-12-16 16:12 - 2020-07-03 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simplify3D Software
2020-12-16 16:12 - 2020-05-29 03:54 - 000000000 ____D C:\Program Files\UNP
2020-12-16 16:12 - 2020-05-18 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-12-16 16:12 - 2020-05-01 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 120 Manual
2020-12-16 16:12 - 2020-04-20 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2020-12-16 16:12 - 2020-04-20 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2020-12-16 16:12 - 2020-04-15 07:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2020-12-16 16:12 - 2020-04-13 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNAS PC
2020-12-16 16:12 - 2020-03-29 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2020-12-16 16:12 - 2020-03-29 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-12-16 16:12 - 2020-03-29 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2020-12-16 16:12 - 2020-03-29 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 13.8
2020-12-16 16:12 - 2020-03-29 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-12-16 16:12 - 2020-03-29 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2020-12-16 16:12 - 2020-03-29 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-12-16 16:12 - 2020-03-29 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-12-16 16:12 - 2020-03-29 11:40 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2020-12-16 16:12 - 2020-03-29 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
2020-12-16 16:12 - 2020-03-28 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postbox
2020-12-16 16:12 - 2020-03-28 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2020-12-16 16:12 - 2020-03-28 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax
2020-12-16 16:12 - 2020-03-28 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-12-16 16:12 - 2020-03-28 13:10 - 000000000 ____D C:\Program Files\Intel
2020-12-16 16:12 - 2020-03-28 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2020-12-16 16:12 - 2019-12-07 02:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Registration
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-16 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-12-16 16:12 - 2019-03-18 21:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2020-12-16 16:12 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-12-16 16:11 - 2019-12-07 02:14 - 000000000 __RHD C:\Users\Public\Libraries
2020-12-16 16:11 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate
2020-12-16 16:10 - 2020-10-10 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2020-12-16 16:10 - 2020-10-10 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2020-12-16 16:10 - 2020-08-26 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2020-12-16 16:10 - 2020-05-01 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2020-12-16 16:10 - 2020-04-03 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-16 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-16 16:05 - 2020-03-28 12:38 - 000000000 ____D C:\Users\kevin\AppData\Local\PlaceholderTileLogoFolder
2020-12-16 16:05 - 2020-03-28 12:36 - 000000000 ____D C:\Users\kevin\AppData\Local\Packages
2020-12-16 16:04 - 2019-12-07 02:18 - 000000000 ____D C:\WINDOWS\Setup
2020-12-16 15:39 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-12-16 15:35 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-12-16 15:28 - 2020-05-19 10:47 - 000000000 ____D C:\Program Files\McAfee
2020-12-16 15:26 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-16 15:25 - 2020-11-19 00:32 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-16 15:25 - 2020-11-19 00:32 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-16 15:21 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-12-16 15:19 - 2020-11-19 00:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-16 15:19 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-12-16 15:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-12-16 15:19 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-16 15:18 - 2020-03-29 15:56 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-16 15:18 - 2020-03-28 15:29 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2020-12-16 15:17 - 2019-12-07 02:14 - 000000000 __RSD C:\WINDOWS\Media
2020-12-16 15:14 - 2020-11-18 07:07 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 8.0 (64-bit)
2020-12-16 15:14 - 2020-11-13 17:33 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2020-12-16 15:14 - 2020-10-10 12:10 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2020-12-16 15:14 - 2020-07-07 10:34 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2020-12-16 15:14 - 2020-05-19 12:37 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2020-12-16 15:14 - 2020-05-17 15:53 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beamr Imaging
2020-12-16 15:14 - 2020-04-22 11:38 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2020-12-16 15:14 - 2020-04-16 14:28 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2020-12-16 15:14 - 2020-04-16 14:18 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs LLC
