Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My PC Seems very slow and locks up when using Browser [Solved]

Started by Steviep , Oct 21 2022 05:24 AM

  • This topic is locked This topic is locked

#1
Steviep
Posted 21 October 2022 - 05:24 AM

Steviep

    Member

  • Member
  • PipPipPip
  • 338 posts

HI All,

 

My PC seems to be running slowly and when I am using my browser seems to lock up when trying to open a new page.

 

I have also tried to use Video editing software- NERO as an example but could not get it to run and had to request a refund. I've run the free version of Malwarebytes however if didnt find anything.

 

Here are my logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2022
Ran by steven (administrator) on DESKTOP-T3QOQ8M (Acer Carlos) (21-10-2022 12:07:04)
Running from C:\Users\steve\Desktop
Loaded Profiles: steven
Platform: Microsoft Windows 11 Home Version 22H2 22621.674 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.695.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.47\msedgewebview2.exe <6>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Avanquest Software SAS -> Avanquest Software) C:\Users\steve\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero Apps\Transfer\Transfer.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(services.exe ->) (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.378_none_6b5c1260907d1384\TiWorker.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.695.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(The qBittorrent Project) [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Endeavors Technologies JukeboxPlayer] => C:\Program Files\Numecent\Application Jukebox Player\JukeboxPlayer.exe [9502048 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)
HKLM-x32\...\Run: [EaseUS FixTool] => C:\Program Files (x86)\EaseUS\EaseUS Tools M\bin\UpdateExe.exe [141448 2020-05-22] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM-x32\...\Run: [DriveSpan] => C:\Program Files (x86)\Nero\Nero Apps\Transfer\Transfer.exe [686216 2022-08-08] (Nero AG -> Nero AG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [CAMTray] => C:\Program Files (x86)\CyberLink\AppManager\CAMTray.exe [463408 2022-09-13] (CyberLink Corp. -> CyberLink Corp.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [electron.app.NordPass] => C:\Users\steve\AppData\Local\Programs\nordpass\NordPass.exe [95439360 2021-01-06] (NordPass Team) [File not signed]
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38502416 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [Avanquest Message] => C:\Users\steve\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [602264 2022-09-15] (Avanquest Software SAS -> Avanquest Software)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\Run: [MicrosoftEdgeAutoLaunch_E038479F42F6B0F47BDCC365352673C6] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\Gillian\AppData\Local\WebEx\ciscowebexstart.exe [4524368 2021-07-09] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Gillian\AppData\Local\Microsoft\Teams\Update.exe [2459280 2021-11-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKLM\...\Print\Monitors\EPSON XP-205 207 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMILE.DLL [120320 2011-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe [2022-10-14] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2022-10-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {08BD09F4-BBD5-4759-9418-2A6680D41823} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\WINDOWS\system32\SecureBootEncodeUEFI.exe [49152 2022-05-07] (Microsoft Windows -> )
Task: {08D9BE40-BB0A-403B-9B9B-8DF56CFDFEBA} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)
Task: {1445DA5A-DA8E-41F2-AFBA-F0862C099121} - System32\Tasks\CreateExplorerShellUnelevatedTask => c:\windows\explorer.exe /NoUACCheck
Task: {250E5E38-143A-4CFF-8A87-BCE17AF67852} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {27156927-3772-46EB-A044-69E5FF6FA4B5} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "9dac4439-e6f9-4785-9ff9-123e643f51d6" --version "6.04.10044" --silent
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" could not be unlocked. <==== ATTENTION
Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
Task: {2C6CA63D-12D0-4E86-B7A9-B92443E7798E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8502776 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {30B55E20-BB8F-4C4E-941D-1C60D92EA066} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {36AE74CE-BD1E-43A6-9A88-92EB73F5C0D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)
Task: {38EAA8B5-7C17-4CB8-8436-D01D8928946F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-08-12] (Piriform Software Ltd -> Piriform)
Task: {3CFF56A8-E73D-4284-9CEA-9FF06426F698} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3EBA6565-F658-4FED-8BD4-474758B049CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3FBE587A-5B4B-49F9-9621-E4EA5772E8E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {42890471-71EC-4C97-AD2F-87B84DDB71E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4314AEC1-20BB-4CAC-A261-A0402DA4F134} - System32\Tasks\CorelUpdateHelperTask-A8920757F59B1BA85897CD3CEDA3D8AB => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3813600 2021-12-03] (Corel Corporation -> Corel Corporation)
Task: {47C00096-32F7-494C-A133-CCA98FFC2435} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [479024 2017-12-14] (Acer Incorporated -> )
Task: {4E548EA3-13BC-4316-A9A2-D7CF4FCDE18C} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [103032 2022-07-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {4F64DBB4-101F-442A-869A-F59BE3002FA0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {561146FA-04F5-4530-ADC1-48FBA98F6514} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4696880 2018-05-28] (Acer Incorporated -> )
Task: {5BC24D20-38CC-4A0D-9BA0-33411F13A9A9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {5EA8D87D-8113-4004-BD75-9935DE0373EE} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Nero\Nero Apps\NeroInfo\NeroInfo.exe [3914864 2022-08-08] (Nero AG -> Nero AG)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe RebootDialog (No File)
Task: {74C892B5-18A8-4E50-8C75-BE40397E021F} - System32\Tasks\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run => C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe /WinStart (No File)
Task: {79D0BEA1-4B1B-4F00-A18C-C1A88A6FCBB2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {89590389-45A9-4365-8474-4A5D3800BE9D} - System32\Tasks\CorelUpdateHelperTask-4374451B1A37268CAC5AD55CB8E93C06 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3813600 2021-12-03] (Corel Corporation -> Corel Corporation)
Task: {8C06097D-BCB8-4C65-8A40-01CD4AC9FE6C} - System32\Tasks\CCleanerSkipUAC - steven => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8DB3FB0F-E6DB-4FFE-83B2-938F7D74B3CF} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3813600 2021-12-03] (Corel Corporation -> Corel Corporation)
Task: {90F2304A-3E30-46CC-B1A9-CDA9E41B86DC} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [417072 2017-12-13] (Acer Incorporated -> Acer Incorporated)
Task: {95D8C6A1-9913-4280-908F-4DFFC2073502} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {99623E9F-1E61-4B4C-B0CD-67B8BA5B9560} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-10-30] (Acer Incorporated -> )
Task: {9C315710-0C24-47F7-927E-0AAE08F72DC2} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-10-30] (Acer Incorporated -> )
Task: {A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe (No File)
Task: {AF9D590B-8B7E-4437-9F30-E8A336DD0967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)
Task: {B0AFD0CE-5196-42EF-AD09-3A755CAC7F40} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2022-03-14] (CyberLink Corp. -> )
Task: {B683611E-D9B6-4005-8FC7-2A00D41F97F7} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {BC4CEF94-D62F-4D8E-8783-8137C99918FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8502776 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEE9753A-4C03-4613-929C-03B89D50D792} - System32\Tasks\Microsoft\Windows\CloudRestore\Restore => {B4BCFA6F-948D-46B8-BF27-E8B1117E23B3} C:\WINDOWS\system32\CloudRestoreLauncher.dll [245760 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
Task: {BF342BB0-ADA7-44F2-925B-A375009F6CEA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2018-08-03] (Acer Incorporated -> Acer Incorporated)
Task: {C24246B5-2F68-4EEB-9417-0B250C3F60AA} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2022-03-14] (CyberLink Corp. -> )
Task: {C375B8E7-1D4F-4E57-90E7-3BEFD0DFCE06} - System32\Tasks\Microsoft\Windows\WlanSvc\MoProfileManagement => {085EDA12-CF4A-4944-8222-8ADCADE137CB} C:\Windows\System32\WlanMediaManager.dll [897024 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {E254F695-21D1-4CB4-A94D-F66A063F0A75} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {EAB7A5E4-8512-4B60-A2A4-95F1DA20556E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [215856 2017-09-13] (Acer Incorporated -> TODO: <Company name>)
Task: {EC1E8988-AD5C-4BC1-A0EC-955BD0B9F303} - System32\Tasks\CorelUpdateHelperTask-E710F9D26B744BFC23F8BB83361DCD6E => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3813600 2021-12-03] (Corel Corporation -> Corel Corporation)
Task: {F11C82FC-3260-46B1-8013-754DB6FB21E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [65448 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {F600DCA5-31C6-4BFA-BF87-A7FB03584C8F} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [447280 2019-09-27] (Acer Incorporated -> Acer Incorporated)
Task: {F87BAE91-2470-40AB-9F94-A437578A5E4D} - System32\Tasks\Microsoft\Windows\Application Experience\SdbinstMergeDbTask => C:\WINDOWS\system32\sdbinst.exe [217088 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
Task: {F89AA82A-D0B2-4311-B091-83BDF56B7DFD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{47a49dfe-5532-4bd4-b40a-03730b7d6cd7}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9272e2bf-6bd5-1513-a95c-605fd4c46776}: [NameServer] 103.86.96.100,103.86.99.100
 