2020-12-16 15:14 - 2020-03-29 15:58 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2020-12-16 15:14 - 2020-03-28 14:59 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-12-16 15:13 - 2020-03-29 11:50 - 000000000 ____D C:\WINDOWS\SysWOW64\LifeCamTrueColor
2020-12-16 15:13 - 2020-03-29 11:50 - 000000000 ____D C:\WINDOWS\system32\LifeCamTrueColor
2020-12-16 15:13 - 2020-03-28 12:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2020-12-16 15:12 - 2020-11-19 00:30 - 005101952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-16 14:27 - 2020-06-01 11:04 - 000000036 _____ C:\WINDOWS\progress.ini
2020-12-16 14:24 - 2020-06-01 11:02 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2020-12-16 14:24 - 2020-06-01 11:02 - 000000000 ____D C:\Windows10Upgrade
2020-12-16 14:08 - 2020-09-13 16:36 - 000000000 ____D C:\Users\kevin\AppData\Local\ElevatedDiagnostics
2020-12-16 13:57 - 2020-09-06 08:14 - 000000072 _____ C:\WINDOWS\system32\perfdish001.dat
2020-12-16 13:41 - 2020-03-28 16:09 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-16 13:41 - 2020-03-28 15:31 - 000000000 ____D C:\Program Files (x86)\Postbox
2020-12-16 13:34 - 2020-03-28 12:40 - 000000000 ____D C:\Users\kevin\AppData\Local\PackageStaging
2020-12-16 08:10 - 2020-08-29 11:35 - 000000128 _____ C:\Users\kevin\AppData\Local\PUTTY.RND
2020-12-16 07:19 - 2020-04-19 12:44 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Zoom
2020-12-12 16:26 - 2020-08-26 16:17 - 000000000 ____D C:\Users\kevin\AppData\LocalLow\Comodo
2020-12-12 10:46 - 2020-03-30 12:04 - 000000000 ____D C:\Users\kevin\AppData\Local\CrashDumps
2020-12-12 10:22 - 2020-03-28 12:36 - 000000000 ____D C:\Users\kevin\AppData\Local\VirtualStore
2020-12-12 09:57 - 2020-08-27 16:55 - 000000000 ____D C:\Users\kevin\AppData\Roaming\AnyDesk
2020-12-12 09:52 - 2020-08-27 16:54 - 000000000 ____D C:\ProgramData\AnyDesk
2020-12-07 20:29 - 2020-11-15 08:51 - 000001219 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Photos.lnk
2020-12-06 13:16 - 2020-03-29 17:13 - 000000000 ____D C:\Users\kevin\AppData\Local\Battle.net
2020-11-29 13:36 - 2020-03-29 12:09 - 000000000 ____D C:\Users\kevin\AppData\Local\NVIDIA
2020-11-29 08:50 - 2020-07-05 09:24 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-11-28 08:39 - 2020-10-24 16:34 - 000000299 _____ C:\Users\kevin\d4ac4633ebd6440fa397b84f1bc94a3c.7z
2020-11-28 08:39 - 2020-10-24 16:00 - 000000000 ____D C:\Users\kevin\AppData\Local\Nox
2020-11-28 07:45 - 2020-10-24 16:01 - 000000000 ____D C:\Users\kevin\AppData\Local\NoxSrv
2020-11-28 07:45 - 2020-06-15 11:55 - 000000000 ____D C:\Users\kevin\.android
2020-11-28 07:44 - 2020-11-13 17:33 - 000000000 ____D C:\Users\kevin\AppData\Roaming\NoxSrv
2020-11-28 07:44 - 2020-11-07 10:34 - 000000069 _____ C:\Users\kevin\AppData\Local\update_progress.txt
2020-11-28 07:44 - 2020-10-24 16:01 - 000000000 ____D C:\Users\kevin\vmlogs
2020-11-28 07:25 - 2020-03-28 17:24 - 000000000 ____D C:\Users\kevin\AppData\Local\Adobe
2020-11-28 06:15 - 2020-03-28 17:23 - 000000000 ____D C:\ProgramData\Adobe
2020-11-28 06:13 - 2020-03-29 11:45 - 000000000 ____D C:\Program Files\Adobe
2020-11-28 06:13 - 2020-03-29 11:43 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-11-28 06:04 - 2020-05-01 11:39 - 000001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2020-11-26 09:51 - 2020-03-29 14:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-11-26 09:51 - 2020-03-28 12:34 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-11-26 09:51 - 2020-03-28 12:34 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-11-25 16:32 - 2020-10-10 12:10 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-11-25 16:30 - 2020-11-07 13:45 - 000001377 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbox Updater.lnk
2020-11-25 16:30 - 2020-11-07 13:45 - 000001340 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TBShell.lnk
2020-11-25 16:30 - 2020-10-24 15:12 - 000000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Live Writer
2020-11-25 16:30 - 2020-10-24 15:12 - 000000000 ____D C:\Users\kevin\AppData\Local\OpenLiveWriter
2020-11-24 06:18 - 2020-07-30 07:06 - 000000000 ____D C:\Users\kevin\AppData\Local\Garmin
2020-11-24 06:18 - 2020-07-30 07:02 - 000000000 ____D C:\ProgramData\Garmin
2020-11-24 06:14 - 2020-07-30 07:05 - 000000000 ____D C:\Program Files (x86)\Garmin
2020-11-24 06:14 - 2020-03-28 13:10 - 000000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories ========
2020-03-29 13:30 - 2020-04-20 10:21 - 000000132 _____ () C:\Users\kevin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2020-06-15 14:20 - 2020-06-15 14:20 - 000038505 _____ () C:\Users\kevin\AppData\Roaming\Comma Separated Values.ADR
2020-04-08 13:33 - 2020-10-31 09:39 - 000001456 _____ () C:\Users\kevin\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-04-22 09:34 - 2020-04-22 09:34 - 000000000 _____ () C:\Users\kevin\AppData\Local\oobelibMkey.log
2020-08-29 11:35 - 2020-12-16 08:10 - 000000128 _____ () C:\Users\kevin\AppData\Local\PUTTY.RND
2020-11-07 10:34 - 2020-11-28 07:44 - 000000069 _____ () C:\Users\kevin\AppData\Local\update_progress.txt
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================