Edge: 
=======
DownloadDir: C:\Users\steve\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-20]
Edge DownloadDir: Default -> C:\Users\steve\Downloads
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-03-06] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1741543102-3776721137-2454621359-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\steve\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-23] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2022-10-21]
CHR Notifications: Default -> hxxps://332106553415056.webpush.freshchat.com; hxxps://www.facebook.com; hxxps://www.wondershare.net; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxp://google.co.uk/"
CHR Extension: (Adaware Ad Block) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2020-06-22]
CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-02]
CHR Extension: (Zoom Scheduler) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2022-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-03-30]
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-30]
CHR HKLM-x32\...\Chrome\Extension: [cmllgdnjnkbapbchnebiedipojhmnjej]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12477344 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [802816 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-10-08] (Malwarebytes Inc. -> Malwarebytes)
S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2021-06-07] (nordvpn s.a. -> TEFINCOM S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S4 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [523568 2019-09-27] (Acer Incorporated -> Acer Incorporated)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [626344 2022-03-14] (CyberLink Corp. -> CyberLink)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 StreamingCore; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [6788416 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
S4 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-09-13] (Acer Incorporated -> acer)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 webthreatdefsvc; C:\WINDOWS\System32\webthreatdefsvc.dll [163840 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S2 webthreatdefusersvc; C:\WINDOWS\System32\webthreatdefusersvc.dll [135168 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137544 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181824 2019-12-27] (GENESYS LOGIC, INC. -> Genesys Logic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1089512 2020-04-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl1dd684b2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0A2984F-8AA2-402C-A9B1-A33463F1948D}\MpKslDrv.sys [228632 2022-10-21] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\7.1.1.0\Drivers\NDivert.sys [131472 2022-06-28] (nordvpn s.a. -> Nordvpn S.A.)
S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-10-30] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-10-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [73464 2021-03-08] (Corel Corporation -> Corel Corporation)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [46392 2021-12-14] (Corel Corporation -> Corel Corporation)
R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [38200 2021-12-14] (Corel Corporation -> Corel Corporation)
R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [45880 2021-12-14] (Corel Corporation -> Corel Corporation)
R2 StreamingFSD; C:\WINDOWS\System32\DRIVERS\StreamingFSD.sys [791288 2018-01-08] (Numecent, Inc. -> Numecent, Inc.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831616 2021-03-08] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [455968 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2022-03-16] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-21 12:07 - 2022-10-21 12:08 - 000036764 _____ C:\Users\steve\Desktop\FRST.txt
2022-10-21 12:06 - 2022-10-21 12:06 - 000000000 ____D C:\Users\steve\Desktop\FRST-OlderVersion
2022-10-21 12:04 - 2022-10-21 12:06 - 002373632 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2022-10-21 11:37 - 2022-10-21 11:38 - 000000000 ____D C:\Users\steve\Downloads\The.Stranger.2022.1080p.WEBRip.x265-RARBG
2022-10-21 11:37 - 2022-10-21 11:37 - 000021085 _____ C:\Users\steve\Downloads\The.Stranger.2022.1080p.WEBRip.x265-RARBG-[rarbg.to].torrent
2022-10-21 11:37 - 2022-10-21 11:37 - 000021085 _____ C:\Users\steve\Downloads\The.Stranger.2022.1080p.WEBRip.x265-RARBG-[rarbg.to] (1).torrent
2022-10-21 10:36 - 2022-10-21 10:36 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-20 09:38 - 2022-10-21 10:41 - 000003416 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2022-10-20 09:01 - 2022-10-20 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-10-20 09:01 - 2022-10-20 09:01 - 000000000 ____D C:\Program Files\qBittorrent
2022-10-17 08:10 - 2022-10-17 08:45 - 000000000 ____D C:\Users\steve\Downloads\This.England.S01.720p.WEBRip.DDP5.1.x264-B2B[rartv]
2022-10-17 08:01 - 2022-10-17 08:01 - 028396224 _____ (The qBittorrent project) C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup (1).exe
2022-10-17 08:00 - 2022-10-17 08:01 - 028396224 _____ (The qBittorrent project) C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup.exe
2022-10-17 08:00 - 2022-10-17 08:00 - 000026103 _____ C:\Users\steve\Downloads\This.England.S01.720p.WEBRip.DDP5.1.x264-B2B[rartv]-[rarbg.to].torrent
2022-10-17 08:00 - 2022-10-17 08:00 - 000026103 _____ C:\Users\steve\Downloads\This.England.S01.720p.WEBRip.DDP5.1.x264-B2B[rartv]-[rarbg.to] (1).torrent
2022-10-12 13:01 - 2022-10-12 13:01 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-10-12 07:47 - 2022-10-12 07:47 - 000327680 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-12 07:46 - 2022-10-12 07:46 - 002575632 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-12 07:46 - 2022-10-12 07:46 - 000296448 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-10-12 07:46 - 2022-10-12 07:46 - 000062800 _____ C:\WINDOWS\system32\AppInstallerBackgroundUpdate.exe
2022-10-12 07:45 - 2022-10-12 07:45 - 000046888 _____ C:\WINDOWS\system32\wow64base.dll
2022-10-12 07:44 - 2022-10-12 07:44 - 002088728 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-12 07:44 - 2022-10-12 07:44 - 000055144 _____ C:\WINDOWS\system32\SFAPE.dll
2022-10-12 07:44 - 2022-10-12 07:44 - 000016565 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 07:42 - 2022-10-12 07:42 - 000000000 ___HD C:\$WinREAgent
2022-10-10 21:09 - 2022-10-10 21:09 - 000000000 ____D C:\Users\Hannah\Documents\OneNote Notebooks
2022-10-10 18:14 - 2022-10-10 18:14 - 000000020 ___SH C:\Users\Hannah\ntuser.ini
2022-10-09 14:56 - 2022-10-09 14:56 - 000000020 ___SH C:\Users\Gillian\ntuser.ini
2022-10-09 07:49 - 2022-10-09 07:49 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink AudioDirector 365.lnk
2022-10-09 07:49 - 2022-10-09 07:49 - 000002129 _____ C:\Users\Public\Desktop\CyberLink AudioDirector 365.lnk
2022-10-09 07:47 - 2022-10-09 07:47 - 000002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink ColorDirector 365.lnk
2022-10-09 07:47 - 2022-10-09 07:47 - 000002125 _____ C:\Users\Public\Desktop\CyberLink ColorDirector 365.lnk
2022-10-09 07:42 - 2022-10-09 07:42 - 000002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 365.lnk
2022-10-09 07:42 - 2022-10-09 07:42 - 000002145 _____ C:\Users\Public\Desktop\CyberLink PhotoDirector 365.lnk
2022-10-09 07:36 - 2022-10-09 07:36 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Application Manager.lnk
2022-10-09 07:36 - 2022-10-09 07:36 - 000002296 _____ C:\Users\Public\Desktop\CyberLink Application Manager.lnk
2022-10-09 03:24 - 2022-10-09 03:28 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-09 03:21 - 2022-10-09 03:23 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-09 03:21 - 2022-10-09 03:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-09 03:12 - 2022-10-09 03:12 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-09 03:10 - 2022-10-09 03:10 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-09 03:10 - 2022-10-09 03:10 - 000133120 _____ C:\WINDOWS\SysWOW64\stordiag.exe
2022-10-09 03:09 - 2022-10-09 03:09 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-09 03:09 - 2022-10-09 03:09 - 000180224 _____ C:\WINDOWS\system32\stordiag.exe
2022-10-09 03:07 - 2022-10-09 03:07 - 000192512 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2022-10-09 03:07 - 2022-10-09 03:07 - 000098304 _____ C:\WINDOWS\system32\dplcsp.dll
2022-10-09 03:06 - 2022-10-09 03:06 - 000000020 ___SH C:\Users\steve\ntuser.ini
2022-10-09 03:04 - 2022-10-21 11:38 - 000003506 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck
2022-10-09 03:04 - 2022-10-21 10:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-09 03:04 - 2022-10-20 13:19 - 000003338 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-A8920757F59B1BA85897CD3CEDA3D8AB
2022-10-09 03:04 - 2022-10-17 07:59 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-09 03:04 - 2022-10-17 07:59 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-09 03:04 - 2022-10-14 17:16 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1003
2022-10-09 03:04 - 2022-10-14 17:16 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1003
2022-10-09 03:04 - 2022-10-14 17:16 - 000003340 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-4374451B1A37268CAC5AD55CB8E93C06
2022-10-09 03:04 - 2022-10-14 12:20 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1001
2022-10-09 03:04 - 2022-10-14 12:20 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1001
2022-10-09 03:04 - 2022-10-14 06:56 - 000003338 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-E710F9D26B744BFC23F8BB83361DCD6E
2022-10-09 03:04 - 2022-10-10 18:17 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1002
2022-10-09 03:04 - 2022-10-10 18:17 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1002
2022-10-09 03:04 - 2022-10-09 07:49 - 000003622 _____ C:\WINDOWS\system32\Tasks\CLToast
2022-10-09 03:04 - 2022-10-09 07:49 - 000003448 _____ C:\WINDOWS\system32\Tasks\CLToastRun
2022-10-09 03:04 - 2022-10-09 03:05 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2022-10-09 03:04 - 2022-10-09 03:05 - 000003852 _____ C:\WINDOWS\system32\Tasks\ACCAgent
2022-10-09 03:04 - 2022-10-09 03:05 - 000003682 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.5.22250
2022-10-09 03:04 - 2022-10-09 03:05 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-10-09 03:04 - 2022-10-09 03:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-10-09 03:04 - 2022-10-09 03:05 - 000002820 _____ C:\WINDOWS\system32\Tasks\ACC
2022-10-09 03:04 - 2022-10-09 03:05 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-10-09 03:04 - 2022-10-09 03:05 - 000002766 _____ C:\WINDOWS\system32\Tasks\UbtFrameworkService
2022-10-09 03:04 - 2022-10-09 03:05 - 000002630 _____ C:\WINDOWS\system32\Tasks\Acer Collection Monitor Application
2022-10-09 03:04 - 2022-10-09 03:05 - 000002596 _____ C:\WINDOWS\system32\Tasks\PowerDirectorStyleAgent
2022-10-09 03:04 - 2022-10-09 03:05 - 000002596 _____ C:\WINDOWS\system32\Tasks\Acer Collection Application
2022-10-09 03:04 - 2022-10-09 03:05 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-10-09 03:04 - 2022-10-09 03:05 - 000002440 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTaskCore
2022-10-09 03:04 - 2022-10-09 03:05 - 000002328 _____ C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2022-10-09 03:04 - 2022-10-09 03:05 - 000002256 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - steven
2022-10-09 03:04 - 2022-10-09 03:05 - 000002222 _____ C:\WINDOWS\system32\Tasks\Quick Access
2022-10-09 03:04 - 2022-10-09 03:04 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Nero
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-09 03:00 - 2022-10-09 03:04 - 000022863 _____ C:\WINDOWS\diagwrn.xml
2022-10-09 03:00 - 2022-10-09 03:04 - 000022863 _____ C:\WINDOWS\diagerr.xml
2022-10-09 03:00 - 2022-10-09 03:00 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-09 03:00 - 2022-10-09 03:00 - 000000000 ____D C:\Program Files\MSBuild
2022-10-09 03:00 - 2022-10-09 03:00 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-09 03:00 - 2022-10-09 03:00 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-09 02:58 - 2022-10-09 02:58 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2022-10-09 02:58 - 2022-10-09 02:58 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2022-10-09 02:57 - 2022-10-09 02:57 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-10-09 02:57 - 2022-10-09 02:57 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-10-09 02:57 - 2022-10-09 02:57 - 000000000 ____D C:\WINDOWS\addins
2022-10-09 02:52 - 2022-10-14 17:13 - 000852164 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-09 02:39 - 2022-10-10 18:14 - 000000000 ____D C:\Users\Hannah
2022-10-09 02:39 - 2022-10-09 14:56 - 000000000 ____D C:\Users\Gillian
2022-10-09 02:39 - 2022-10-09 03:06 - 000000000 ____D C:\Users\steve
2022-10-09 02:39 - 2022-05-07 06:19 - 000001281 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000000407 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-09 02:32 - 2022-10-09 02:32 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2022-10-09 02:31 - 2022-10-21 10:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-09 02:31 - 2022-10-12 08:51 - 000649968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-08 22:10 - 2022-10-20 09:20 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-08 21:38 - 2022-08-29 14:15 - 008817232 ____N (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw08.sys
2022-10-08 21:38 - 2022-08-29 14:15 - 001677376 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter08.dll
2022-10-08 21:38 - 2022-08-29 13:54 - 002686148 _____ C:\WINDOWS\system32\Drivers\Netwfw08.dat
2022-10-08 21:38 - 2020-09-10 11:15 - 000025704 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdcsam64.sys
2022-10-08 21:29 - 2022-10-08 21:29 - 000002069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 365.lnk
2022-10-08 21:29 - 2022-10-08 21:29 - 000002057 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 365.lnk
2022-10-08 21:16 - 2022-10-08 21:17 - 022794688 _____ C:\Users\steve\Downloads\ApplicationManager_v2107_rv217698(4.1)_STD_APM220714-01.exe
2022-10-08 20:53 - 2022-10-08 20:55 - 000000000 ____D C:\Users\steve\Downloads\Gold.Rush.S13E02.WEBRip.x264-ION10
2022-10-08 20:52 - 2022-10-08 20:56 - 000000000 ____D C:\Users\steve\Downloads\Gold.Rush.S13E01.WEBRip.x264-ION10
2022-10-08 20:47 - 2022-10-08 20:47 - 000000000 ____D C:\ProgramData\NordUpdater
2022-10-08 20:44 - 2022-10-21 10:41 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2022-09-29 14:52 - 2022-09-29 14:52 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Corel
2022-09-29 14:48 - 2022-09-29 14:48 - 000000000 ____D C:\Users\Hannah\AppData\Local\Wondershare
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-21 12:09 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-21 12:08 - 2021-04-21 12:31 - 000000000 ____D C:\Users\steve\AppData\Roaming\qBittorrent
2022-10-21 12:08 - 2020-01-09 09:16 - 000000000 ____D C:\FRST
2022-10-21 11:40 - 2018-10-10 20:54 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-21 10:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-21 10:44 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-21 10:44 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-21 10:43 - 2020-07-04 13:21 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-21 10:43 - 2020-07-04 13:21 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-21 10:41 - 2021-02-21 15:25 - 000000000 ____D C:\Program Files\CCleaner
2022-10-21 10:39 - 2018-10-10 22:43 - 000000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2022-10-21 10:35 - 2020-11-09 16:43 - 000012288 ___SH C:\DumpStack.log.tmp
2022-10-20 13:31 - 2022-05-07 06:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2022-10-20 13:10 - 2022-09-05 16:47 - 000011214 _____ C:\Users\Gillian\Desktop\Wedding Menu.xlsx
2022-10-20 13:01 - 2018-10-10 20:49 - 000000000 __SHD C:\Users\Gillian\IntelGraphicsProfiles
2022-10-20 09:47 - 2018-10-14 10:38 - 000000000 ____D C:\Users\steve\AppData\Local\ElevatedDiagnostics
2022-10-17 07:54 - 2020-10-30 16:03 - 000000000 ____D C:\Users\steve\AppData\Local\NordVPN
2022-10-17 07:54 - 2020-10-30 16:03 - 000000000 ____D C:\ProgramData\NordVPN
2022-10-14 17:16 - 2020-11-09 15:01 - 000002438 _____ C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-14 17:13 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2022-10-14 12:24 - 2018-10-23 21:09 - 000000000 ____D C:\Users\steve\AppData\Local\D3DSCache
2022-10-14 12:20 - 2021-05-13 12:22 - 000002432 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-14 12:20 - 2018-10-10 19:30 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-14 12:12 - 2018-10-10 21:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-14 07:09 - 2020-10-30 16:03 - 000000000 ____D C:\Program Files\NordVPN
2022-10-14 07:08 - 2020-10-30 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2022-10-14 00:19 - 2018-10-10 20:55 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-14 00:19 - 2018-10-10 20:55 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-10-12 09:28 - 2018-10-10 21:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 09:25 - 2018-10-10 21:45 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-12 08:54 - 2018-10-10 20:33 - 000000000 __SHD C:\Users\Hannah\IntelGraphicsProfiles
2022-10-12 08:44 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Globalization
2022-10-12 08:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2022-10-12 08:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-12 08:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-12 08:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 08:42 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 08:39 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-12 08:27 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-12 08:24 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2022-10-12 08:18 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-12 08:18 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-10 18:52 - 2018-10-10 20:33 - 000000000 ____D C:\Users\Hannah\AppData\Local\ConnectedDevicesPlatform
2022-10-10 18:33 - 2018-10-10 20:33 - 000000000 ____D C:\Users\Hannah\AppData\Local\Packages
2022-10-10 18:27 - 2020-09-13 11:46 - 000000000 ____D C:\Users\Hannah\AppData\Local\D3DSCache
2022-10-10 18:17 - 2020-11-09 15:01 - 000002435 _____ C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-10 18:15 - 2018-07-12 18:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-10 15:15 - 2021-10-17 15:05 - 000000000 ____D C:\Users\Gillian\AppData\Local\D3DSCache
2022-10-09 15:16 - 2018-10-10 20:49 - 000000000 ____D C:\Users\Gillian\AppData\Local\Packages
2022-10-09 11:45 - 2020-10-30 16:03 - 000001780 _____ C:\Users\steve\Desktop\NordVPN.lnk
2022-10-09 09:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-09 07:59 - 2022-06-30 20:28 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2022-10-09 07:59 - 2018-07-12 19:13 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2022-10-09 07:59 - 2018-07-12 18:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-10-09 07:58 - 2018-07-12 19:12 - 000000000 ____D C:\ProgramData\install_clap
2022-10-09 07:58 - 2018-07-12 19:12 - 000000000 ____D C:\ProgramData\install_backup
2022-10-09 07:57 - 2022-04-08 14:07 - 000000000 ____D C:\Program Files\CyberLink
2022-10-09 07:49 - 2022-04-08 14:09 - 000001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Notification Center.lnk
2022-10-09 07:46 - 2018-07-12 18:26 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-09 07:41 - 2021-01-29 13:26 - 000000000 ____D C:\Users\steve\AppData\Roaming\NordPass
2022-10-09 07:36 - 2018-07-12 19:13 - 000000000 ____D C:\Program Files (x86)\CyberLink
2022-10-09 05:14 - 2018-10-10 22:17 - 000000000 ____D C:\ProgramData\Packages
2022-10-09 03:29 - 2022-06-15 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2022-10-09 03:29 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Registration
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-09 03:29 - 2022-04-21 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2022-10-09 03:29 - 2022-04-14 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2022-10-09 03:29 - 2022-03-13 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2022-10-09 03:29 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-09 03:29 - 2021-05-25 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7
2022-10-09 03:29 - 2021-03-08 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2022-10-09 03:29 - 2021-02-21 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-10-09 03:29 - 2020-11-08 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Tools M Beta
2022-10-09 03:29 - 2020-11-06 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-10-09 03:29 - 2019-11-14 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudpaging Player
2022-10-09 03:29 - 2019-11-14 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2022-10-09 03:29 - 2019-04-10 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-10-09 03:29 - 2018-11-10 08:46 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-10-09 03:29 - 2018-10-10 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2022-10-09 03:29 - 2018-10-10 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2022-10-09 03:29 - 2018-10-10 17:43 - 000000000 ____D C:\WINDOWS\oem
2022-10-09 03:29 - 2018-07-12 19:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2022-10-09 03:29 - 2018-07-12 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2022-10-09 03:29 - 2018-07-12 18:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2022-10-09 03:29 - 2018-07-12 18:38 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2022-10-09 03:28 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2022-10-09 03:28 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-09 03:28 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-09 03:28 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-09 03:28 - 2019-06-29 11:20 - 000000000 ____D C:\Program Files\UNP
2022-10-09 03:28 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-09 03:28 - 2018-07-12 18:26 - 000000000 ____D C:\Program Files\Intel
2022-10-09 03:27 - 2018-10-10 18:55 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2022-10-09 03:24 - 2022-08-10 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-10-09 03:24 - 2022-06-16 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2022-10-09 03:24 - 2022-05-27 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2022-10-09 03:24 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Resources
2022-10-09 03:24 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Help
2022-10-09 03:24 - 2022-01-06 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inPixio
2022-10-09 03:24 - 2021-12-20 18:44 - 000000000 ____D C:\WINDOWS\system32\Samsung
2022-10-09 03:24 - 2021-03-03 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2022-10-09 03:24 - 2018-10-23 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2022-10-09 03:15 - 2022-05-07 06:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2022-10-09 03:15 - 2022-05-07 06:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2022-10-09 03:05 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-09 03:04 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-09 03:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-10-09 02:56 - 2022-05-07 11:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-09 02:56 - 2022-05-07 11:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-09 02:56 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-09 02:56 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-09 02:45 - 2021-03-09 19:26 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop App
2022-10-09 02:45 - 2021-03-02 13:59 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2022-10-09 02:45 - 2021-01-24 17:46 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-10-09 02:45 - 2020-05-23 15:55 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-10-09 02:43 - 2021-01-06 13:49 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NordSec
2022-10-09 02:37 - 2022-04-04 22:08 - 000000000 ____D C:\WINDOWS\Firmware
2022-10-09 02:32 - 2020-01-10 19:16 - 000000000 __SHD C:\IntelOptaneData
2022-10-08 20:58 - 2018-07-12 19:03 - 000000000 ____D C:\Program Files (x86)\Acer
2022-10-08 20:47 - 2022-03-07 15:36 - 000000000 ____D C:\Program Files\NordUpdater
 
==================== Files in the root of some directories ========
 
2022-03-30 13:23 - 2022-03-30 13:23 - 020987948 _____ () C:\Users\steve\AppData\Local\004_Gift_To_Be_Simple.mid-compiled.wav
2022-03-30 13:24 - 2022-03-30 13:24 - 024735788 _____ () C:\Users\steve\AppData\Local\006_Smithwicks_Tavern.mid-compiled.wav
2022-03-30 13:23 - 2022-03-30 13:23 - 009547820 _____ () C:\Users\steve\AppData\Local\105_Ambient_High_Energy.mid-compiled.wav
2022-03-30 13:23 - 2022-03-30 13:23 - 033538092 _____ () C:\Users\steve\AppData\Local\106_Sweetly_Remembering.mid-compiled.wav
2022-03-30 16:52 - 2022-03-30 17:08 - 010846252 _____ () C:\Users\steve\AppData\Local\119_Club_Med.mid-compiled.wav
 
==================== FLock ==============================
 
2022-05-07 06:24 C:\WINDOWS\system32\WebThreatDefSvc
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2022
Ran by steven (21-10-2022 12:11:39)
Running from C:\Users\steve\Desktop
Microsoft Windows 11 Home Version 22H2 22621.674 (X64) (2022-10-09 02:06:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1741543102-3776721137-2454621359-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1741543102-3776721137-2454621359-503 - Limited - Disabled)
Gillian (S-1-5-21-1741543102-3776721137-2454621359-1003 - Limited - Enabled) => C:\Users\Gillian
Guest (S-1-5-21-1741543102-3776721137-2454621359-501 - Limited - Disabled)
Hannah (S-1-5-21-1741543102-3776721137-2454621359-1002 - Limited - Enabled) => C:\Users\Hannah
steven (S-1-5-21-1741543102-3776721137-2454621359-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-1741543102-3776721137-2454621359-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}) (Version: 3.2.18270.20 - Acer)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3005 - Acer Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
App Explorer (HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\Host App Service) (Version: 0.273.3.707 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Host App Service) (Version: 0.273.3.727 - SweetLabs) <==== ATTENTION
Avanquest Message (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.16.0 - Avanquest Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{4267BC3E-35CF-4F1A-AD0F-4A4B746C19D5}) (Version: 5.40.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 6.04 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\ActiveTouchMeetingClient) (Version: 41.7.4 - Cisco Webex LLC)
Cloudpaging Player (HKLM\...\{23F6FB7C-C1E2-491B-91A1-0441D5191BC7}) (Version: 9.0.4.21424 - Numecent, Inc.)
Corel AfterShot 3 - ICA x64 (HKLM\...\{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.7 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM Content x64 (HKLM\...\{3E064BED-C9D8-4BEF-A2EE-8D67E99C3932}) (Version: 3.6 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM x64 (HKLM\...\{5059B47C-4D7B-46E9-9D7A-1E2FCF5DDBED}) (Version: 3.7.0.446 - Corel Corporation) Hidden
Corel AfterShot 3(64-bit) (HKLM\...\_{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.7.0.446 - Corel Corporation)
Corel PaintShop Pro X7  (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (HKLM-x32\...\{17196252-8555-4E35-9C06-F743143D76D4}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{B6C0FB43-0C9B-46E6-93E4-DF171ED80C53}) (Version: 2.15.656 - Corel corporation) Hidden
CyberLink Application Manager (HKLM-x32\...\{D25D3E15-CABD-420c-B62C-70C1C5EE63FD}) (Version: 4.1.2107.0 - CyberLink Corp.)
CyberLink AudioDirector 365 (HKLM-x32\...\{D60A6FFA-B98B-4941-A079-1A42D73BEF3E}) (Version: 13.0.2106.0 - CyberLink Corp.)
CyberLink ColorDirector 365 (HKLM-x32\...\{B808A1BC-2753-42F7-9543-F46BA2CD08E2}) (Version: 11.0.2031.0 - CyberLink Corp.)
CyberLink PhotoDirector 14 (HKLM-x32\...\{EF76B1BC-DB92-4A4F-8411-849406461806}) (Version: 14.0.0922.0 - CyberLink Corp.)
CyberLink PowerDirector 365 (HKLM-x32\...\{1C2ACE6C-5C3C-45d7-8CF0-149DD8514825}) (Version: 21.0.2123.0 - CyberLink Corp.)
CyberLink PowerDirector Content Pack Premium 2 (HKLM-x32\...\{CF520E54-7DB7-4402-B581-FC0D6734D0C6}) (Version: 2 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8216.01 - CyberLink Corp.)
CyberLink Screen Recorder 4 (HKLM-x32\...\{6819D136-7F3F-4A0D-96C1-368BE830BFDA}) (Version: 4.3.0.19614 - CyberLink Corp.)
CyberLink Shape Transitions Pack (HKLM-x32\...\{A49D8AB7-695A-4D72-BACB-A406008387BF}) (Version: 1.0 - CyberLink Corp.)
CyberLink Travel Pack 2012 (HKLM-x32\...\{66D6469F-58C2-4CFA-B562-E1632065D89A}) (Version: 2 - CyberLink Corp.)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
EaseUS Tools M Beta 0.7.1 (HKLM-x32\...\D72C2F7D-B75E-4641-AFBE-199B95066617_is1) (Version:  - EaseUS)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.3 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{14898485-6509-496B-8C30-D5DB8C1C8639}) (Version: 4.6.3 - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.119 - Google LLC)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp)
ICA (HKLM-x32\...\{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden
inPixio Photo 11 (HKLM-x32\...\{813DB0CA-56D4-4388-AD08-4306C2E042CF}) (Version: 11.0.0 - inPixio)
InPixio Photo Studio Ultimate Resource Pack version 11.1 (HKLM-x32\...\{19015B20-34CB-4C46-9388-7F7E3678C6A8}_is1) (Version: 11.1 - InPixio)
Intel® Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{B4F59074-915E-4DFE-BFD6-1B415B37AE2F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{ED204DD8-2982-4B22-B077-0F70024D5FEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{4B1DEC5C-ED0A-4DD1-ADB2-FD1117FF94D7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{64A94A93-B0C4-4B16-8CDC-FDB06E8CC306}) (Version: 16.0.2.1086 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.40.0 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{18ec79fd-8f83-4e12-bfa5-80c9872cc56b}) (Version: 20.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{F70E0149-0BD0-4933-ADD0-1DC74D8F513B}) (Version: 20.40.0.1365 - Intel Corporation) Hidden
IPM_PSP_COM (HKLM-x32\...\{174F9DF8-AC60-486A-8FF4-A22831D48E0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{17704FA2-B1D2-4D5C-A23D-BDA0D2BC9CC7}) (Version: 17.0.0.199 - Corel Corporation) Hidden
iPod Support (HKLM\...\{57D75376-1F31-4182-8EC8-31A6785ABF29}) (Version: 120.7.3.55 - Apple Inc.)
iSkysoft DVD Creator(Build 6.2.8) (HKLM-x32\...\iSkysoft DVD Creator_is1) (Version:  - iSkysoft Software)
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
MAGIX Fastcut (Editing templates 1) (HKLM\...\{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (Editing templates 1) (HKLM\...\MX.{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH)
MAGIX Fastcut (Editing templates 2) (HKLM\...\{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (Editing templates 2) (HKLM\...\MX.{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH)
MAGIX Fastcut (HKLM\...\{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (HKLM\...\MX.{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH)
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Microsoft .NET Host - 6.0.4 (x64) (HKLM\...\{E8F68286-7C62-4E7D-A28F-277FFEBC2B9D}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.4 (x64) (HKLM\...\{51701D62-C986-4508-B423-5EFE6FF708B7}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.4 (x64) (HKLM\...\{BA6DD641-C766-473C-B70A-451F96F4D88B}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.47 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.15629.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Teams) (Version: 1.4.00.29469 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{9F513024-FFAD-4466-8CF0-5348389196B8}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{C521A8D8-511F-43DF-B789-7DD0B3F7363B}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.26.28720 (HKLM-x32\...\{2F69FB2B-2C48-491C-B249-22C1BDCE1117}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.26.28720 (HKLM-x32\...\{31C9EB3A-5F0C-49E7-8E6C-D404E48F433D}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM\...\{A0EC4CD9-836A-4D8B-BBD7-D5BC3902465C}) (Version: 48.19.39090 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM-x32\...\{73e5de3a-8f61-4a4a-ac84-0d7d5c9b9b5f}) (Version: 6.0.4.31115 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Nero Info (HKLM-x32\...\Nero Info) (Version: 24.5.1.12 - Nero AG)
Nero SharedVideoCodecs (HKLM-x32\...\{2432E589-6256-4513-B0BF-EFA8E325D5F0}) (Version: 1.0.19014 - Nero AG) Hidden
Nero WiFi+Transfer (HKLM-x32\...\WiFi+Transfer) (Version: 1.0.5.3 - Nero AG)
NordPass (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\285d85e1-fc76-5a0e-ba2d-20241a7fe9d2) (Version: 2.15.11 - NordPass Team)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.3.0.73 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.1.1.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PSPPContent (HKLM-x32\...\{17289BF4-5826-447B-A20A-738044D0B3E5}) (Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{1735F0DE-B173-4116-BABC-653A12FB9238}) (Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{17511557-C430-486A-AB5A-87A8134B2613}) (Version: 17.0.0.199 - Corel Corporation) Hidden
qBittorrent 4.4.5 (HKLM-x32\...\qBittorrent) (Version: 4.4.5 - The qBittorrent project)
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3009 - Acer Incorporated)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.3.9 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.9 - VS Revo Group, Ltd.)
Setup (HKLM-x32\...\{17088A4E-3CF3-4F12-926D-2A9E8085B8EC}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update7 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-6) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-7) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinX HD Video Converter Deluxe 5.6.0 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Wondershare Filmora 11(Build 11.4.7.358) (HKLM\...\Wondershare Filmora 11_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-10-21] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4 [2022-10-14] (Acer Incorporated)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08 [2022-05-26] (AMZN Mobile LLC.) [Startup Task]
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.1.0_neutral__yxz26nhyzhsrt [2022-10-14] (Microsoft Corp.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.47.7.0_x64__q4d96b2w5wcc2 [2022-10-20] (Evernote) [Startup Task]
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2022-10-14] (Facebook Inc)
HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.51122.0_x64__8wekyb3d8bbwe [2022-05-26] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa [2022-09-14] (Apple Inc.) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1590.24.221.0_x64__8xx8rvfyw5nnt [2022-09-12] (Meta) [Startup Task]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2022-10-10] (Microsoft Corp.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-10-09] (Microsoft Studios) [MS Ad]
Movie Maker - Video Editor FREE -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.5.22.0_x64__bzg06mxvgh4fa [2022-10-14] (V3TApps)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-19] (Microsoft Corporation)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [2022-10-10] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32061.0_x64__8wekyb3d8bbwe [2022-10-10] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-10] (Microsoft Corporation)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2021-12-22] (CYBERLINK COM CORP)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2022-01-19] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3001.0_x64__48frkmn4z8aw4 [2021-01-21] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-07-07] (Realtek Semiconductor Corp)
Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_4.9.7.0_x64__3c1yjt4zspk6g [2022-10-08] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0 [2022-10-17] (Spotify AB) [Startup Task]
Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2021-01-21] (Ryan Tremblay) [MS Ad]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-12] (Microsoft Windows)
Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_2.0.4.0_x86__1crh1k73ty8mg [2020-06-10] (Media Life)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001_Classes\CLSID\{642ccb6b-4be1-471e-bc61-606dd9dc7c79}\localserver32 -> C:\Program Files\inPixio\inPixio Photo 11\PhotoStudioIP11.exe (InPixio) [File not signed]
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxDTCM.dll [2018-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\steve\Desktop\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg
ShortcutWithArgument: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg
 
==================== Loaded Modules (Whitelisted) =============
 
2022-10-14 07:08 - 2022-10-17 07:54 - 017830912 _____ () [File not signed] C:\Program Files\NordVPN\7.1.1.0\telio.DLL
2022-10-12 07:35 - 2022-10-12 07:37 - 012445184 _____ () [File not signed] C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4\AcerRegistration.dll
2018-12-03 22:19 - 2018-12-03 22:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2019-03-06 22:45 - 2007-09-18 17:44 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBIPDev.dll
2019-03-06 22:45 - 2007-09-10 16:03 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBLPBidiDev.dll
2019-03-06 22:45 - 2006-12-26 15:58 - 000233544 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBMSDev.dll
2019-03-06 22:45 - 2004-11-17 17:56 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBNWDev.dll
2019-03-06 22:45 - 2007-09-10 16:32 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBRSVC.dll
2019-03-06 22:45 - 2006-08-30 02:02 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll
2019-03-06 22:27 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2019-03-06 22:27 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\steve\Documents\Icmeler 2021.dmsm:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\steve\Documents\Icmeler Sept Oct 2021.dmsm:Roxio EMC Stream [38]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001 -> DefaultScope {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001 -> {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002 -> DefaultScope {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002 -> {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\sharepoint.com -> hxxps://strath-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\steve\Pictures\Photos from S20\20200924_213048.jpg
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Gillian\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\newyo.jpg
DNS Servers: 103.86.96.100 - 103.86.99.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® TPM Provisioning Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MyEpson Portal Service => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NeroBackItUpBackgroundService2018 => 2
MSCONFIG\Services: QASvc => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: RtkAudioUniversalService => 2
MSCONFIG\Services: StreamingCore => 2
MSCONFIG\Services: UEIPSvc => 3
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Endeavors Technologies JukeboxPlayer"
HKLM\...\StartupApproved\Run32: => "Nero BackItUp"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "EaseUS FixTool"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "electron.app.NordPass"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPSDNMON"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{524475A9-E2B2-4BB6-B111-77CB073B56C5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{47CD995C-7640-4EA2-B902-E491EE6FFD90}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6BD33FC-2DA9-494A-804A-9D6BD2689ABD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{195A09B6-FBCC-491D-B89E-F0A2227F3C00}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7252ECA-9CFE-40E4-AD45-7D4AF3E3FA95}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{451D32A3-2AF9-47B1-9F78-3D81FF4366B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1BCBA6C-725B-4EFB-A614-3125EEA88A75}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A2080328-9858-41ED-A570-6F79909B4403}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F0992BB3-D7CD-4C10-96E2-A84DE53B14EB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D48F7CD0-5791-4694-B03A-46EB4458B3C4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AF104243-EB83-4863-8AF6-91971D2BB830}] => (Allow) C:\Program Files (x86)\Nero\Nero Apps\Transfer\Transfer.exe (Nero AG -> Nero AG)
FirewallRules: [UDP Query User{D4AEB729-00CE-4595-8782-6186AFD67E91}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E5F53477-DD35-4C1A-AC5D-1EA8805EDE0D}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{825C4112-119B-4B6D-9B9F-4405D2A47031}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D968E615-574A-450D-979C-C2D1EE629A81}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CD7A1BCD-905B-499F-9DEE-6F69F7EBE363}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A468DCC4-A197-478D-A556-1959647235D2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C158354D-65E7-4ACE-A1D2-9E78DF369D65}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{005D8629-9C40-4DB8-BE99-D99544A78A0F}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DAC9F25C-4833-402F-B381-DCDFA867C337}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{421624A7-B80E-4380-97CB-48E6E6DB94CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97146C7B-99B4-437A-AC64-7101B5A4C313}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6BD7DCFE-22AF-4891-8DCE-19CD07655E8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EC059BCF-5AFE-4F22-84C2-A1682F465CBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{66B4C281-1F99-4970-84B4-25F781A17D8E}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{78BB51ED-5D88-48F8-817C-06FBDE65EAA0}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5EEB7081-F60A-45BE-ADF0-2E30DBC8AD5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9722F32B-89D4-46D9-8C3B-E2337F9B9FA0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel® Wireless Connectivity Solutions -> )
FirewallRules: [{FCBA071B-62BB-4133-A9A7-D361BFA1A0BB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{09EC6237-0455-4632-A697-D4D68AA27CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E2924F25-34C0-4626-A9C9-19DA4B24F666}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{7C5949E0-929E-4D54-A026-E04F2F4BE8C4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{71B9035B-6E96-481F-B4D0-8879D188A65E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{D4AA9B30-D49F-40AB-B4D0-6972C69BA846}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{D43775B1-7D82-4961-B564-BAD29245AD03}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{F7769D7A-AE6B-45E3-B473-81F59F1CF973}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{8EBD3890-585B-4E72-A392-F0248E6A25D5}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{C4B06792-EBC8-4B07-9AED-66B147D119DC}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{B0AB877D-0BC9-4591-95DF-99105791A82B}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{923C6F2D-B29D-4895-BFA1-48EB43990A10}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{A784AB41-9E8F-46F0-9E57-AF1311F23631}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{1FF9056C-18B8-4C4C-9D20-C003728090EE}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{D8CD1526-D62D-4560-B9BE-5C7DD465AF66}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{3E19D774-3AD9-40E7-8A57-3EC857B324B6}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{17D38086-9743-4EDF-A691-D604CA563BF2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{4C5CAB28-7A10-4992-B0C9-70236A8C60A9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{762E09DF-D209-4C13-A0E4-3B1D507301E2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{972566EC-13CB-4389-975F-449D3598E771}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{F01C3573-9E22-458A-91CE-5DB8F87466B3}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{95236E62-7ACB-4C8D-8E14-7BAE7CD20548}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{A16E47A8-211F-4C36-8DA0-694CCD4A95CB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{38919211-491A-4399-942E-8B30C4EA6645}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [TCP Query User{1D3B44E5-7570-4F13-B04C-111E72D6FC1E}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]
FirewallRules: [UDP Query User{696A3737-CC6F-46FB-9216-570CEB929772}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]
FirewallRules: [TCP Query User{264C95F6-A57E-4E55-AF24-917262811A57}C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{636FC029-9E9F-4501-AA25-856A109525D5}C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4835A36F-04CC-4DE4-855A-821ED5A7BBED}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{95E0497F-6442-422C-A5BD-B2E5B60AD9C7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{E64876CA-64B4-4268-981B-7174EC1A856D}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Allow) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]
FirewallRules: [UDP Query User{46FECE41-9EA8-4721-AEB5-6B713875FF5D}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Allow) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]
FirewallRules: [TCP Query User{20BBCE53-FDDF-4432-9439-48EB3077AA00}C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F5079F31-EED9-4BDC-95EF-AD1FBD2D6E39}C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F4C5C5C3-C9F6-4105-812E-1EC951E5D0A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AC1911B7-9946-4256-837E-7CA77335EF4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAC6FE5D-65D6-40B9-BD6B-6A8D6F986BC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AAFC051D-59C1-4873-A2B3-2A46C7984561}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{83920D0D-992D-4C25-8E2F-BCAE452B679E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5063F36-3649-428A-B785-B4464F5DEC9B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6BC220C4-A45D-4DB1-9285-DDB455B8DF1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BFEE4F65-D093-4A0F-AAFB-229E399335AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{559445BB-4899-46F0-A631-9427A17EA694}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{49699C77-3F09-49D7-BA80-817796B79D47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1A25E102-C8A8-4D63-93B0-16FCEB9537EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2B4F197C-2A3C-4A4C-8D1C-9943A9E9822F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0892DD2-7D00-4DE0-A1A1-423E87CD1C83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6FE674E7-5B2E-4C76-8BA9-EA10D9BC0F65}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{93A356AC-067B-4E52-BCC0-56F5C0D143E9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{0392F02B-EC02-45E4-99FC-3EA1C168A7EC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
21-10-2022 11:06:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/21/2022 10:39:18 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-T3QOQ8M)
Description: Faulting application name: ACEStd.exe, version: 1.1.3011.0, time stamp: 0x5a324be8
Faulting module name: KERNELBASE.dll, version: 10.0.22621.608, time stamp: 0x4769d08d
Exception code: 0xe0434352
Fault offset: 0x000000000008fb0c
Faulting process ID: 0x0x2440
Faulting application start time: 0x0x1d8e530f577e31b
Faulting application path: C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: f72e6790-f748-46ef-a841-3a29d7d94d4e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/21/2022 10:39:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ACEStd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.DriveInfo.get_AvailableFreeSpace()
   at ABEStd.HDDMonitor.WatchHDD()
   at ABEStd.ABEManager.HardwareMonitorStart()
   at ABEStd.ABEManager.ABEManagerInit()
   at ABEStd.MainWindow..ctor()
 
Exception Info: System.Windows.Markup.XamlParseException
   at System.Windows.Markup.XamlReader.RewrapException(System.Exception, System.Xaml.IXamlLineInfo, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at ABEStd.App.Main()
 
Error: (10/20/2022 01:10:29 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-T3QOQ8M)
Description: Faulting application name: SearchHost.exe, version: 522.21701.0.0, time stamp: 0x62ed56c5
Faulting module name: ntdll.dll, version: 10.0.22621.608, time stamp: 0xf2e8a5ab
Exception code: 0xc0000005
Fault offset: 0x0000000000021d1d
Faulting process ID: 0x0x3d14
Faulting application start time: 0x0x1d8e47cf16de0ed
Faulting application path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 277ea7e8-09b5-4a19-b7bf-0ac9b302fe24
Faulting package full name: MicrosoftWindows.Client.CBS_1000.22634.1000.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (10/20/2022 01:04:43 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-T3QOQ8M)
Description: Faulting application name: ACEStd.exe, version: 1.1.3011.0, time stamp: 0x5a324be8
Faulting module name: KERNELBASE.dll, version: 10.0.22621.608, time stamp: 0x4769d08d
Exception code: 0xe0434352
Fault offset: 0x000000000008fb0c
Faulting process ID: 0x0x3704
Faulting application start time: 0x0x1d8e47c07839891
Faulting application path: C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: c8889ae7-d5fe-4a1e-b965-3adf9e639d4c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/20/2022 01:04:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ACEStd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.DriveInfo.get_AvailableFreeSpace()
   at ABEStd.HDDMonitor.WatchHDD()
   at ABEStd.ABEManager.HardwareMonitorStart()
   at ABEStd.ABEManager.ABEManagerInit()
   at ABEStd.MainWindow..ctor()
 
Exception Info: System.Windows.Markup.XamlParseException
   at System.Windows.Markup.XamlReader.RewrapException(System.Exception, System.Xaml.IXamlLineInfo, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at ABEStd.App.Main()
 
Error: (10/20/2022 01:03:44 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program Cortana.exe version 4.2204.13303.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (10/20/2022 09:47:33 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete defragmentation on \\?\Volume{3e8256e7-77ea-4da8-858a-d26293a99623}\ because: Volumes cannot be optimised due to file system type not supported. (0x8900002F)
 
Error: (10/20/2022 09:38:13 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-T3QOQ8M)
Description: Faulting application name: ACEStd.exe, version: 1.1.3011.0, time stamp: 0x5a324be8
Faulting module name: KERNELBASE.dll, version: 10.0.22621.608, time stamp: 0x4769d08d
Exception code: 0xe0434352
Fault offset: 0x000000000008fb0c
Faulting process ID: 0x0x2e50
Faulting application start time: 0x0x1d8e45a1c6db426
Faulting application path: C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 34cd06fc-0a7c-4fdb-890c-dc380f19d8bf
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/21/2022 10:44:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
 
Error: (10/21/2022 10:40:36 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T3QOQ8M)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (10/20/2022 01:10:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T3QOQ8M)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (10/20/2022 01:06:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T3QOQ8M)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (10/20/2022 09:56:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T3QOQ8M)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/20/2022 09:56:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T3QOQ8M)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/20/2022 09:56:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T3QOQ8M)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/20/2022 09:56:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T3QOQ8M)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2022-10-20 09:50:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-14 04:32:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-13 05:03:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-12 08:35:28
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2022-10-20 09:25:33
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.377.358.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19700.3
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2022-10-17 08:31:15
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.377.228.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19700.3
Error code: 0x80070102
Error description: The wait operation timed out. 
 
CodeIntegrity:
===============
Date: 2022-10-21 10:49:43
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2022-10-21 10:48:18
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. R01-C3 04/08/2020
Motherboard: Acer B36H4-AD
Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 70%
Total physical RAM: 8069.98 MB
Available physical RAM: 2392.96 MB
Total Virtual: 8645.98 MB
Available Virtual: 2513.93 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:465.19 GB) (Free:177.76 GB) (Model: TOSHIBA DT01ACA100) NTFS
Drive d: (Data) (Fixed) (Total:465.2 GB) (Free:458.33 GB) (Model: TOSHIBA DT01ACA100) NTFS
Drive f: () (Fixed) (Total:0 GB) (Free:0 GB) (Model: WD Elements 2621 USB Device) 
Drive g: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
 
\\?\Volume{af1a4e76-2cab-42a1-b627-2319125239c2}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.42 GB) NTFS
\\?\Volume{e98a5c0c-fd67-4cc4-8a80-21ad4146b416}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2034C532)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
DR M
Posted 22 October 2022 - 12:24 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Steviep.
 
First, take a look to the following guidelines, and then, carefully follow, in the same order, the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
===================================
 
1. P2P program

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it now.

 

 

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Task: {250E5E38-143A-4CFF-8A87-BCE17AF67852} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {95D8C6A1-9913-4280-908F-4DFFC2073502} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR Notifications: Default -> hxxps://332106553415056.webpush.freshchat.com; hxxps://www.facebook.com; hxxps://www.wondershare.net; hxxps://www.youtube.com
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>
AlternateDataStreams: C:\Users\steve\Documents\Icmeler 2021.dmsm:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\steve\Documents\Icmeler Sept Oct 2021.dmsm:Roxio EMC Stream [38]
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001 -> DefaultScope {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001 -> {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002 -> DefaultScope {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002 -> {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "Web Companion"
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

3. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

4. Run Malwarebytes (scan only)

  • Open Malwarebytes you have already installed.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

In your next reply, please post:
  1. What did you decide about the torrent client
  2. The fixlog.txt
  3. The AdwCleaner[S0*].txt
  4. The Malwarebytes report

  • 0

#3
Steviep
Posted 22 October 2022 - 03:00 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

Hi Dr M thank you in advance for your help

 

I have uninstalled qBittorrent

 

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2022

Ran by steven (22-10-2022 09:00:16) Run:3
Running from C:\Users\steve\Desktop
Loaded Profiles: steven & Hannah & Gillian
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Task: {250E5E38-143A-4CFF-8A87-BCE17AF67852} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {95D8C6A1-9913-4280-908F-4DFFC2073502} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR Notifications: Default -> hxxps://332106553415056.webpush.freshchat.com; hxxps://www.facebook.com; hxxps://www.wondershare.net; hxxps://www.youtube.com
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>
AlternateDataStreams: C:\Users\steve\Documents\Icmeler 2021.dmsm:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\steve\Documents\Icmeler Sept Oct 2021.dmsm:Roxio EMC Stream [38]
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001 -> DefaultScope {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001 -> {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002 -> DefaultScope {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
SearchScopes: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002 -> {35FBE913-BBDB-4FAA-B95A-3143BD4E0411} URL = 
IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "Web Companion"
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9674c4fe-ccbc-11e8-8391-7c2a317b0e98} => removed successfully
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9674c4fe-ccbc-11e8-8391-7c2a317b0e98} => removed successfully
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9674c4fe-ccbc-11e8-8391-7c2a317b0e98} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{250E5E38-143A-4CFF-8A87-BCE17AF67852}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{250E5E38-143A-4CFF-8A87-BCE17AF67852}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95D8C6A1-9913-4280-908F-4DFFC2073502}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95D8C6A1-9913-4280-908F-4DFFC2073502}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Chrome Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => removed successfully
C:\Users\steve\Documents\Icmeler 2021.dmsm => ":Roxio EMC Stream" ADS removed successfully
C:\Users\steve\Documents\Icmeler Sept Oct 2021.dmsm => ":Roxio EMC Stream" ADS removed successfully
"HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35FBE913-BBDB-4FAA-B95A-3143BD4E0411} => removed successfully
"HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35FBE913-BBDB-4FAA-B95A-3143BD4E0411} => removed successfully
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Web Companion" => removed successfully
"HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 4718592 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39139877 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 83382065 B
Edge => 61466 B
Chrome => 497435982 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 8735612 B
steve => 17856927 B
Hannah => 131199649 B
Gillian => 801839592 B
 
RecycleBin => 150462464 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:04:13 ====
 
 
Adw Cleaner:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-22-2022
# Duration: 00:00:22
# OS:       Windows 11 (Build 22621.674)
# Scanned:  32089
# Detected: 35
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.pokki                    C:\Users\Hannah\AppData\Local\Host App Service
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.FreeMakeConverter  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.AcerCareCenter   Folder   C:\Program Files (x86)\ACER\CARE CENTER 
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C315710-0C24-47F7-927E-0AAE08F72DC2}  
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561146FA-04F5-4530-ADC1-48FBA98F6514}  
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C315710-0C24-47F7-927E-0AAE08F72DC2}  
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent 
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication 
Preinstalled.AcerCareCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719} 
Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCAGENT 
Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION 
Preinstalled.AcerCollection   Folder   C:\Program Files (x86)\ACER\ACER COLLECTION 
Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47C00096-32F7-494C-A133-CCA98FFC2435}  
Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90F2304A-3E30-46CC-B1A9-CDA9E41B86DC}  
Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Acer Collection Application 
Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Acer Collection Monitor Application 
Preinstalled.AcerCollection   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2} 
Preinstalled.AcerCollection   Task   C:\Windows\System32\Tasks\ACER COLLECTION APPLICATION 
Preinstalled.AcerCollection   Task   C:\Windows\System32\Tasks\ACER COLLECTION MONITOR APPLICATION 
Preinstalled.AcerJumpstart   Folder   C:\Program Files (x86)\ACER\ACER JUMPSTART 
Preinstalled.AcerJumpstart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF} 
Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F600DCA5-31C6-4BFA-BF87-A7FB03584C8F}  
Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access 
Preinstalled.AcerQuickAccess   Task   C:\Windows\System32\Tasks\QUICK ACCESS 
Preinstalled.AcerQuickAccessService   Folder   C:\Program Files\ACER\QUICK ACCESS SERVICE 
Preinstalled.AcerQuickAccessService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB25551C-74EF-4BAB-9989-891517FCF9FF} 
Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\FRAMEWORK 
Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\PLUGIN\APPMONITOR 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAB7A5E4-8512-4B60-A2A4-95F1DA20556E}  
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService 
Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7} 
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE 
Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
Malwarebytes:
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 22/10/2022
Scan Time: 09:38
Log File: eb2295fa-51e4-11ed-87f3-94c69194fd4b.json
 
-Software Information-
Version: 4.5.16.217
Components Version: 1.0.1792
Update Package Version: 1.0.61383
Licence: Free
 
-System Information-
OS: Windows 11 (Build 22621.674)
CPU: x64
File System: NTFS
User: DESKTOP-T3QOQ8M\steven
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 359159
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 20 min, 53 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#4
DR M
Posted 22 October 2022 - 06:06 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Steviep.
 
Let's continue.
 
 
1. Run AdwCleaner (clean)

The findings in Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Attach the content of these two logs in your next reply.

 

In your next reply please post:

  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition and FRST
  3. Feedback: how is the computer running now?

  • 0

#5
Steviep
Posted 24 October 2022 - 01:29 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

Hi Dr M,

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-24-2022
# Duration: 00:00:09
# OS:       Windows 11 (Build 22621.674)
# Cleaned:  38
# Awaiting reboot:1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\Hannah\AppData\Local\Host App Service
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\App Host Service
Deleted       HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Host App Service
Deleted       HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.AcerCareCenter   Folder   C:\Program Files (x86)\ACER\CARE CENTER
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C315710-0C24-47F7-927E-0AAE08F72DC2} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561146FA-04F5-4530-ADC1-48FBA98F6514} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C315710-0C24-47F7-927E-0AAE08F72DC2} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719}
Deleted       Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCAGENT
Deleted       Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Deleted       Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47C00096-32F7-494C-A133-CCA98FFC2435} 
Deleted       Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90F2304A-3E30-46CC-B1A9-CDA9E41B86DC} 
Deleted       Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Acer Collection Application
Deleted       Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Acer Collection Monitor Application
Deleted       Preinstalled.AcerCollection   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}
Deleted       Preinstalled.AcerCollection   Task   C:\Windows\System32\Tasks\ACER COLLECTION APPLICATION
Deleted       Preinstalled.AcerCollection   Task   C:\Windows\System32\Tasks\ACER COLLECTION MONITOR APPLICATION
Deleted       Preinstalled.AcerJumpstart   Folder   C:\Program Files (x86)\ACER\ACER JUMPSTART
Deleted       Preinstalled.AcerJumpstart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}
Deleted       Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F600DCA5-31C6-4BFA-BF87-A7FB03584C8F} 
Deleted       Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Deleted       Preinstalled.AcerQuickAccess   Task   C:\Windows\System32\Tasks\QUICK ACCESS
Deleted       Preinstalled.AcerQuickAccessService   Folder   C:\Program Files\ACER\QUICK ACCESS SERVICE
Deleted       Preinstalled.AcerQuickAccessService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB25551C-74EF-4BAB-9989-891517FCF9FF}
Deleted       Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\FRAMEWORK
Deleted       Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\PLUGIN\APPMONITOR
Deleted       Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAB7A5E4-8512-4B60-A2A4-95F1DA20556E} 
Deleted       Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Deleted       Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Deleted       Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Deleted       Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER
Needs Reboot  Preinstalled.AcerCollection   Folder   C:\Program Files (x86)\ACER\ACER COLLECTION
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
***** Reboot Required to Complete *****
 
 
***** [ Folders ] *****
 
Cleaning failed   C:\Program Files (x86)\ACER\ACER COLLECTION
 
*************************
 
AdwCleaner[S00].txt - [5525 octets] - [22/10/2022 09:33:17]
AdwCleaner[S01].txt - [5959 octets] - [24/10/2022 08:04:02]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-24-2022
# Duration: 00:00:09
# OS:       Windows 11 (Build 22621.674)
# Cleaned:  38
# Awaiting reboot:1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\Hannah\AppData\Local\Host App Service
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\App Host Service
Deleted       HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Host App Service
Deleted       HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.AcerCareCenter   Folder   C:\Program Files (x86)\ACER\CARE CENTER
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C315710-0C24-47F7-927E-0AAE08F72DC2} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561146FA-04F5-4530-ADC1-48FBA98F6514} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C315710-0C24-47F7-927E-0AAE08F72DC2} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719}
Deleted       Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCAGENT
Deleted       Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Deleted       Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47C00096-32F7-494C-A133-CCA98FFC2435} 
Deleted       Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90F2304A-3E30-46CC-B1A9-CDA9E41B86DC} 
Deleted       Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Acer Collection Application
Deleted       Preinstalled.AcerCollection   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Acer Collection Monitor Application
Deleted       Preinstalled.AcerCollection   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}
Deleted       Preinstalled.AcerCollection   Task   C:\Windows\System32\Tasks\ACER COLLECTION APPLICATION
Deleted       Preinstalled.AcerCollection   Task   C:\Windows\System32\Tasks\ACER COLLECTION MONITOR APPLICATION
Deleted       Preinstalled.AcerJumpstart   Folder   C:\Program Files (x86)\ACER\ACER JUMPSTART
Deleted       Preinstalled.AcerJumpstart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}
Deleted       Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F600DCA5-31C6-4BFA-BF87-A7FB03584C8F} 
Deleted       Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Deleted       Preinstalled.AcerQuickAccess   Task   C:\Windows\System32\Tasks\QUICK ACCESS
Deleted       Preinstalled.AcerQuickAccessService   Folder   C:\Program Files\ACER\QUICK ACCESS SERVICE
Deleted       Preinstalled.AcerQuickAccessService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB25551C-74EF-4BAB-9989-891517FCF9FF}
Deleted       Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\FRAMEWORK
Deleted       Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\PLUGIN\APPMONITOR
Deleted       Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAB7A5E4-8512-4B60-A2A4-95F1DA20556E} 
Deleted       Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Deleted       Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Deleted       Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Deleted       Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER
Needs Reboot  Preinstalled.AcerCollection   Folder   C:\Program Files (x86)\ACER\ACER COLLECTION
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
***** Reboot Required to Complete *****
 
 
***** [ Folders ] *****
 
Cleaning failed   C:\Program Files (x86)\ACER\ACER COLLECTION
 
*************************
 
AdwCleaner[S00].txt - [5525 octets] - [22/10/2022 09:33:17]
AdwCleaner[S01].txt - [5959 octets] - [24/10/2022 08:04:02]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2022
Ran by steven (administrator) on DESKTOP-T3QOQ8M (Acer Carlos) (24-10-2022 08:15:59)
Running from C:\Users\steve\Desktop
Loaded Profiles: steven
Platform: Microsoft Windows 11 Home Version 22H2 22621.674 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Users\steve\Desktop\adwcleaner(1).exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2208.25.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Avanquest Software SAS -> Avanquest Software) C:\Users\steve\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero Apps\Transfer\Transfer.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(services.exe ->) (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
(svchost.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Users\steve\Desktop\adwcleaner(1).exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.695.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Endeavors Technologies JukeboxPlayer] => C:\Program Files\Numecent\Application Jukebox Player\JukeboxPlayer.exe [9502048 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)
HKLM-x32\...\Run: [EaseUS FixTool] => C:\Program Files (x86)\EaseUS\EaseUS Tools M\bin\UpdateExe.exe [141448 2020-05-22] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM-x32\...\Run: [DriveSpan] => C:\Program Files (x86)\Nero\Nero Apps\Transfer\Transfer.exe [686216 2022-08-08] (Nero AG -> Nero AG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [CAMTray] => C:\Program Files (x86)\CyberLink\AppManager\CAMTray.exe [463408 2022-09-13] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [electron.app.NordPass] => C:\Users\steve\AppData\Local\Programs\nordpass\NordPass.exe [95439360 2021-01-06] (NordPass Team) [File not signed]
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38502416 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [Avanquest Message] => C:\Users\steve\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [602264 2022-09-15] (Avanquest Software SAS -> Avanquest Software)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\Run: [MicrosoftEdgeAutoLaunch_E038479F42F6B0F47BDCC365352673C6] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\Gillian\AppData\Local\WebEx\ciscowebexstart.exe [4524368 2021-07-09] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Gillian\AppData\Local\Microsoft\Teams\Update.exe [2459280 2021-11-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON XP-205 207 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMILE.DLL [120320 2011-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe [2022-10-14] (Google LLC -> Google LLC)
Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2022-10-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {08BD09F4-BBD5-4759-9418-2A6680D41823} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\WINDOWS\system32\SecureBootEncodeUEFI.exe [49152 2022-05-07] (Microsoft Windows -> )
Task: {08D9BE40-BB0A-403B-9B9B-8DF56CFDFEBA} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe /default (No File)
Task: {1445DA5A-DA8E-41F2-AFBA-F0862C099121} - System32\Tasks\CreateExplorerShellUnelevatedTask => c:\windows\explorer.exe /NoUACCheck
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" could not be unlocked. <==== ATTENTION
Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
Task: {2C6CA63D-12D0-4E86-B7A9-B92443E7798E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8502776 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {30B55E20-BB8F-4C4E-941D-1C60D92EA066} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {36AE74CE-BD1E-43A6-9A88-92EB73F5C0D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)
Task: {38EAA8B5-7C17-4CB8-8436-D01D8928946F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-08-12] (Piriform Software Ltd -> Piriform)
Task: {3CFF56A8-E73D-4284-9CEA-9FF06426F698} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3EBA6565-F658-4FED-8BD4-474758B049CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3FBE587A-5B4B-49F9-9621-E4EA5772E8E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {42890471-71EC-4C97-AD2F-87B84DDB71E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4E548EA3-13BC-4316-A9A2-D7CF4FCDE18C} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [103032 2022-07-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {4F64DBB4-101F-442A-869A-F59BE3002FA0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5BC24D20-38CC-4A0D-9BA0-33411F13A9A9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {5EA8D87D-8113-4004-BD75-9935DE0373EE} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Nero\Nero Apps\NeroInfo\NeroInfo.exe [3914864 2022-08-08] (Nero AG -> Nero AG)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe RebootDialog (No File)
Task: {74C892B5-18A8-4E50-8C75-BE40397E021F} - System32\Tasks\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run => C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe /WinStart (No File)
Task: {778A696B-7222-4740-87C3-203D66E2B864} - System32\Tasks\CorelUpdateHelperTask-4374451B1A37268CAC5AD55CB8E93C06 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3813600 2021-12-03] (Corel Corporation -> Corel Corporation)
Task: {79D0BEA1-4B1B-4F00-A18C-C1A88A6FCBB2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C06097D-BCB8-4C65-8A40-01CD4AC9FE6C} - System32\Tasks\CCleanerSkipUAC - steven => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8DB3FB0F-E6DB-4FFE-83B2-938F7D74B3CF} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3813600 2021-12-03] (Corel Corporation -> Corel Corporation)
Task: {99623E9F-1E61-4B4C-B0CD-67B8BA5B9560} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (No File)
Task: {A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe (No File)
Task: {AF9D590B-8B7E-4437-9F30-E8A336DD0967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)
Task: {B0AFD0CE-5196-42EF-AD09-3A755CAC7F40} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2022-03-14] (CyberLink Corp. -> )
Task: {B683611E-D9B6-4005-8FC7-2A00D41F97F7} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {BC4CEF94-D62F-4D8E-8783-8137C99918FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8502776 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEE9753A-4C03-4613-929C-03B89D50D792} - System32\Tasks\Microsoft\Windows\CloudRestore\Restore => {B4BCFA6F-948D-46B8-BF27-E8B1117E23B3} C:\WINDOWS\system32\CloudRestoreLauncher.dll [245760 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
Task: {BF342BB0-ADA7-44F2-925B-A375009F6CEA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2018-08-03] (Acer Incorporated -> Acer Incorporated)
Task: {C24246B5-2F68-4EEB-9417-0B250C3F60AA} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2022-03-14] (CyberLink Corp. -> )
Task: {C375B8E7-1D4F-4E57-90E7-3BEFD0DFCE06} - System32\Tasks\Microsoft\Windows\WlanSvc\MoProfileManagement => {085EDA12-CF4A-4944-8222-8ADCADE137CB} C:\Windows\System32\WlanMediaManager.dll [897024 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {DCADD776-01F6-4B49-B097-46F410F50506} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "9dac4439-e6f9-4785-9ff9-123e643f51d6" --version "6.04.10044" --silent
Task: {E254F695-21D1-4CB4-A94D-F66A063F0A75} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {E3F9FE37-F3B2-486A-BE0A-CFC87AB481B8} - System32\Tasks\CorelUpdateHelperTask-A8920757F59B1BA85897CD3CEDA3D8AB => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3813600 2021-12-03] (Corel Corporation -> Corel Corporation)
Task: {EC1E8988-AD5C-4BC1-A0EC-955BD0B9F303} - System32\Tasks\CorelUpdateHelperTask-E710F9D26B744BFC23F8BB83361DCD6E => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3813600 2021-12-03] (Corel Corporation -> Corel Corporation)
Task: {F11C82FC-3260-46B1-8013-754DB6FB21E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [65448 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {F87BAE91-2470-40AB-9F94-A437578A5E4D} - System32\Tasks\Microsoft\Windows\Application Experience\SdbinstMergeDbTask => C:\WINDOWS\system32\sdbinst.exe [217088 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
Task: {F89AA82A-D0B2-4311-B091-83BDF56B7DFD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{47a49dfe-5532-4bd4-b40a-03730b7d6cd7}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9272e2bf-6bd5-1513-a95c-605fd4c46776}: [NameServer] 103.86.96.100,103.86.99.100
 
Edge: 
=======
DownloadDir: C:\Users\steve\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-20]
Edge DownloadDir: Default -> C:\Users\steve\Downloads
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-03-06] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1741543102-3776721137-2454621359-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\steve\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-23] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2022-10-24]
CHR Notifications: Default -> hxxps://gudevsoc.com
CHR StartupUrls: Default -> "hxxp://google.co.uk/"
CHR Extension: (Adaware Ad Block) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2020-06-22]
CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-02]
CHR Extension: (Zoom Scheduler) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2022-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-10-22]
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\System Profile [2022-10-22]
CHR HKLM-x32\...\Chrome\Extension: [cmllgdnjnkbapbchnebiedipojhmnjej]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12477344 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [802816 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-10-22] (Malwarebytes Inc. -> Malwarebytes)
S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2021-06-07] (nordvpn s.a. -> TEFINCOM S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [626344 2022-03-14] (CyberLink Corp. -> CyberLink)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 StreamingCore; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [6788416 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137544 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
S4 QASvc; "C:\Program Files\Acer\Quick Access Service\QASvc.exe" [X]
S4 UEIPSvc; "C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181824 2019-12-27] (GENESYS LOGIC, INC. -> Genesys Logic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1089512 2020-04-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl6db1062a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30C30CC4-833C-423E-8224-8EDA74B06947}\MpKslDrv.sys [228632 2022-10-24] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\7.1.2.0\Drivers\NDivert.sys [131472 2022-06-28] (nordvpn s.a. -> Nordvpn S.A.)
S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-10-30] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-10-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [73464 2021-03-08] (Corel Corporation -> Corel Corporation)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [46392 2021-12-14] (Corel Corporation -> Corel Corporation)
R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [38200 2021-12-14] (Corel Corporation -> Corel Corporation)
R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [45880 2021-12-14] (Corel Corporation -> Corel Corporation)
R2 StreamingFSD; C:\WINDOWS\System32\DRIVERS\StreamingFSD.sys [791288 2018-01-08] (Numecent, Inc. -> Numecent, Inc.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831616 2021-03-08] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [455968 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2022-03-16] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-24 08:12 - 2022-10-24 08:12 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-22 09:32 - 2022-10-24 08:08 - 000000000 ____D C:\AdwCleaner
2022-10-22 09:32 - 2022-10-22 09:32 - 008791352 _____ (Malwarebytes) C:\Users\steve\Desktop\adwcleaner(1).exe
2022-10-22 09:31 - 2022-10-22 09:31 - 008551608 _____ (Malwarebytes) C:\Users\steve\Desktop\AdwCleaner.exe
2022-10-22 09:00 - 2022-10-22 09:04 - 000009687 _____ C:\Users\steve\Desktop\Fixlog.txt
2022-10-21 12:07 - 2022-10-24 08:18 - 000032502 _____ C:\Users\steve\Desktop\FRST.txt
2022-10-21 12:06 - 2022-10-24 08:15 - 000000000 ____D C:\Users\steve\Desktop\FRST-OlderVersion
2022-10-21 12:04 - 2022-10-24 08:15 - 002373632 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2022-10-21 11:37 - 2022-10-21 11:38 - 000000000 ____D C:\Users\steve\Downloads\The.Stranger.2022.1080p.WEBRip.x265-RARBG
2022-10-21 11:37 - 2022-10-21 11:37 - 000021085 _____ C:\Users\steve\Downloads\The.Stranger.2022.1080p.WEBRip.x265-RARBG-[rarbg.to].torrent
2022-10-21 11:37 - 2022-10-21 11:37 - 000021085 _____ C:\Users\steve\Downloads\The.Stranger.2022.1080p.WEBRip.x265-RARBG-[rarbg.to] (1).torrent
2022-10-20 09:38 - 2022-10-24 08:14 - 000003416 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2022-10-17 08:10 - 2022-10-17 08:45 - 000000000 ____D C:\Users\steve\Downloads\This.England.S01.720p.WEBRip.DDP5.1.x264-B2B[rartv]
2022-10-17 08:01 - 2022-10-17 08:01 - 028396224 _____ (The qBittorrent project) C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup (1).exe
2022-10-17 08:00 - 2022-10-17 08:01 - 028396224 _____ (The qBittorrent project) C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup.exe
2022-10-17 08:00 - 2022-10-17 08:00 - 000026103 _____ C:\Users\steve\Downloads\This.England.S01.720p.WEBRip.DDP5.1.x264-B2B[rartv]-[rarbg.to].torrent
2022-10-17 08:00 - 2022-10-17 08:00 - 000026103 _____ C:\Users\steve\Downloads\This.England.S01.720p.WEBRip.DDP5.1.x264-B2B[rartv]-[rarbg.to] (1).torrent
2022-10-12 13:01 - 2022-10-12 13:01 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-10-12 07:47 - 2022-10-12 07:47 - 000327680 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-12 07:46 - 2022-10-12 07:46 - 002575632 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-12 07:46 - 2022-10-12 07:46 - 000296448 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-10-12 07:46 - 2022-10-12 07:46 - 000062800 _____ C:\WINDOWS\system32\AppInstallerBackgroundUpdate.exe
2022-10-12 07:45 - 2022-10-12 07:45 - 000046888 _____ C:\WINDOWS\system32\wow64base.dll
2022-10-12 07:44 - 2022-10-12 07:44 - 002088728 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-12 07:44 - 2022-10-12 07:44 - 000055144 _____ C:\WINDOWS\system32\SFAPE.dll
2022-10-12 07:44 - 2022-10-12 07:44 - 000016565 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 07:42 - 2022-10-12 07:42 - 000000000 ___HD C:\$WinREAgent
2022-10-10 21:09 - 2022-10-10 21:09 - 000000000 ____D C:\Users\Hannah\Documents\OneNote Notebooks
2022-10-10 18:14 - 2022-10-10 18:14 - 000000020 ___SH C:\Users\Hannah\ntuser.ini
2022-10-09 14:56 - 2022-10-09 14:56 - 000000020 ___SH C:\Users\Gillian\ntuser.ini
2022-10-09 07:49 - 2022-10-09 07:49 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink AudioDirector 365.lnk
2022-10-09 07:49 - 2022-10-09 07:49 - 000002129 _____ C:\Users\Public\Desktop\CyberLink AudioDirector 365.lnk
2022-10-09 07:47 - 2022-10-09 07:47 - 000002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink ColorDirector 365.lnk
2022-10-09 07:47 - 2022-10-09 07:47 - 000002125 _____ C:\Users\Public\Desktop\CyberLink ColorDirector 365.lnk
2022-10-09 07:42 - 2022-10-09 07:42 - 000002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 365.lnk
2022-10-09 07:42 - 2022-10-09 07:42 - 000002145 _____ C:\Users\Public\Desktop\CyberLink PhotoDirector 365.lnk
2022-10-09 07:36 - 2022-10-09 07:36 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Application Manager.lnk
2022-10-09 07:36 - 2022-10-09 07:36 - 000002296 _____ C:\Users\Public\Desktop\CyberLink Application Manager.lnk
2022-10-09 03:24 - 2022-10-09 03:28 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-09 03:21 - 2022-10-09 03:23 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-09 03:21 - 2022-10-09 03:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-09 03:12 - 2022-10-09 03:12 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-09 03:10 - 2022-10-09 03:10 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-09 03:10 - 2022-10-09 03:10 - 000133120 _____ C:\WINDOWS\SysWOW64\stordiag.exe
2022-10-09 03:09 - 2022-10-09 03:09 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-09 03:09 - 2022-10-09 03:09 - 000180224 _____ C:\WINDOWS\system32\stordiag.exe
2022-10-09 03:07 - 2022-10-09 03:07 - 000192512 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2022-10-09 03:07 - 2022-10-09 03:07 - 000098304 _____ C:\WINDOWS\system32\dplcsp.dll
2022-10-09 03:06 - 2022-10-09 03:06 - 000000020 ___SH C:\Users\steve\ntuser.ini
2022-10-09 03:04 - 2022-10-24 08:13 - 000003506 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck
2022-10-09 03:04 - 2022-10-24 08:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-09 03:04 - 2022-10-24 07:58 - 000003340 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-4374451B1A37268CAC5AD55CB8E93C06
2022-10-09 03:04 - 2022-10-22 08:52 - 000003338 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-A8920757F59B1BA85897CD3CEDA3D8AB
2022-10-09 03:04 - 2022-10-17 07:59 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-09 03:04 - 2022-10-17 07:59 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-09 03:04 - 2022-10-14 17:16 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1003
2022-10-09 03:04 - 2022-10-14 17:16 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1003
2022-10-09 03:04 - 2022-10-14 12:20 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1001
2022-10-09 03:04 - 2022-10-14 12:20 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1001
2022-10-09 03:04 - 2022-10-14 06:56 - 000003338 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-E710F9D26B744BFC23F8BB83361DCD6E
2022-10-09 03:04 - 2022-10-10 18:17 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1002
2022-10-09 03:04 - 2022-10-10 18:17 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1002
2022-10-09 03:04 - 2022-10-09 07:49 - 000003622 _____ C:\WINDOWS\system32\Tasks\CLToast
2022-10-09 03:04 - 2022-10-09 07:49 - 000003448 _____ C:\WINDOWS\system32\Tasks\CLToastRun
2022-10-09 03:04 - 2022-10-09 03:05 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2022-10-09 03:04 - 2022-10-09 03:05 - 000003682 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.5.22250
2022-10-09 03:04 - 2022-10-09 03:05 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-10-09 03:04 - 2022-10-09 03:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-10-09 03:04 - 2022-10-09 03:05 - 000002820 _____ C:\WINDOWS\system32\Tasks\ACC
2022-10-09 03:04 - 2022-10-09 03:05 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-10-09 03:04 - 2022-10-09 03:05 - 000002596 _____ C:\WINDOWS\system32\Tasks\PowerDirectorStyleAgent
2022-10-09 03:04 - 2022-10-09 03:05 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-10-09 03:04 - 2022-10-09 03:05 - 000002440 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTaskCore
2022-10-09 03:04 - 2022-10-09 03:05 - 000002256 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - steven
2022-10-09 03:04 - 2022-10-09 03:04 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Nero
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-10-09 03:04 - 2022-10-09 03:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-09 03:00 - 2022-10-09 03:04 - 000022863 _____ C:\WINDOWS\diagwrn.xml
2022-10-09 03:00 - 2022-10-09 03:04 - 000022863 _____ C:\WINDOWS\diagerr.xml
2022-10-09 03:00 - 2022-10-09 03:00 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-09 03:00 - 2022-10-09 03:00 - 000000000 ____D C:\Program Files\MSBuild
2022-10-09 03:00 - 2022-10-09 03:00 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-09 03:00 - 2022-10-09 03:00 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-09 02:58 - 2022-10-09 02:58 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2022-10-09 02:58 - 2022-10-09 02:58 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2022-10-09 02:57 - 2022-10-09 02:57 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-10-09 02:57 - 2022-10-09 02:57 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-10-09 02:57 - 2022-10-09 02:57 - 000000000 ____D C:\WINDOWS\addins
2022-10-09 02:52 - 2022-10-14 17:13 - 000852164 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-09 02:39 - 2022-10-10 18:14 - 000000000 ____D C:\Users\Hannah
2022-10-09 02:39 - 2022-10-09 14:56 - 000000000 ____D C:\Users\Gillian
2022-10-09 02:39 - 2022-10-09 03:06 - 000000000 ____D C:\Users\steve
2022-10-09 02:39 - 2022-05-07 06:19 - 000001281 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000000407 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-09 02:39 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-09 02:32 - 2022-10-09 02:32 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2022-10-09 02:31 - 2022-10-21 10:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-09 02:31 - 2022-10-12 08:51 - 000649968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-08 22:10 - 2022-10-20 09:20 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-08 21:38 - 2022-08-29 14:15 - 008817232 ____N (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw08.sys
2022-10-08 21:38 - 2022-08-29 14:15 - 001677376 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter08.dll
2022-10-08 21:38 - 2022-08-29 13:54 - 002686148 _____ C:\WINDOWS\system32\Drivers\Netwfw08.dat
2022-10-08 21:38 - 2020-09-10 11:15 - 000025704 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdcsam64.sys
2022-10-08 21:29 - 2022-10-08 21:29 - 000002069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 365.lnk
2022-10-08 21:29 - 2022-10-08 21:29 - 000002057 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 365.lnk
2022-10-08 21:16 - 2022-10-08 21:17 - 022794688 _____ C:\Users\steve\Downloads\ApplicationManager_v2107_rv217698(4.1)_STD_APM220714-01.exe
2022-10-08 20:53 - 2022-10-08 20:55 - 000000000 ____D C:\Users\steve\Downloads\Gold.Rush.S13E02.WEBRip.x264-ION10
2022-10-08 20:52 - 2022-10-08 20:56 - 000000000 ____D C:\Users\steve\Downloads\Gold.Rush.S13E01.WEBRip.x264-ION10
2022-10-08 20:47 - 2022-10-08 20:47 - 000000000 ____D C:\ProgramData\NordUpdater
2022-10-08 20:44 - 2022-10-24 08:14 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2022-09-29 14:52 - 2022-09-29 14:52 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Corel
2022-09-29 14:48 - 2022-09-29 14:48 - 000000000 ____D C:\Users\Hannah\AppData\Local\Wondershare
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-24 08:17 - 2020-01-09 09:16 - 000000000 ____D C:\FRST
2022-10-24 08:17 - 2018-10-10 20:54 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-24 08:14 - 2021-02-21 15:25 - 000000000 ____D C:\Program Files\CCleaner
2022-10-24 08:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-24 08:12 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-24 08:11 - 2020-11-09 16:43 - 000012288 ___SH C:\DumpStack.log.tmp
2022-10-24 08:10 - 2022-05-07 06:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2022-10-24 08:08 - 2018-07-12 19:03 - 000000000 ____D C:\ProgramData\Acer
2022-10-24 08:08 - 2018-07-12 19:03 - 000000000 ____D C:\Program Files\Acer
2022-10-24 08:08 - 2018-07-12 19:03 - 000000000 ____D C:\Program Files (x86)\Acer
2022-10-24 08:07 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-24 08:04 - 2018-10-10 22:43 - 000000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2022-10-24 07:51 - 2018-10-10 20:49 - 000000000 __SHD C:\Users\Gillian\IntelGraphicsProfiles
2022-10-22 13:02 - 2022-09-05 16:47 - 000010976 _____ C:\Users\Gillian\Desktop\Wedding Menu.xlsx
2022-10-22 12:55 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-22 09:45 - 2018-10-23 21:09 - 000000000 ____D C:\Users\steve\AppData\Local\D3DSCache
2022-10-22 09:03 - 2020-09-01 13:57 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Temp
2022-10-21 14:24 - 2020-10-30 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2022-10-21 14:24 - 2020-10-30 16:03 - 000000000 ____D C:\Program Files\NordVPN
2022-10-21 12:34 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2022-10-21 10:43 - 2020-07-04 13:21 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-21 10:43 - 2020-07-04 13:21 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-20 09:47 - 2018-10-14 10:38 - 000000000 ____D C:\Users\steve\AppData\Local\ElevatedDiagnostics
2022-10-17 07:54 - 2020-10-30 16:03 - 000000000 ____D C:\Users\steve\AppData\Local\NordVPN
2022-10-17 07:54 - 2020-10-30 16:03 - 000000000 ____D C:\ProgramData\NordVPN
2022-10-14 17:16 - 2020-11-09 15:01 - 000002438 _____ C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-14 12:20 - 2021-05-13 12:22 - 000002432 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-14 12:20 - 2018-10-10 19:30 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-14 12:12 - 2018-10-10 21:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-14 00:19 - 2018-10-10 20:55 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-14 00:19 - 2018-10-10 20:55 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-10-12 09:28 - 2018-10-10 21:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 09:25 - 2018-10-10 21:45 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-12 08:54 - 2018-10-10 20:33 - 000000000 __SHD C:\Users\Hannah\IntelGraphicsProfiles
2022-10-12 08:44 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Globalization
2022-10-12 08:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2022-10-12 08:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-12 08:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-12 08:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 08:42 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 08:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 08:39 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-12 08:27 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-12 08:24 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2022-10-12 08:18 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-12 08:18 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-10 18:52 - 2018-10-10 20:33 - 000000000 ____D C:\Users\Hannah\AppData\Local\ConnectedDevicesPlatform
2022-10-10 18:33 - 2018-10-10 20:33 - 000000000 ____D C:\Users\Hannah\AppData\Local\Packages
2022-10-10 18:27 - 2020-09-13 11:46 - 000000000 ____D C:\Users\Hannah\AppData\Local\D3DSCache
2022-10-10 18:17 - 2020-11-09 15:01 - 000002435 _____ C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-10 18:15 - 2018-07-12 18:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-10 15:15 - 2021-10-17 15:05 - 000000000 ____D C:\Users\Gillian\AppData\Local\D3DSCache
2022-10-09 15:16 - 2018-10-10 20:49 - 000000000 ____D C:\Users\Gillian\AppData\Local\Packages
2022-10-09 11:45 - 2020-10-30 16:03 - 000001780 _____ C:\Users\steve\Desktop\NordVPN.lnk
2022-10-09 09:40 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-09 07:59 - 2022-06-30 20:28 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2022-10-09 07:59 - 2018-07-12 19:13 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2022-10-09 07:59 - 2018-07-12 18:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-10-09 07:58 - 2018-07-12 19:12 - 000000000 ____D C:\ProgramData\install_clap
2022-10-09 07:58 - 2018-07-12 19:12 - 000000000 ____D C:\ProgramData\install_backup
2022-10-09 07:57 - 2022-04-08 14:07 - 000000000 ____D C:\Program Files\CyberLink
2022-10-09 07:49 - 2022-04-08 14:09 - 000001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Notification Center.lnk
2022-10-09 07:46 - 2018-07-12 18:26 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-09 07:41 - 2021-01-29 13:26 - 000000000 ____D C:\Users\steve\AppData\Roaming\NordPass
2022-10-09 07:36 - 2018-07-12 19:13 - 000000000 ____D C:\Program Files (x86)\CyberLink
2022-10-09 05:14 - 2018-10-10 22:17 - 000000000 ____D C:\ProgramData\Packages
2022-10-09 03:29 - 2022-06-15 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2022-10-09 03:29 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Registration
2022-10-09 03:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-09 03:29 - 2022-04-21 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2022-10-09 03:29 - 2022-04-14 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2022-10-09 03:29 - 2022-03-13 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2022-10-09 03:29 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-09 03:29 - 2021-05-25 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7
2022-10-09 03:29 - 2021-03-08 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2022-10-09 03:29 - 2021-02-21 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-10-09 03:29 - 2020-11-08 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Tools M Beta
2022-10-09 03:29 - 2020-11-06 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-10-09 03:29 - 2019-11-14 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudpaging Player
2022-10-09 03:29 - 2019-11-14 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2022-10-09 03:29 - 2019-04-10 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-10-09 03:29 - 2018-11-10 08:46 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-10-09 03:29 - 2018-10-10 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2022-10-09 03:29 - 2018-10-10 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2022-10-09 03:29 - 2018-10-10 17:43 - 000000000 ____D C:\WINDOWS\oem
2022-10-09 03:29 - 2018-07-12 19:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2022-10-09 03:29 - 2018-07-12 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2022-10-09 03:29 - 2018-07-12 18:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2022-10-09 03:29 - 2018-07-12 18:38 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2022-10-09 03:28 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2022-10-09 03:28 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-09 03:28 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-09 03:28 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-09 03:28 - 2019-06-29 11:20 - 000000000 ____D C:\Program Files\UNP
2022-10-09 03:28 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-09 03:28 - 2018-07-12 18:26 - 000000000 ____D C:\Program Files\Intel
2022-10-09 03:27 - 2018-10-10 18:55 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2022-10-09 03:24 - 2022-08-10 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-10-09 03:24 - 2022-06-16 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2022-10-09 03:24 - 2022-05-27 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2022-10-09 03:24 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Resources
2022-10-09 03:24 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Help
2022-10-09 03:24 - 2022-01-06 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inPixio
2022-10-09 03:24 - 2021-12-20 18:44 - 000000000 ____D C:\WINDOWS\system32\Samsung
2022-10-09 03:24 - 2021-03-03 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2022-10-09 03:24 - 2018-10-23 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2022-10-09 03:15 - 2022-05-07 06:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2022-10-09 03:15 - 2022-05-07 06:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2022-10-09 03:05 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-09 03:04 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-09 03:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-10-09 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-10-09 02:56 - 2022-05-07 11:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-09 02:56 - 2022-05-07 11:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-09 02:56 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-09 02:56 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-09 02:56 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-09 02:45 - 2021-03-09 19:26 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop App
2022-10-09 02:45 - 2021-03-02 13:59 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2022-10-09 02:45 - 2021-01-24 17:46 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-10-09 02:45 - 2020-05-23 15:55 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-10-09 02:43 - 2021-01-06 13:49 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NordSec
2022-10-09 02:37 - 2022-04-04 22:08 - 000000000 ____D C:\WINDOWS\Firmware
2022-10-09 02:32 - 2020-01-10 19:16 - 000000000 __SHD C:\IntelOptaneData
2022-10-08 20:47 - 2022-03-07 15:36 - 000000000 ____D C:\Program Files\NordUpdater
 
==================== Files in the root of some directories ========
 
2022-03-30 13:23 - 2022-03-30 13:23 - 020987948 _____ () C:\Users\steve\AppData\Local\004_Gift_To_Be_Simple.mid-compiled.wav
2022-03-30 13:24 - 2022-03-30 13:24 - 024735788 _____ () C:\Users\steve\AppData\Local\006_Smithwicks_Tavern.mid-compiled.wav
2022-03-30 13:23 - 2022-03-30 13:23 - 009547820 _____ () C:\Users\steve\AppData\Local\105_Ambient_High_Energy.mid-compiled.wav
2022-03-30 13:23 - 2022-03-30 13:23 - 033538092 _____ () C:\Users\steve\AppData\Local\106_Sweetly_Remembering.mid-compiled.wav
2022-03-30 16:52 - 2022-03-30 17:08 - 010846252 _____ () C:\Users\steve\AppData\Local\119_Club_Med.mid-compiled.wav
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2022
Ran by steven (24-10-2022 08:21:35)
Running from C:\Users\steve\Desktop
Microsoft Windows 11 Home Version 22H2 22621.674 (X64) (2022-10-09 02:06:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1741543102-3776721137-2454621359-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1741543102-3776721137-2454621359-503 - Limited - Disabled)
Gillian (S-1-5-21-1741543102-3776721137-2454621359-1003 - Limited - Enabled) => C:\Users\Gillian
Guest (S-1-5-21-1741543102-3776721137-2454621359-501 - Limited - Disabled)
Hannah (S-1-5-21-1741543102-3776721137-2454621359-1002 - Limited - Enabled) => C:\Users\Hannah
steven (S-1-5-21-1741543102-3776721137-2454621359-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-1741543102-3776721137-2454621359-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
App Explorer (HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\Host App Service) (Version: 0.273.3.707 - SweetLabs) <==== ATTENTION
Avanquest Message (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.16.0 - Avanquest Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{4267BC3E-35CF-4F1A-AD0F-4A4B746C19D5}) (Version: 5.40.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 6.04 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\ActiveTouchMeetingClient) (Version: 41.7.4 - Cisco Webex LLC)
Cloudpaging Player (HKLM\...\{23F6FB7C-C1E2-491B-91A1-0441D5191BC7}) (Version: 9.0.4.21424 - Numecent, Inc.)
Corel AfterShot 3 - ICA x64 (HKLM\...\{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.7 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM Content x64 (HKLM\...\{3E064BED-C9D8-4BEF-A2EE-8D67E99C3932}) (Version: 3.6 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM x64 (HKLM\...\{5059B47C-4D7B-46E9-9D7A-1E2FCF5DDBED}) (Version: 3.7.0.446 - Corel Corporation) Hidden
Corel AfterShot 3(64-bit) (HKLM\...\_{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.7.0.446 - Corel Corporation)
Corel PaintShop Pro X7  (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (HKLM-x32\...\{17196252-8555-4E35-9C06-F743143D76D4}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{B6C0FB43-0C9B-46E6-93E4-DF171ED80C53}) (Version: 2.15.656 - Corel corporation) Hidden
CyberLink Application Manager (HKLM-x32\...\{D25D3E15-CABD-420c-B62C-70C1C5EE63FD}) (Version: 4.1.2107.0 - CyberLink Corp.)
CyberLink AudioDirector 365 (HKLM-x32\...\{D60A6FFA-B98B-4941-A079-1A42D73BEF3E}) (Version: 13.0.2106.0 - CyberLink Corp.)
CyberLink ColorDirector 365 (HKLM-x32\...\{B808A1BC-2753-42F7-9543-F46BA2CD08E2}) (Version: 11.0.2031.0 - CyberLink Corp.)
CyberLink PhotoDirector 14 (HKLM-x32\...\{EF76B1BC-DB92-4A4F-8411-849406461806}) (Version: 14.0.0922.0 - CyberLink Corp.)
CyberLink PowerDirector 365 (HKLM-x32\...\{1C2ACE6C-5C3C-45d7-8CF0-149DD8514825}) (Version: 21.0.2123.0 - CyberLink Corp.)
CyberLink PowerDirector Content Pack Premium 2 (HKLM-x32\...\{CF520E54-7DB7-4402-B581-FC0D6734D0C6}) (Version: 2 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8216.01 - CyberLink Corp.)
CyberLink Screen Recorder 4 (HKLM-x32\...\{6819D136-7F3F-4A0D-96C1-368BE830BFDA}) (Version: 4.3.0.19614 - CyberLink Corp.)
CyberLink Shape Transitions Pack (HKLM-x32\...\{A49D8AB7-695A-4D72-BACB-A406008387BF}) (Version: 1.0 - CyberLink Corp.)
CyberLink Travel Pack 2012 (HKLM-x32\...\{66D6469F-58C2-4CFA-B562-E1632065D89A}) (Version: 2 - CyberLink Corp.)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
EaseUS Tools M Beta 0.7.1 (HKLM-x32\...\D72C2F7D-B75E-4641-AFBE-199B95066617_is1) (Version:  - EaseUS)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.3 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{14898485-6509-496B-8C30-D5DB8C1C8639}) (Version: 4.6.3 - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.119 - Google LLC)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp)
ICA (HKLM-x32\...\{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden
inPixio Photo 11 (HKLM-x32\...\{813DB0CA-56D4-4388-AD08-4306C2E042CF}) (Version: 11.0.0 - inPixio)
InPixio Photo Studio Ultimate Resource Pack version 11.1 (HKLM-x32\...\{19015B20-34CB-4C46-9388-7F7E3678C6A8}_is1) (Version: 11.1 - InPixio)
Intel® Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{B4F59074-915E-4DFE-BFD6-1B415B37AE2F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{ED204DD8-2982-4B22-B077-0F70024D5FEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{4B1DEC5C-ED0A-4DD1-ADB2-FD1117FF94D7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{64A94A93-B0C4-4B16-8CDC-FDB06E8CC306}) (Version: 16.0.2.1086 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.40.0 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{18ec79fd-8f83-4e12-bfa5-80c9872cc56b}) (Version: 20.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{F70E0149-0BD0-4933-ADD0-1DC74D8F513B}) (Version: 20.40.0.1365 - Intel Corporation) Hidden
IPM_PSP_COM (HKLM-x32\...\{174F9DF8-AC60-486A-8FF4-A22831D48E0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{17704FA2-B1D2-4D5C-A23D-BDA0D2BC9CC7}) (Version: 17.0.0.199 - Corel Corporation) Hidden
iPod Support (HKLM\...\{57D75376-1F31-4182-8EC8-31A6785ABF29}) (Version: 120.7.3.55 - Apple Inc.)
iSkysoft DVD Creator(Build 6.2.8) (HKLM-x32\...\iSkysoft DVD Creator_is1) (Version:  - iSkysoft Software)
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
MAGIX Fastcut (Editing templates 1) (HKLM\...\{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (Editing templates 1) (HKLM\...\MX.{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH)
MAGIX Fastcut (Editing templates 2) (HKLM\...\{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (Editing templates 2) (HKLM\...\MX.{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH)
MAGIX Fastcut (HKLM\...\{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (HKLM\...\MX.{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH)
Malwarebytes version 4.5.16.217 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.16.217 - Malwarebytes)
Microsoft .NET Host - 6.0.4 (x64) (HKLM\...\{E8F68286-7C62-4E7D-A28F-277FFEBC2B9D}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.4 (x64) (HKLM\...\{51701D62-C986-4508-B423-5EFE6FF708B7}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.4 (x64) (HKLM\...\{BA6DD641-C766-473C-B70A-451F96F4D88B}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.15629.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Teams) (Version: 1.4.00.29469 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{9F513024-FFAD-4466-8CF0-5348389196B8}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{C521A8D8-511F-43DF-B789-7DD0B3F7363B}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.26.28720 (HKLM-x32\...\{2F69FB2B-2C48-491C-B249-22C1BDCE1117}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.26.28720 (HKLM-x32\...\{31C9EB3A-5F0C-49E7-8E6C-D404E48F433D}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM\...\{A0EC4CD9-836A-4D8B-BBD7-D5BC3902465C}) (Version: 48.19.39090 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM-x32\...\{73e5de3a-8f61-4a4a-ac84-0d7d5c9b9b5f}) (Version: 6.0.4.31115 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Nero Info (HKLM-x32\...\Nero Info) (Version: 24.5.1.12 - Nero AG)
Nero SharedVideoCodecs (HKLM-x32\...\{2432E589-6256-4513-B0BF-EFA8E325D5F0}) (Version: 1.0.19014 - Nero AG) Hidden
Nero WiFi+Transfer (HKLM-x32\...\WiFi+Transfer) (Version: 1.0.5.3 - Nero AG)
NordPass (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\285d85e1-fc76-5a0e-ba2d-20241a7fe9d2) (Version: 2.15.11 - NordPass Team)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.3.0.73 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.1.2.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PSPPContent (HKLM-x32\...\{17289BF4-5826-447B-A20A-738044D0B3E5}) (Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{1735F0DE-B173-4116-BABC-653A12FB9238}) (Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{17511557-C430-486A-AB5A-87A8134B2613}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.3.9 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.9 - VS Revo Group, Ltd.)
Setup (HKLM-x32\...\{17088A4E-3CF3-4F12-926D-2A9E8085B8EC}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update7 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-6) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-7) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinX HD Video Converter Deluxe 5.6.0 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Wondershare Filmora 11(Build 11.4.7.358) (HKLM\...\Wondershare Filmora 11_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-10-21] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4 [2022-10-14] (Acer Incorporated)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08 [2022-05-26] (AMZN Mobile LLC.) [Startup Task]
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.1.0_neutral__yxz26nhyzhsrt [2022-10-14] (Microsoft Corp.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.47.7.0_x64__q4d96b2w5wcc2 [2022-10-20] (Evernote) [Startup Task]
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2022-10-14] (Facebook Inc)
HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.51122.0_x64__8wekyb3d8bbwe [2022-05-26] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa [2022-09-14] (Apple Inc.) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1590.24.221.0_x64__8xx8rvfyw5nnt [2022-09-12] (Meta) [Startup Task]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2022-10-10] (Microsoft Corp.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-10-09] (Microsoft Studios) [MS Ad]
Movie Maker - Video Editor FREE -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.5.22.0_x64__bzg06mxvgh4fa [2022-10-14] (V3TApps)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-19] (Microsoft Corporation)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [2022-10-10] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32061.0_x64__8wekyb3d8bbwe [2022-10-10] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-10] (Microsoft Corporation)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2021-12-22] (CYBERLINK COM CORP)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2022-01-19] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3001.0_x64__48frkmn4z8aw4 [2021-01-21] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-07-07] (Realtek Semiconductor Corp)
Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_4.9.7.0_x64__3c1yjt4zspk6g [2022-10-08] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0 [2022-10-17] (Spotify AB) [Startup Task]
Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2021-01-21] (Ryan Tremblay) [MS Ad]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-12] (Microsoft Windows)
Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_2.0.4.0_x86__1crh1k73ty8mg [2020-06-10] (Media Life)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001_Classes\CLSID\{642ccb6b-4be1-471e-bc61-606dd9dc7c79}\localserver32 -> C:\Program Files\inPixio\inPixio Photo 11\PhotoStudioIP11.exe (InPixio) [File not signed]
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\steve\Desktop\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg
ShortcutWithArgument: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg
 
==================== Loaded Modules (Whitelisted) =============
 
2018-12-03 22:19 - 2018-12-03 22:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2019-03-06 22:45 - 2007-09-18 17:44 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBIPDev.dll
2019-03-06 22:45 - 2007-09-10 16:03 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBLPBidiDev.dll
2019-03-06 22:45 - 2006-12-26 15:58 - 000233544 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBMSDev.dll
2019-03-06 22:45 - 2004-11-17 17:56 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBNWDev.dll
2019-03-06 22:45 - 2007-09-10 16:32 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBRSVC.dll
2019-03-06 22:45 - 2006-08-30 02:02 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll
2019-03-06 22:27 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2019-03-06 22:27 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\sharepoint.com -> hxxps://strath-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\steve\Pictures\Photos from S20\20200924_213048.jpg
HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Gillian\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\newyo.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® TPM Provisioning Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MyEpson Portal Service => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NeroBackItUpBackgroundService2018 => 2
MSCONFIG\Services: QASvc => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: RtkAudioUniversalService => 2
MSCONFIG\Services: StreamingCore => 2
MSCONFIG\Services: UEIPSvc => 3
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Endeavors Technologies JukeboxPlayer"
HKLM\...\StartupApproved\Run32: => "Nero BackItUp"
HKLM\...\StartupApproved\Run32: => "EaseUS FixTool"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "electron.app.NordPass"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPSDNMON"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{524475A9-E2B2-4BB6-B111-77CB073B56C5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{47CD995C-7640-4EA2-B902-E491EE6FFD90}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6BD33FC-2DA9-494A-804A-9D6BD2689ABD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{195A09B6-FBCC-491D-B89E-F0A2227F3C00}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7252ECA-9CFE-40E4-AD45-7D4AF3E3FA95}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{451D32A3-2AF9-47B1-9F78-3D81FF4366B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1BCBA6C-725B-4EFB-A614-3125EEA88A75}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A2080328-9858-41ED-A570-6F79909B4403}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F0992BB3-D7CD-4C10-96E2-A84DE53B14EB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D48F7CD0-5791-4694-B03A-46EB4458B3C4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12125.8.57037.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AF104243-EB83-4863-8AF6-91971D2BB830}] => (Allow) C:\Program Files (x86)\Nero\Nero Apps\Transfer\Transfer.exe (Nero AG -> Nero AG)
FirewallRules: [UDP Query User{D4AEB729-00CE-4595-8782-6186AFD67E91}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E5F53477-DD35-4C1A-AC5D-1EA8805EDE0D}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{825C4112-119B-4B6D-9B9F-4405D2A47031}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D968E615-574A-450D-979C-C2D1EE629A81}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CD7A1BCD-905B-499F-9DEE-6F69F7EBE363}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A468DCC4-A197-478D-A556-1959647235D2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C158354D-65E7-4ACE-A1D2-9E78DF369D65}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{005D8629-9C40-4DB8-BE99-D99544A78A0F}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DAC9F25C-4833-402F-B381-DCDFA867C337}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{421624A7-B80E-4380-97CB-48E6E6DB94CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97146C7B-99B4-437A-AC64-7101B5A4C313}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6BD7DCFE-22AF-4891-8DCE-19CD07655E8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EC059BCF-5AFE-4F22-84C2-A1682F465CBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{66B4C281-1F99-4970-84B4-25F781A17D8E}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{78BB51ED-5D88-48F8-817C-06FBDE65EAA0}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5EEB7081-F60A-45BE-ADF0-2E30DBC8AD5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9722F32B-89D4-46D9-8C3B-E2337F9B9FA0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel® Wireless Connectivity Solutions -> )
FirewallRules: [{FCBA071B-62BB-4133-A9A7-D361BFA1A0BB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{09EC6237-0455-4632-A697-D4D68AA27CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E2924F25-34C0-4626-A9C9-19DA4B24F666}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{7C5949E0-929E-4D54-A026-E04F2F4BE8C4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{71B9035B-6E96-481F-B4D0-8879D188A65E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{D4AA9B30-D49F-40AB-B4D0-6972C69BA846}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{D43775B1-7D82-4961-B564-BAD29245AD03}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{F7769D7A-AE6B-45E3-B473-81F59F1CF973}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{8EBD3890-585B-4E72-A392-F0248E6A25D5}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{C4B06792-EBC8-4B07-9AED-66B147D119DC}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{B0AB877D-0BC9-4591-95DF-99105791A82B}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{923C6F2D-B29D-4895-BFA1-48EB43990A10}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{A784AB41-9E8F-46F0-9E57-AF1311F23631}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{1FF9056C-18B8-4C4C-9D20-C003728090EE}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{D8CD1526-D62D-4560-B9BE-5C7DD465AF66}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{3E19D774-3AD9-40E7-8A57-3EC857B324B6}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{17D38086-9743-4EDF-A691-D604CA563BF2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{4C5CAB28-7A10-4992-B0C9-70236A8C60A9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{762E09DF-D209-4C13-A0E4-3B1D507301E2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{972566EC-13CB-4389-975F-449D3598E771}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{F01C3573-9E22-458A-91CE-5DB8F87466B3}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{95236E62-7ACB-4C8D-8E14-7BAE7CD20548}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{A16E47A8-211F-4C36-8DA0-694CCD4A95CB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{38919211-491A-4399-942E-8B30C4EA6645}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [TCP Query User{1D3B44E5-7570-4F13-B04C-111E72D6FC1E}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]
FirewallRules: [UDP Query User{696A3737-CC6F-46FB-9216-570CEB929772}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]
FirewallRules: [TCP Query User{264C95F6-A57E-4E55-AF24-917262811A57}C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{636FC029-9E9F-4501-AA25-856A109525D5}C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E64876CA-64B4-4268-981B-7174EC1A856D}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Allow) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]
FirewallRules: [UDP Query User{46FECE41-9EA8-4721-AEB5-6B713875FF5D}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Allow) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]
FirewallRules: [TCP Query User{20BBCE53-FDDF-4432-9439-48EB3077AA00}C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F5079F31-EED9-4BDC-95EF-AD1FBD2D6E39}C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F4C5C5C3-C9F6-4105-812E-1EC951E5D0A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AC1911B7-9946-4256-837E-7CA77335EF4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAC6FE5D-65D6-40B9-BD6B-6A8D6F986BC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AAFC051D-59C1-4873-A2B3-2A46C7984561}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{83920D0D-992D-4C25-8E2F-BCAE452B679E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5063F36-3649-428A-B785-B4464F5DEC9B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6BC220C4-A45D-4DB1-9285-DDB455B8DF1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BFEE4F65-D093-4A0F-AAFB-229E399335AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{559445BB-4899-46F0-A631-9427A17EA694}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{49699C77-3F09-49D7-BA80-817796B79D47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1A25E102-C8A8-4D63-93B0-16FCEB9537EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2B4F197C-2A3C-4A4C-8D1C-9943A9E9822F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0892DD2-7D00-4DE0-A1A1-423E87CD1C83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7FA4D2E0-E55E-440C-BAE4-519FDD025756}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22260.203.1605.4995_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71854FC8-D15A-4E61-B14A-10A896E88CBC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22260.203.1605.4995_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27D7D698-8536-46EE-9076-868B47B79175}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
21-10-2022 11:06:05 Scheduled Checkpoint
24-10-2022 08:06:50 AdwCleaner_BeforeCleaning_24/10/2022_08:06:46
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/24/2022 08:04:47 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-T3QOQ8M)
Description: Faulting application name: ACEStd.exe, version: 1.1.3011.0, time stamp: 0x5a324be8
Faulting module name: KERNELBASE.dll, version: 10.0.22621.608, time stamp: 0x4769d08d
Exception code: 0xe0434352
Fault offset: 0x000000000008fb0c
Faulting process ID: 0x0x3b8c
Faulting application start time: 0x0x1d8e776e5173bb1
Faulting application path: C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 8393fe98-f955-4fd2-974d-c28dbe1257b5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/24/2022 08:04:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ACEStd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.DriveInfo.get_AvailableFreeSpace()
   at ABEStd.HDDMonitor.WatchHDD()
   at ABEStd.ABEManager.HardwareMonitorStart()
   at ABEStd.ABEManager.ABEManagerInit()
   at ABEStd.MainWindow..ctor()
 
Exception Info: System.Windows.Markup.XamlParseException
   at System.Windows.Markup.XamlReader.RewrapException(System.Exception, System.Xaml.IXamlLineInfo, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at ABEStd.App.Main()
 
Error: (10/22/2022 01:22:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete analysis on WD Unlocker (G:) because: CD-ROM volumes cannot be optimised. (0x8900000F)
 
Error: (10/22/2022 11:22:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete analysis on WD Unlocker (G:) because: CD-ROM volumes cannot be optimised. (0x8900000F)
 
Error: (10/22/2022 09:22:33 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete analysis on WD Unlocker (G:) because: CD-ROM volumes cannot be optimised. (0x8900000F)
 
Error: (10/22/2022 09:11:49 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-T3QOQ8M)
Description: Faulting application name: ACEStd.exe, version: 1.1.3011.0, time stamp: 0x5a324be8
Faulting module name: KERNELBASE.dll, version: 10.0.22621.608, time stamp: 0x4769d08d
Exception code: 0xe0434352
Fault offset: 0x000000000008fb0c
Faulting process ID: 0x0x3368
Faulting application start time: 0x0x1d8e5edebc974f0
Faulting application path: C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: d37917b2-4541-445f-a4af-21dcff962f4a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/22/2022 09:11:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ACEStd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.DriveInfo.get_AvailableFreeSpace()
   at ABEStd.HDDMonitor.WatchHDD()
   at ABEStd.ABEManager.HardwareMonitorStart()
   at ABEStd.ABEManager.ABEManagerInit()
   at ABEStd.MainWindow..ctor()
 
Exception Info: System.Windows.Markup.XamlParseException
   at System.Windows.Markup.XamlReader.RewrapException(System.Exception, System.Xaml.IXamlLineInfo, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at ABEStd.App.Main()
 
Error: (10/22/2022 09:06:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
 
System errors:
=============
Error: (10/24/2022 08:17:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Device Setup Manager service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (10/24/2022 08:17:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Device Setup Manager service to connect.
 
Error: (10/24/2022 08:08:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly. It has done this 1 time(s).
 
Error: (10/24/2022 08:08:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (10/24/2022 08:08:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
 
Error: (10/24/2022 08:08:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (10/24/2022 08:08:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RstMwService service terminated unexpectedly. It has done this 1 time(s).
 
Error: (10/24/2022 08:08:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2022-10-21 12:34:21
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-20 09:50:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-14 04:32:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-13 05:03:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-12 08:35:28
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2022-10-20 09:25:33
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.377.358.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19700.3
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2022-10-17 08:31:15
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.377.228.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19700.3
Error code: 0x80070102
Error description: The wait operation timed out. 
 
CodeIntegrity:
===============
Date: 2022-10-24 08:12:34
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2022-10-22 13:08:17
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. R01-C3 04/08/2020
Motherboard: Acer B36H4-AD
Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 55%
Total physical RAM: 8069.98 MB
Available physical RAM: 3599.02 MB
Total Virtual: 8645.98 MB
Available Virtual: 4323.18 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:465.19 GB) (Free:177.86 GB) (Model: TOSHIBA DT01ACA100) NTFS
Drive d: (Data) (Fixed) (Total:465.2 GB) (Free:458.33 GB) (Model: TOSHIBA DT01ACA100) NTFS
Drive f: () (Fixed) (Total:0 GB) (Free:0 GB) (Model: WD Elements 2621 USB Device) 
Drive g: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
 
\\?\Volume{af1a4e76-2cab-42a1-b627-2319125239c2}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.42 GB) NTFS
\\?\Volume{e98a5c0c-fd67-4cc4-8a80-21ad4146b416}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2034C532)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
 
==================== End of Addition.txt =======================
 
I think it seems a little faster now starting up, I timed it this morning and from switching on it took 2 mins 30 secs to be able to search on Google, does that seem reasonable?

Edited by Steviep, 24 October 2022 - 01:40 AM.

  • 0

#6
DR M
Posted 24 October 2022 - 07:56 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Steviep.

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
Task: {5BC24D20-38CC-4A0D-9BA0-33411F13A9A9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe RebootDialog (No File)
Task: {74C892B5-18A8-4E50-8C75-BE40397E021F} - System32\Tasks\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run => C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe /WinStart (No File)
Task: {99623E9F-1E61-4B4C-B0CD-67B8BA5B9560} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (No File)
Task: {A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
S4 QASvc; "C:\Program Files\Acer\Quick Access Service\QASvc.exe" [X]
S4 UEIPSvc; "C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe" [X]
2022-10-17 08:01 - 2022-10-17 08:01 - 028396224 _____ (The qBittorrent project) C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup (1).exe
2022-10-17 08:00 - 2022-10-17 08:01 - 028396224 _____ (The qBittorrent project) C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup.exe
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

  • 0

#7
Steviep
Posted 24 October 2022 - 09:40 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

Hi Dr M

 

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2022
Ran by steven (24-10-2022 15:00:35) Run:4
Running from C:\Users\steve\Desktop
Loaded Profiles: steven & Hannah & Gillian
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "G:\unlock.exe" autoplay=true
Task: {5BC24D20-38CC-4A0D-9BA0-33411F13A9A9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe RebootDialog (No File)
Task: {74C892B5-18A8-4E50-8C75-BE40397E021F} - System32\Tasks\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run => C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe /WinStart (No File)
Task: {99623E9F-1E61-4B4C-B0CD-67B8BA5B9560} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (No File)
Task: {A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
S4 QASvc; "C:\Program Files\Acer\Quick Access Service\QASvc.exe" [X]
S4 UEIPSvc; "C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe" [X]
2022-10-17 08:01 - 2022-10-17 08:01 - 028396224 _____ (The qBittorrent project) C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup (1).exe
2022-10-17 08:00 - 2022-10-17 08:01 - 028396224 _____ (The qBittorrent project) C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup.exe
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9674c4fe-ccbc-11e8-8391-7c2a317b0e98} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BC24D20-38CC-4A0D-9BA0-33411F13A9A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC24D20-38CC-4A0D-9BA0-33411F13A9A9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74C892B5-18A8-4E50-8C75-BE40397E021F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74C892B5-18A8-4E50-8C75-BE40397E021F}" => removed successfully
C:\WINDOWS\System32\Tasks\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99623E9F-1E61-4B4C-B0CD-67B8BA5B9560}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99623E9F-1E61-4B4C-B0CD-67B8BA5B9560}" => removed successfully
C:\WINDOWS\System32\Tasks\ACC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F}" => removed successfully
C:\WINDOWS\System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CareCenter\SecurityHealth_Reg_HKLMRun" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
HKLM\System\CurrentControlSet\Services\QASvc => removed successfully
QASvc => service removed successfully
HKLM\System\CurrentControlSet\Services\UEIPSvc => removed successfully
UEIPSvc => service removed successfully
C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup (1).exe => moved successfully
C:\Users\steve\Downloads\qbittorrent_4.4.5_x64_setup.exe => moved successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.1
 
Image Version: 10.0.22621.674
 
 
[==                         3.8%                           ] 
 
[==                         3.8%                           ] 
 
[==                         4.0%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.4%                           ] 
 
[==                         4.6%                           ] 
 
[==                         4.7%                           ] 
 
[==                         4.8%                           ] 
 
[==                         5.1%                           ] 
 
[==                         5.1%                           ] 
 
[===                        5.3%                           ] 
 
[===                        5.7%                           ] 
 
[===                        5.9%                           ] 
 
[===                        6.1%                           ] 
 
[===                        6.3%                           ] 
 
[===                        6.5%                           ] 
 
[===                        6.7%                           ] 
 
[====                       6.9%                           ] 
 
[====                       7.4%                           ] 
 
[====                       7.7%                           ] 
 
[====                       7.8%                           ] 
 
[====                       8.3%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      9.0%                           ] 
 
[=====                      9.1%                           ] 
 
[=====                      9.4%                           ] 
 
[=====                      9.5%                           ] 
 
[=====                      9.6%                           ] 
 
[=====                      9.6%                           ] 
 
[=====                      9.9%                           ] 
 
[=====                      10.2%                          ] 
 
[======                     10.5%                          ] 
 
[======                     10.8%                          ] 
 
[======                     11.1%                          ] 
 
[======                     11.5%                          ] 
 
[======                     11.9%                          ] 
 
[=======                    12.2%                          ] 
 
[=======                    12.6%                          ] 
 
[=======                    13.0%                          ] 
 
[=======                    13.5%                          ] 
 
[========                   13.8%                          ] 
 
[========                   14.0%                          ] 
 
[========                   14.1%                          ] 
 
[========                   14.3%                          ] 
 
[========                   14.6%                          ] 
 
[========                   14.6%                          ] 
 
[========                   14.9%                          ] 
 
[========                   15.0%                          ] 
 
[========                   15.2%                          ] 
 
[=========                  15.5%                          ] 
 
[=========                  15.7%                          ] 
 
[=========                  15.8%                          ] 
 
[=========                  16.0%                          ] 
 
[=========                  16.0%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  16.7%                          ] 
 
[=========                  16.8%                          ] 
 
[=========                  16.8%                          ] 
 
[=========                  16.8%                          ] 
 
[=========                  17.0%                          ] 
 
[==========                 17.3%                          ] 
 
[==========                 17.5%                          ] 
 
[==========                 17.7%                          ] 
 
[==========                 17.9%                          ] 
 
[==========                 18.2%                          ] 
 
[==========                 18.4%                          ] 
 
[==========                 18.6%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.2%                          ] 
 
[===========                19.5%                          ] 
 
[===========                19.7%                          ] 
 
[===========                19.8%                          ] 
 
[===========                20.1%                          ] 
 
[===========                20.3%                          ] 
 
[===========                20.6%                          ] 
 
[============               20.9%                          ] 
 
[============               21.1%                          ] 
 
[============               21.4%                          ] 
 
[============               21.7%                          ] 
 
[============               21.8%                          ] 
 
[============               22.0%                          ] 
 
[============               22.2%                          ] 
 
[=============              22.6%                          ] 
 
[=============              22.9%                          ] 
 
[=============              23.1%                          ] 
 
[=============              23.2%                          ] 
 
[=============              23.5%                          ] 
 
[=============              23.8%                          ] 
 
[=============              24.0%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.6%                          ] 
 
[==============             24.9%                          ] 
 
[==============             25.3%                          ] 
 
[==============             25.8%                          ] 
 
[===============            26.0%                          ] 
 
[===============            26.0%                          ] 
 
[===============            26.0%                          ] 
 
[===============            26.6%                          ] 
 
[===============            26.9%                          ] 
 
[===============            27.0%                          ] 
 
[===============            27.2%                          ] 
 
[===============            27.3%                          ] 
 
[===============            27.4%                          ] 
 
[===============            27.5%                          ] 
 
[================           27.7%                          ] 
 
[================           27.9%                          ] 
 
[================           28.1%                          ] 
 
[================           28.8%                          ] 
 
[================           29.1%                          ] 
 
[================           29.2%                          ] 
 
[================           29.2%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.5%                          ] 
 
[=================          29.6%                          ] 
 
[=================          29.7%                          ] 
 
[=================          29.7%                          ] 
 
[=================          29.8%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.2%                          ] 
 
[=================          30.2%                          ] 
 
[=================          30.3%                          ] 
 
[=================          30.4%                          ] 
 
[=================          30.4%                          ] 
 
[=================          30.5%                          ] 
 
[=================          30.6%                          ] 
 
[=================          30.6%                          ] 
 
[=================          30.9%                          ] 
 
[=================          31.0%                          ] 
 
[==================         31.1%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.3%                          ] 
 
[==================         31.3%                          ] 
 
[==================         31.3%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.6%                          ] 
 
[==================         31.7%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.9%                          ] 
 
[==================         32.0%                          ] 
 
[==================         32.1%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.4%                          ] 
 
[==================         32.6%                          ] 
 
[==================         32.7%                          ] 
 
[===================        32.9%                          ] 
 
[===================        33.0%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.2%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.6%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.8%                          ] 
 
[===================        33.9%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.1%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.4%                          ] 
 
[====================       34.5%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.7%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.0%                          ] 
 
[====================       35.1%                          ] 
 
[====================       35.3%                          ] 
 
[====================       35.5%                          ] 
 
[=====================      36.4%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.6%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      36.9%                          ] 
 
[=====================      36.9%                          ] 
 
[=====================      36.9%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.2%                          ] 
 
[=====================      37.2%                          ] 
 
[=====================      37.3%                          ] 
 
[=====================      37.4%                          ] 
 
[=====================      37.6%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.8%                          ] 
 
[=====================      37.8%                          ] 
 
[=====================      37.9%                          ] 
 
[=====================      37.9%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.5%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.7%                          ] 
 
[======================     38.8%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.1%                          ] 
 
[======================     39.1%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.3%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.6%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.4%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    41.0%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.8%                          ] 
 
[========================   42.2%                          ] 
 
[========================   42.6%                          ] 
 
[========================   42.9%                          ] 
 
[=========================  43.3%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  44.0%                          ] 
 
[=========================  44.2%                          ] 
 
[========================== 44.9%                          ] 
 
[========================== 45.2%                          ] 
 
[========================== 45.6%                          ] 
 
[========================== 46.0%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.9%                          ] 
 
[===========================47.2%                          ] 
 
[===========================47.6%                          ] 
 
[===========================47.8%                          ] 
 
[===========================48.2%                          ] 
 
[===========================48.7%                          ] 
 
[===========================48.9%                          ] 
 
[===========================49.2%                          ] 
 
[===========================50.1%                          ] 
 
[===========================50.4%                          ] 
 
[===========================50.6%                          ] 
 
[===========================50.7%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.3%                          ] 
 
[===========================51.3%                          ] 
 
[===========================51.3%                          ] 
 
[===========================51.3%                          ] 
 
[===========================51.4%                          ] 
 
[===========================51.4%                          ] 
 
[===========================51.4%                          ] 
 
[===========================51.4%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.6%                          ] 
 
[===========================51.7%                          ] 
 
[===========================51.7%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.9%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.2%=                         ] 
 
[===========================57.3%=                         ] 
 
[===========================57.3%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.2%=                         ] 
 
[===========================58.6%=                         ] 
 
[===========================59.2%==                        ] 
 
[===========================59.2%==                        ] 
 
[===========================59.2%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.9%==                        ] 
 
[===========================60.0%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection did not find any integrity violations.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35955300 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 93319109 B
Edge => 0 B
Chrome => 390701394 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9992 B
steve => 2214418 B
Hannah => 2214418 B
Gillian => 217710532 B
 
RecycleBin => 267200 B
EmptyTemp: => 708.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:37:02 ====

  • 0

#8
DR M
Posted 24 October 2022 - 09:49 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Everything looks fine, right now. 
 
To ensure that everything is clean, let's perform another check:
 
1. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

After the above, let's check the disk:

 

2. Check disk

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
       chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

 

 

In your next reply please post:

  1. The eset.txt
  2. The chkdsk result

  • 0

#9
Steviep
Posted 25 October 2022 - 12:10 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

Hi Dr M

 

24/10/2022 22:21:35
Files scanned: 592603
Detected files: 3
Cleaned files: 3
Total scan time 03:17:13
Scan status: Finished
C:\FRST\Quarantine\C\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
C:\FRST\Quarantine\C\Program Files\AVAST Software\Avast\setup\offertool_ais-932.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
C:\Users\steve\AppData\Roaming\uTorrent Web\update.exe a variant of Win32/uTorrent.F potentially unwanted application cleaned by deleting
 
 
 
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 25/10/2022 07:07:36 >------
Category: 0
Computer Name: DESKTOP-T3QOQ8M
Event Code: 1001
Record Number: 2976
Source Name: Microsoft-Windows-Wininit
Time Written: 10-24-2022 @ 23:06:28
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Acer.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
Stage 1: Examining basic file system structure ...
  1093888 file records processed.                                                        
 
File verification completed.
 Phase duration (File record verification): 35.66 seconds.
  26649 large file records processed.                                   
 
 Phase duration (Orphan file record recovery): 8.74 milliseconds.
  0 bad file records processed.                                     
 
 Phase duration (Bad file record checking): 1.67 milliseconds.
 
Stage 2: Examining file name linkage ...
  54074 reparse records processed.                                      
 
  1264442 index entries processed.                                                       
 
Index verification completed.
 Phase duration (Index verification): 2.77 minutes.
  0 unindexed files scanned.                                        
 
 Phase duration (Orphan reconnection): 1.07 seconds.
  0 unindexed files recovered to lost and found.                    
 
 Phase duration (Orphan recovery to lost and found): 1.49 minutes.
  54074 reparse records processed.                                      
 
 Phase duration (Reparse point and Object ID verification): 115.52 milliseconds.
 
Stage 3: Examining security descriptors ...
Cleaning up 10976 unused index entries from index $SII of file 0x9.
Cleaning up 10976 unused index entries from index $SDH of file 0x9.
Cleaning up 10976 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 861.43 milliseconds.
  85278 data files processed.                                           
 
 Phase duration (Data attribute verification): 1.87 milliseconds.
CHKDSK is verifying Usn Journal...
  37279896 USN bytes processed.                                                           
 
Usn Journal verification completed.
 Phase duration (USN journal verification): 861.83 milliseconds.
 
Stage 4: Looking for bad clusters in user file data ...
  1093872 files processed.                                                               
 
File data verification completed.
 Phase duration (User file recovery): 1.23 hours.
 
Stage 5: Looking for bad, free clusters ...
  45374892 free clusters processed.                                                       
 
Free space verification is complete.
 Phase duration (Free space recovery): 17.50 minutes.
Correcting errors in the Volume Bitmap.
 
Windows has made corrections to the file system.
No further action is required.
 
 487791615 KB total disk space.
 304751268 KB in 510044 files.
    315364 KB in 85281 indexes.
         0 KB in bad sectors.
   1225411 KB in use by the system.
     65536 KB occupied by the log file.
 181499572 KB available on disk.
 
      4096 bytes in each allocation unit.
 121947903 total allocation units on disk.
  45374893 allocation units available on disk.
Total duration: 1.61 hours (5803607 ms).
 
Internal Info:
00 b1 10 00 86 15 09 00 bd 76 10 00 00 00 00 00  .........v......
e0 10 00 00 5a c2 00 00 00 00 00 00 00 00 00 00  ....Z...........
 
-----------------------------------------------------------------------
 

  • 0

#10
DR M
Posted 25 October 2022 - 02:36 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Steviep.
 
Corrections have been made to the disk, according to the report above.
 
Although it is said that no further actions are needed, please do the following as an additional disk check:

  • Download CrystalDiskInfo from here and save it to your Desktop.
  • Run the installer to install the program.
  • When finished, open the installed program by double clicking on it.
  • If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
  • Let me know about your result. You can attach a screenshot if you like.

Can you please let me know what are the issues you are experiencing right now?


  • 0

Advertisements

#11
Steviep
Posted 25 October 2022 - 02:56 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Hi Dr M,
 
The report came back as good, things seem to be a bit better now- I have rebooted my PC and then logged off and from switching PC on to being able to use google was 2mis 14 secs which I
presume is an acceptable time?

  • 0

#12
DR M
Posted 25 October 2022 - 04:04 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

You mean that it takes 2 minutes to log in and use the browser? 
 
Although I find it normal, you can do the following to reduce the start-up time:

1. In the Search area type Task Manager and select it from the items appear. 

2. If you see a window with a More details button, choose More details. Otherwise move on to the step 3 directly.
3. Click on Start up tab and check the columns Status and Start-up impact. See if you don't need any of the enabled items to start with Windows. Especially check items with the indication High. Click on the items you don't need to start with Windows and select Disable.
4. Restart the computer and check if it is still slow at start-up.
5. Report your comments in your next reply.


  • 0

#13
Steviep
Posted 25 October 2022 - 04:25 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

Hi Dr M,

 

Disabled a coupleof items, did a reboot then powered off and when switched PCon again it took 2 mins 1sec to have a usable Browser- thanks for all your help


  • 0

#14
DR M
Posted 25 October 2022 - 04:32 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Something to ask you: are these 2 minutes the duration of the start-up/sign-in process or the time it takes you to enter the browser when you click on it to open? If you just added the time it takes you to do both (sign-in and open the browser), then I don't find something strange/unusual. 


  • 0

#15
Steviep
Posted 25 October 2022 - 04:44 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

Its 2 mins from powering on the PC until my browser lets me search- thats good if thats normal and thank you again for your help, I have a 30gb file on my desktop- could this be slowing things down?


Edited by Steviep, 25 October 2022 - 06:19 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP