Solved Downloaded a .exe file from a copy of a website

dcovalencia

Posts: 18   +0
After installing a .exe file from what I thought was the official site of Asana, I started having PowerShell pop up randomly on my pc. I rechecked the website and only then realized it was spelled differently. Couldn't find the Windows Defender, cllaiming I need IT permission (not sure if this started prior to the download, but I couldn't get rid of it despite many fixes). So far, I am not getting any errors, but when I installed Avast, I got a ping for an "obcs64.scr" file and upon installing RogueKiller, I got pinged for "gecici_proje_klasoru" which says that it is a Trojan.

Since I basically have everything in this pc, I wanted to make sure that it is cleared of the Trojan. Please help confirm. Thank you. I'll be adding the FRST and Addition logs in this same thread.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2023
Ran by valynth (administrator) on VALYNTH (LENOVO 81X2) (02-02-2023 16:59:51)
Running from C:\Users\valynth\Downloads
Loaded Profiles: valynth & denise & Administrator
Platform: Microsoft Windows 11 Home Single Language Version 22H2 22621.1194 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <12>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(MultimediaAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Microsoft OneDrive\OneDrive.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.007.0109.0004\Microsoft.SharePoint.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\valynth\AppData\Roaming\uTorrent Web\helper\helper.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Canva -> Canva Pty Ltd) C:\Users\valynth\AppData\Local\Programs\Canva\Canva.exe <2>
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\valynth\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ea4acce9a2fdda82\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~2.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_da914fb427b10059\LenovoUtilityService.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_da914fb427b10059\FnHotkeyUtility.exe
(explorer.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\69.0.0.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\69.0.0.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Grammarly, Inc. -> ) C:\Users\valynth\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Push Play Labs Inc -> PushPlayLabs, Inc.) C:\Users\valynth\AppData\Local\Sidekick\Application\sidekick.exe <25>
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ea4acce9a2fdda82\DAX3API.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_da914fb427b10059\LenovoUtilityService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC) C:\ProgramData\Toolkit\SeagateSecureService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_2767484eb7b0598d\WTabletServiceISD.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.25183.1000.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21256.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21256.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\1.0.2209.22001-0\SecurityHealthHost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PenTablet] => C:\Program Files\Pentablet\PenTablet.exe [814840 2021-06-25] (Hanvon Ugee Technology Co., Ltd. -> XPPEN TECHNOLOGY CO.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-09-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-11-11] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [215960 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [124599048 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2627968 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38935376 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [utweb] => C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe [6415008 2022-11-17] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\valynth\AppData\Local\Microsoft\Teams\Update.exe [2508552 2022-07-27] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\69.0.0.0\GoogleDriveFS.exe [51022104 2023-01-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [CanvaAutoLaunchAvailabilityCheckAgent] => C:\Users\valynth\AppData\Local\Programs\Canva\Canva.exe [147001632 2022-05-16] (Canva -> Canva Pty Ltd)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [Discord] => C:\Users\valynth\AppData\Local\Discord\Update.exe [1522176 2022-06-08] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1601048 2022-10-26] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [Grammarly] => C:\Users\valynth\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [951216 2023-01-26] (Grammarly, Inc. -> )
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [MicrosoftEdgeAutoLaunch_F54D2CCB77A6A8F13F68537500702520] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188576 2023-01-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2627968 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Run: [MicrosoftEdgeAutoLaunch_7A706471971BDA2923B2A09929095543] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188576 2023-01-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\denise\AppData\Local\Microsoft\Teams\Update.exe [2492128 2022-04-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2627968 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\AuthManSvr.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\Browser.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\CDViewer.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\CtxWebBrowser.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\SelfService.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\wfica32.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\InstalledSDB\{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb [2022-12-13]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe [2023-01-29] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obs.lnk [2023-02-02]
ShortcutTarget: obs.lnk -> C:\Users\valynth\AppData\Roaming\obs-studio\bin\64bit\obs64.scr (No File)
Startup: C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-10-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {099506C4-2F84-4816-8ED9-C6E78720C45E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-07] (Google LLC -> Google LLC)
Task: {0ADEF4CE-834E-4C7F-BFC2-DCC48D842D2E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {10E2871A-484F-4E1A-BA1A-709F27C6B854} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {11579BCC-9B6D-48A7-8D88-11A011CFC6FF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-07-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1941698B-4115-4EB7-9087-0C179CCC14C3} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DEBC40A-E1CF-4B5F-A72B-AF6C8FE215EF} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {20AFC2DA-6B3B-4297-816B-4467598FDED4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c777d6d2-9ace-416d-8b2f-6f6f543a9319 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {2187E8CB-4576-4466-8405-4370D869B1A1} - System32\Tasks\Opera scheduled Autoupdate 1637580750 => C:\Users\valynth\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {22BE948B-F2DD-48CA-9045-3A707D177FF6} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [184656 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {27A254C3-A0D2-43B9-A84B-CF326BD78C38} - System32\Tasks\Opera scheduled Autoupdate 1638649909 => C:\Users\valynth\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {28635E06-9FD3-48D6-91F1-6CE70353E56D} - System32\Tasks\Opera scheduled Autoupdate 1629168609 => C:\Users\valynth\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {2966410F-9CE5-4E13-92FF-6FD137559A9E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C77466E-AA1E-49CD-AF72-08DFD14615A7} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {2D581A3C-4E5F-4A11-834D-095C9E0B7341} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-07-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {31F91325-7358-472C-BD11-CD75C5AFD079} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4954008 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
Task: {32AD0A41-5D92-4F53-AAF3-3DD4A239E37D} - System32\Tasks\Opera scheduled assistant Autoupdate 1629168613 => C:\Users\valynth\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\valynth\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {345431AE-2F14-4014-BD14-27298E22A76F} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {3815A878-6045-41C2-A6BA-2BB1379E97DE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {3B5FD82F-4C35-4D08-9C04-C8DDABEC1E6A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2297796880-1066376711-690406554-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {3CC20165-08C4-4371-ACDB-DDC2C257DA53} - System32\Tasks\CCleanerSkipUAC - valynth => C:\Program Files\CCleaner\CCleaner.exe [32617808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {4284CB9F-7738-4218-A8AC-45383D630FCB} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {45B6E44E-6596-441B-B93C-C492BC005704} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {5E28841C-5225-4863-AB70-FDC7645DF181} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {5FAA3181-F450-4F9F-987F-AB4017634DCA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {626487BC-6B72-44DD-8D82-49C90495D4A5} - System32\Tasks\Lenovo\Lenovo MigrationAssistant start event task => C:\Program Files\Lenovo\Lenovo Migration Assistant\Lenovo Migration Assistant Srv.exe [291216 2020-11-11] (Lenovo -> )
Task: {6A4FE43B-5F34-4BE7-81CC-EEB84366FF0D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\BlueStacksHelper_nxt" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineCore" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineUA" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - valynth" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d7b4994c1a0fad" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-2297796880-1066376711-690406554-1002" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-2297796880-1066376711-690406554-1003" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3945968138-501286664-768322970-500" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\Opera scheduled assistant Autoupdate 1629168613" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1629168609" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1637580750" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {7CD86A55-D8B9-4965-BC28-D8EC6519DB15} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7d5b88b0-5fab-44ee-9da1-518f957ead3d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {848E72BD-A1D2-4302-8BEA-058CD5AC531D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {8B0038CE-385C-4978-8DAB-D904A41D4407} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [89408 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {945BE9BC-3475-4506-AC59-140B08B23F2E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f0588777-7b2c-439f-a7be-b9f6bfab9a84 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {979F2C3E-5416-4B4B-8D40-BF69ABB8DA70} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4713808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "9b44d43a-93a4-4726-97be-78846b08e1b0" --version "6.08.10255" --silent
Task: {999F4C56-1626-4F84-BA5A-62DA1CC1AB9D} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {A2C48318-A85E-4D88-A425-C56BC4A7755D} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2297796880-1066376711-690406554-1002 => C:\Users\valynth\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [89096 2022-10-19] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {A485D6BC-BA53-482D-BF2B-59FBCAAC0F01} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A4B048B6-C0D0-4FE1-9D0A-AD1F26CD4BB0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {B0130E0B-564E-4960-AC38-6180A4842E05} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\22d87862-93f7-4008-9727-c4c668ae03d8 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {B2314A5B-6BE8-4CF0-951B-1BECFCDA7398} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2295192 2023-02-02] (Avast Software s.r.o. -> Avast Software)
Task: {B68D073A-A705-4176-A076-C097EB704514} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3826312 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD33C332-06C5-4207-8102-FC34E8ED75D2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {C36C59C2-DF6E-44A7-9283-9C98AE639603} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2297796880-1066376711-690406554-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {C7C349CB-009A-47BA-BBA2-D205263401AB} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {CB490F52-88AB-485A-BA55-311D406923EA} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {DA8143C7-77B7-4CD7-ADD7-B26A0958D2F5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-01-11] (Piriform Software Ltd -> Piriform)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {E585DD3B-8AE4-48A3-A3AE-DD9DCCEDA217} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {E9698AB4-B720-496E-BDFB-7F836ABE1187} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {ED986F4A-A40A-4212-974E-0D964D4A4AA0} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {F7C6A3D2-D5D1-4E4D-B1AD-9447A0E2A309} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {F868AA57-3BA0-4E54-A791-43249CF49C5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-07] (Google LLC -> Google LLC)
Task: {FCE09D19-2FDD-4D78-874C-A49143437A77} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {FE5DC72A-111F-4678-B5E3-4AA96759EE2E} - System32\Tasks\ar => wscript.exe "%appdata%\obs-studio\bin\64bit\.vbs" "%appdata%\obs-studio\bin\64bit\.cmd"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5def37c7-9178-412e-8a5d-26cdcf2a9f33}: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{5def37c7-9178-412e-8a5d-26cdcf2a9f33}: [DhcpNameServer] 114.108.193.201 114.108.195.1
Tcpip\..\Interfaces\{6e60fe1a-89bf-4c65-9230-c7b510edb9df}: [DhcpNameServer] 172.168.181.2
Tcpip\..\Interfaces\{8a1ad36f-78ce-4bcf-a382-399c5a03f90e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8a1ad36f-78ce-4bcf-a382-399c5a03f90e}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-02]
Edge Notifications: Default -> hxxps://teams.microsoft.com
Edge Extension: (IDM Integration Module) - C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-05-20]
Edge Profile: C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-12-10]
Edge Profile: C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2022-12-10]
Edge HKU\S-1-5-21-2297796880-1066376711-690406554-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-01-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-09] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-09] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-01-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-01-18] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-02]
CHR Profile: C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-02]
CHR Extension: (Tampermonkey) - C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2023-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-02]
CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-05]
CHR Profile: C:\Users\valynth\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-02]
CHR HKU\S-1-5-21-2297796880-1066376711-690406554-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-02-02]
BRA Extension: (Google Translate) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-15]
BRA Extension: (Safe Torrent Scanner) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-06-15]
BRA Extension: (DuckDuckGo Privacy Essentials) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-01-19]
BRA Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-12-22]
BRA Extension: (Google Docs Offline) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-02]
BRA Extension: (LastPass: Free Password Manager) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2023-02-02]
BRA Extension: (Language Reactor) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hoombieeljmmljlkjmnheibnpciblicm [2022-06-21]
BRA Extension: (Unpaywall) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2021-08-16]
BRA Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-01-21]
BRA Extension: (Bionic Reading) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kdfkejelgkdjgfoolngegkhkiecmlflj [2022-08-08]
BRA Extension: (Website Translation by Text United) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kgnmpiibaebfhmhmialmbmaakpepafpl [2021-07-04]
BRA Extension: (Forest: stay focused, be present) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kjacjjdnoddnpbbcjilcajfhhbdhkpgk [2022-12-23]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-02-02]
BRA Extension: (Toucan - Language Learning) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lokjgaehpcnlmkebpmjiofccpklbmoci [2023-02-02]
BRA Extension: (Hoxx VPN Proxy) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2023-02-02]
BRA Extension: (Notion Themes) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pglbhommhmgieofbdbnlpcbgcdmoagfo [2022-06-22]
BRA Extension: (Webtime Tracker) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ppaojnbmmaigjmlpjaldnkgnklhicppk [2022-11-30]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2023-02-02]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1 [2023-02-02]
BRA DefaultSearchURL: Profile 1 -> hxxps://avi12.com/youtube-auto-hd
BRA Extension: (Easy Auto Refresh) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-12-24]
BRA Extension: (MuteTab) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\acofndgbcimipbpeoplfjcapdbebbmca [2021-12-24]
BRA Extension: (Auto Clear Browsing Data) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\bfgoiiandhlddbcenmpijfpacgkdeenp [2021-12-24]
BRA Extension: (Clear Cache) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2021-12-24]
BRA Extension: (YouTube Auto HD + FPS) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\fcphghnknhkimeagdglkljinmpbagone [2021-12-24]
BRA Extension: (IDM Integration Module) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-12-30]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 2 [2023-02-02]
BRA Extension: (Pool Party) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 2\Extensions\kkdpcclippggiadgghfmkggpemadbfcj [2022-06-14]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-06-14]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3 [2023-02-02]
BRA DefaultSearchURL: Profile 3 -> hxxps://avi12.com/youtube-auto-hd
BRA Extension: (Easy Auto Refresh) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-12-24]
BRA Extension: (MuteTab) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\acofndgbcimipbpeoplfjcapdbebbmca [2021-12-24]
BRA Extension: (Auto Tab Mute) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\dnfohmfimbkmondbppcnkgjlnfnbppok [2021-12-24]
BRA Extension: (YouTube Auto HD + FPS) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\fcphghnknhkimeagdglkljinmpbagone [2021-12-24]
BRA Extension: (AutoMute) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\kjcdcbhfpjkcjinohfaaihpcmpnpmpie [2021-12-24]
BRA Extension: (IDM Integration Module) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-12-30]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4 [2023-02-02]
BRA DefaultSearchURL: Profile 4 -> hxxps://avi12.com/youtube-auto-hd
BRA Extension: (Easy Auto Refresh) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-12-24]
BRA Extension: (MuteTab) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\acofndgbcimipbpeoplfjcapdbebbmca [2021-12-24]
BRA Extension: (Auto Clear Browsing Data) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\bfgoiiandhlddbcenmpijfpacgkdeenp [2021-12-24]
BRA Extension: (YouTube Auto HD + FPS) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\fcphghnknhkimeagdglkljinmpbagone [2021-12-24]
BRA Extension: (IDM Integration Module) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-12-30]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 5 [2023-02-02]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-02-02]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\System Profile [2023-02-02]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-02-02]
BRA Extension: (Brave NTP background images) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-01-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-12-02]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-01-27]
BRA Extension: (Brave NTP sponsored images) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-07-04]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-01-19]
BRA Extension: (Brave NTP sponsored images) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\gnpenibjeonfpmokjgpndnckjaehmcfm [2023-02-02]
BRA Extension: (Brave Ads Resources) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2021-07-04]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-02-02]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-15]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2022-12-23]
BRA Extension: (Brave Ads Resources) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2023-01-19]
BRA Extension: (Brave Ads Resources) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocmnmegmbhbfmdnjoppmlbhfcpmedacn [2023-01-19]
BRA Extension: (Crypto Wallets) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2022-07-12]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-02-02]
 
==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8553880 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [597400 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2038168 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [597400 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-07-04] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-07-04] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ea4acce9a2fdda82\DAX3API.exe [1903776 2020-02-07] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncHelper.exe [3484544 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_da914fb427b10059\LenovoUtilityService.exe [245968 2022-11-13] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1832944 2021-08-12] (Lenovo -> Lenovo(beijing) Limited)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [46416 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\OneDriveUpdaterService.exe [3854208 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15358896 2023-01-26] (ADLICE -> )
R2 SeagateSecure; C:\ProgramData\Toolkit\SeagateSecureService.exe [375328 2022-09-08] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16452920 2022-11-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [71504 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10430256 2022-11-11] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137600 2023-02-02] (Microsoft Windows -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856920 2020-06-17] (Lenovo -> Lenovo Group Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\amdkmdag.sys [82677912 2021-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31424 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229208 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391272 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-02-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [267888 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555560 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695504 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318456 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [184424 2020-07-14] (BayHub Technology Inc. -> BayHubTech/O2Micro)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [41920 2023-02-02] (ADLICE (Julien ASCOET) -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2021-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22216888 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2021-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\mvvad.sys [48144 2022-07-26] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
R3 WacHIDFilterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISDU.sys [130160 2020-11-09] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2022-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [473376 2022-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-10] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-02 16:59 - 2023-02-02 17:00 - 000056637 _____ C:\Users\valynth\Downloads\FRST.txt
2023-02-02 16:56 - 2023-02-02 17:00 - 000000000 ____D C:\FRST
2023-02-02 16:53 - 2023-02-02 16:53 - 002376704 _____ (Farbar) C:\Users\valynth\Downloads\FRST64.exe
2023-02-02 16:48 - 2023-02-02 16:48 - 000041920 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2023-02-02 16:48 - 2023-02-02 16:48 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-02-02 16:48 - 2023-02-02 16:48 - 000000000 ____D C:\ProgramData\RogueKiller
2023-02-02 16:48 - 2023-02-02 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-02-02 16:48 - 2023-02-02 16:48 - 000000000 ____D C:\Program Files\RogueKiller
2023-02-02 16:47 - 2023-02-02 16:47 - 047201632 _____ (Adlice Software ) C:\Users\valynth\Downloads\RogueKiller_setup.exe
2023-02-02 16:34 - 2023-02-02 16:34 - 000807700 _____ C:\WINDOWS\system32\perfh00C.dat
2023-02-02 16:34 - 2023-02-02 16:34 - 000481456 _____ C:\WINDOWS\system32\perfh011.dat
2023-02-02 16:34 - 2023-02-02 16:34 - 000156502 _____ C:\WINDOWS\system32\perfc00C.dat
2023-02-02 16:34 - 2023-02-02 16:34 - 000134832 _____ C:\WINDOWS\system32\perfc011.dat
2023-02-02 16:29 - 2023-02-02 16:29 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2023-02-02 16:21 - 2023-02-02 16:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2023-02-02 16:14 - 2023-02-02 16:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Avast Software
2023-02-02 16:14 - 2023-02-02 16:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2023-02-02 16:10 - 2023-02-02 16:10 - 000000000 ___HD C:\$WinREAgent
2023-02-02 16:06 - 2023-02-02 16:07 - 000000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2023-02-02 16:05 - 2023-02-02 16:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2023-02-02 16:04 - 2023-02-02 16:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2023-02-02 16:04 - 2023-02-02 16:07 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2023-02-02 16:04 - 2023-02-02 16:04 - 000002406 _____ C:\Users\Administrator\Desktop\Brave.lnk
2023-02-02 16:04 - 2023-02-02 16:04 - 000002289 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2023-02-02 16:04 - 2023-02-02 16:04 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\BraveSoftware
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator
2023-02-02 16:04 - 2021-12-19 20:22 - 000000000 ___RD C:\Users\Administrator\OneDrive
2023-02-02 15:53 - 2023-02-02 15:53 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2023-02-02 15:52 - 2023-02-02 15:40 - 000273816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-02-02 15:40 - 2023-02-02 16:00 - 000000000 ____D C:\Users\valynth\AppData\Local\Avast Software
2023-02-02 15:40 - 2023-02-02 15:58 - 000002171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2023-02-02 15:40 - 2023-02-02 15:58 - 000002159 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2023-02-02 15:40 - 2023-02-02 15:57 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-02-02 15:40 - 2023-02-02 15:40 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Avast Software
2023-02-02 15:40 - 2023-02-02 15:40 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-02-02 15:39 - 2023-02-02 15:39 - 000000000 ____D C:\Program Files\Avast Software
2023-02-02 14:48 - 2023-02-02 14:48 - 000000000 ____D C:\Users\valynth\AppData\Local\Sentry
2023-02-02 03:37 - 2023-02-02 16:27 - 000001535 _____ C:\WINDOWS\system32\config\VSMIDK
2023-02-02 03:32 - 2023-02-02 16:25 - 000000000 __SHD C:\tmp
2023-02-02 03:32 - 2023-02-02 03:32 - 000003382 _____ C:\WINDOWS\system32\Tasks\ar
2023-02-02 00:14 - 2023-02-02 00:14 - 000000000 ____D C:\ProgramData\ZoomVDI
2023-02-02 00:11 - 2023-02-02 00:11 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-01-31 13:09 - 2023-01-30 21:20 - 000000000 ____D C:\Windows.old
2023-01-31 13:06 - 2023-01-31 13:09 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-01-31 13:05 - 2023-01-31 13:06 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-01-31 13:04 - 2023-01-31 13:04 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-01-31 12:57 - 2023-01-31 12:57 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-01-31 12:57 - 2023-01-31 12:57 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-01-31 12:57 - 2023-01-31 12:57 - 000000000 ____D C:\WINDOWS\addins
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\Program Files\MSBuild
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-01-31 12:54 - 2023-01-31 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\fr
2023-01-31 12:54 - 2023-01-31 12:54 - 000000000 ____D C:\WINDOWS\system32\fr
2023-01-31 12:53 - 2023-01-31 12:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ja
2023-01-31 12:53 - 2023-01-31 12:53 - 000000000 ____D C:\WINDOWS\system32\ja
2023-01-30 21:22 - 2023-01-30 21:22 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-01-30 21:20 - 2023-02-02 16:34 - 002409750 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-01-30 21:20 - 2023-01-30 21:20 - 000000020 ___SH C:\Users\valynth\ntuser.ini
2023-01-30 21:19 - 2023-02-02 16:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-01-30 21:19 - 2023-02-02 15:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-01-30 21:19 - 2023-02-02 14:47 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-01-30 21:19 - 2023-01-30 21:20 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-30 21:19 - 2023-01-30 21:20 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2297796880-1066376711-690406554-1003
2023-01-30 21:19 - 2023-01-30 21:20 - 000003046 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-01-30 21:19 - 2023-01-30 21:20 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-01-30 21:19 - 2023-01-30 21:20 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2023-01-30 21:19 - 2023-01-30 21:19 - 000003872 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1629168613
2023-01-30 21:19 - 2023-01-30 21:19 - 000003614 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1629168609
2023-01-30 21:19 - 2023-01-30 21:19 - 000003582 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1638649909
2023-01-30 21:19 - 2023-01-30 21:19 - 000003582 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1637580750
2023-01-30 21:19 - 2023-01-30 21:19 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-01-30 21:19 - 2023-01-30 21:19 - 000003418 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2023-01-30 21:19 - 2023-01-30 21:19 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-01-30 21:19 - 2023-01-30 21:19 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-01-30 21:19 - 2023-01-30 21:19 - 000003194 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2023-01-30 21:19 - 2023-01-30 21:19 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-01-30 21:19 - 2023-01-30 21:19 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2297796880-1066376711-690406554-1002
2023-01-30 21:19 - 2023-01-30 21:19 - 000002256 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - valynth
2023-01-30 21:19 - 2023-01-30 21:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2023-01-30 21:19 - 2023-01-30 21:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2023-01-30 21:18 - 2023-01-30 21:19 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2023-01-30 21:18 - 2023-01-30 21:19 - 000017148 _____ C:\WINDOWS\diagerr.xml
2023-01-30 21:16 - 2023-01-30 21:16 - 000023480 _____ C:\WINDOWS\system32\emptyregdb.dat
2023-01-30 21:11 - 2023-02-02 16:25 - 000000000 ____D C:\Users\valynth
2023-01-30 21:11 - 2023-01-30 21:14 - 000000000 ____D C:\Users\denise
2023-01-30 21:09 - 2023-02-02 16:27 - 000515880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-30 21:09 - 2023-02-02 16:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-01-30 21:09 - 2023-01-30 21:09 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-01-29 04:22 - 2023-02-02 16:20 - 000000000 ___DC C:\WINDOWS\Panther
2023-01-18 15:58 - 2023-01-30 21:10 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-02 17:00 - 2021-07-04 11:01 - 000000512 _____ C:\Users\Public\amdsfhdcd.bin
2023-02-02 16:59 - 2021-11-22 19:30 - 000000000 ____D C:\Users\valynth\AppData\Roaming\uTorrent Web
2023-02-02 16:52 - 2022-05-07 13:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-02 16:48 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-02 16:48 - 2022-05-07 13:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-02 16:48 - 2021-07-03 20:28 - 000000000 ____D C:\Users\valynth\AppData\Local\D3DSCache
2023-02-02 16:46 - 2022-01-07 15:45 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-02 16:31 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-02-02 16:30 - 2021-07-30 15:35 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2023-02-02 16:29 - 2021-10-04 21:37 - 000000000 ____D C:\Program Files\CCleaner
2023-02-02 16:28 - 2022-06-17 11:12 - 000000000 ____D C:\Users\valynth\AppData\Local\Sidekick
2023-02-02 16:28 - 2022-05-07 13:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-02 16:28 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-02 16:28 - 2021-11-16 20:18 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Canva
2023-02-02 16:28 - 2021-07-09 00:50 - 000000000 ____D C:\Users\valynth\AppData\Local\BitTorrentHelper
2023-02-02 16:28 - 2021-07-05 02:31 - 000000000 ___RD C:\Users\valynth\OneDrive - University of the Philippines
2023-02-02 16:27 - 2022-11-24 01:42 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-02 16:27 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-02 16:27 - 2021-08-17 10:51 - 000000000 ____D C:\ProgramData\Avast Software
2023-02-02 16:27 - 2021-07-04 11:00 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-02 16:27 - 2021-07-04 11:00 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\UUS
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-02 16:26 - 2022-05-07 13:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2023-02-02 16:21 - 2022-05-07 13:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-02-02 16:21 - 2021-07-25 16:56 - 000000000 ____D C:\Users\valynth\AppData\Roaming\TeamViewer
2023-02-02 16:20 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-02-02 16:20 - 2021-08-17 20:41 - 000000000 ____D C:\Users\valynth\AppData\Local\CrashDumps
2023-02-02 16:20 - 2021-07-03 20:28 - 000000000 ____D C:\Users\valynth\AppData\Local\ConnectedDevicesPlatform
2023-02-02 16:16 - 2022-05-07 13:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-02 16:04 - 2020-05-07 02:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-02-02 15:59 - 2021-07-03 20:28 - 000000000 ____D C:\Users\valynth\AppData\Local\Packages
2023-02-02 15:58 - 2022-12-02 00:10 - 000000000 ____D C:\Riot Games
2023-02-02 15:58 - 2021-07-29 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2023-02-02 15:56 - 2022-06-17 11:12 - 000002426 _____ C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidekick.lnk
2023-02-02 15:52 - 2022-05-07 13:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-02 14:48 - 2022-11-10 18:11 - 000000000 ____D C:\Program Files (x86)\Citrix
2023-02-02 14:48 - 2022-11-10 18:07 - 000000000 ____D C:\Users\valynth\AppData\Local\Citrix
2023-02-02 14:47 - 2022-11-10 18:07 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Citrix
2023-02-02 14:47 - 2022-10-29 23:45 - 000000000 ____D C:\Program Files\Electronic Arts
2023-02-02 14:47 - 2021-01-18 10:59 - 000000000 ____D C:\ProgramData\Package Cache
2023-02-02 03:38 - 2022-10-16 13:46 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Toolkit
2023-02-02 03:32 - 2022-04-30 09:39 - 000000000 __SHD C:\Users\valynth\AppData\Roaming\obs-studio
2023-02-02 00:25 - 2022-07-14 03:14 - 000001440 _____ C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2023-02-02 00:11 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-02-02 00:11 - 2021-08-26 13:54 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Zoom
2023-02-02 00:09 - 2021-01-18 11:02 - 000000000 ____D C:\Program Files\Microsoft Office
2023-01-31 13:09 - 2022-07-12 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2023-01-31 13:09 - 2022-06-20 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hubstaff
2023-01-31 13:09 - 2022-05-07 13:28 - 000000000 ____D C:\WINDOWS\Setup
2023-01-31 13:09 - 2022-05-07 13:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-01-31 13:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-01-31 13:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-01-31 13:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-01-31 13:09 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-01-31 13:09 - 2022-04-30 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2023-01-31 13:09 - 2022-01-07 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-01-31 13:09 - 2021-12-31 00:11 - 000000000 ____D C:\WINDOWS\system32\Samsung
2023-01-31 13:09 - 2021-12-05 01:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2023-01-31 13:09 - 2021-10-20 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2023-01-31 13:09 - 2021-10-04 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-01-31 13:09 - 2021-09-23 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2023-01-31 13:09 - 2021-09-07 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2023-01-31 13:09 - 2021-08-11 01:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-01-31 13:09 - 2021-08-06 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadiAnt DICOM Viewer
2023-01-31 13:09 - 2021-07-15 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2023-01-31 13:09 - 2021-07-11 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2023-01-31 13:09 - 2021-07-05 02:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Migration Assistant
2023-01-31 13:09 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-01-31 13:09 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2023-01-31 13:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2023-01-31 13:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-01-31 13:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2023-01-31 13:08 - 2022-05-07 13:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-01-31 13:08 - 2022-05-07 13:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-01-31 13:06 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2023-01-31 13:06 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-01-31 13:06 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\Lenovo
2023-01-31 13:06 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\Firmware
2023-01-31 13:06 - 2021-07-05 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\Globalization
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-01-31 13:03 - 2022-05-07 13:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-01-31 13:03 - 2022-05-07 13:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2023-01-31 13:03 - 2022-05-07 13:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-01-31 13:03 - 2022-05-07 13:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2023-01-31 12:56 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-01-31 12:56 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-01-31 12:56 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\OCR
2023-01-31 12:54 - 2022-05-07 14:10 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-01-31 12:54 - 2022-05-07 14:10 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\Com
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\IME
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-01-31 12:54 - 2022-05-07 13:17 - 000000000 ____D C:\WINDOWS\servicing
2023-01-31 07:36 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-01-31 07:36 - 2021-07-05 02:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-31 00:18 - 2021-07-03 20:28 - 000000000 ____D C:\ProgramData\Packages
2023-01-30 21:20 - 2022-05-07 13:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-01-30 21:19 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-01-30 21:16 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\Registration
2023-01-30 21:15 - 2022-01-07 15:47 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-30 21:15 - 2021-07-04 09:45 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-01-30 21:12 - 2022-10-27 20:26 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2023-01-30 21:12 - 2022-07-12 00:42 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.10
2023-01-30 21:12 - 2022-06-09 18:17 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2023-01-30 21:12 - 2021-11-27 23:31 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-01-30 21:12 - 2021-10-20 00:31 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps
2023-01-30 21:12 - 2021-08-11 01:03 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-01-30 21:12 - 2021-07-24 10:28 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pentablet
2023-01-30 21:12 - 2021-07-04 20:05 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2023-01-30 21:11 - 2021-11-20 11:47 - 000000000 ____D C:\Users\denise\AppData\Local\Packages
2023-01-30 21:10 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-01-30 21:10 - 2021-07-04 11:00 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-01-30 21:09 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2023-01-30 20:24 - 2021-07-29 18:47 - 000000000 ____D C:\ProgramData\Riot Games
2023-01-30 19:32 - 2021-12-05 01:47 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2023-01-30 19:32 - 2021-07-05 02:51 - 000000000 _____ C:\WINDOWS\system32\.tmp
2023-01-30 03:14 - 2022-01-07 11:02 - 000002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-01-30 03:14 - 2021-09-08 00:21 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk
2023-01-30 03:04 - 2022-10-12 07:08 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-30 03:04 - 2022-01-07 11:02 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-01-30 03:04 - 2021-09-08 15:37 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
2023-01-30 03:04 - 2021-08-06 12:28 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer (64-bit).lnk
2023-01-29 20:28 - 2022-10-01 21:52 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-01-29 04:26 - 2022-10-12 07:08 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-01-29 04:13 - 2021-12-21 11:22 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-01-29 02:17 - 2021-12-19 20:22 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-01-24 04:19 - 2021-11-27 23:31 - 000000000 ____D C:\Users\valynth\AppData\Roaming\discord
2023-01-24 04:15 - 2022-07-06 16:42 - 000000000 ____D C:\Users\valynth\AppData\Local\Discord
2023-01-20 05:31 - 2022-05-19 19:33 - 000002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-01-18 18:04 - 2022-08-29 03:37 - 000000000 ____D C:\Users\valynth\AppData\Local\ElevatedDiagnostics
2023-01-18 16:06 - 2021-07-05 02:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-18 16:00 - 2021-07-05 02:13 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2022-10-19 03:57 - 2022-10-19 03:57 - 000017408 _____ () C:\Users\valynth\AppData\Local\WebpageIcons.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2023
Ran by valynth (02-02-2023 17:01:01)
Running from C:\Users\valynth\Downloads
Microsoft Windows 11 Home Single Language Version 22H2 22621.1194 (X64) (2023-01-30 13:20:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2297796880-1066376711-690406554-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2297796880-1066376711-690406554-503 - Limited - Disabled)
denise (S-1-5-21-2297796880-1066376711-690406554-1003 - Limited - Enabled) => C:\Users\denise
Guest (S-1-5-21-2297796880-1066376711-690406554-501 - Limited - Disabled)
valynth (S-1-5-21-2297796880-1066376711-690406554-1002 - Administrator - Enabled) => C:\Users\valynth
WDAGUtilityAccount (S-1-5-21-2297796880-1066376711-690406554-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_2_3) (Version: 24.2.3 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2_3) (Version: 21.2.3.308 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.06.16.703 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.126 - Advanced Micro Devices, Inc.) Hidden
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.102 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 4.13.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD SFH Driver (HKLM-x32\...\{A52D862F-3082-46E6-B1A2-7473F111FA1F}) (Version: 1.0.0.303 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{d6ca217e-8981-495f-a6c6-6feaf1c8bf34}) (Version: 2.06.16.703 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Authy Desktop (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\authy) (Version: 2.2.0 - Twilio Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.12.6044 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 109.1.47.186 - Brave Software Inc)
Browser Discord Status (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\1f8e1f5a-2c47-5ee8-86ae-042338040164) (Version: 1.0.3 - 3xanax)
calibre (HKLM-x32\...\{F8B80815-02B9-41C3-88C4-DA539BDC1635}) (Version: 5.27.0 - Kovid Goyal)
Canva (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2) (Version: 1.43.0 - Canva Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 6.08 - Piriform)
Citrix Workspace (HKLM\...\{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb) (Version: - )
CLIP STUDIO 1.10.5 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.10.5 - CELSYS)
CLIP STUDIO PAINT 1.10.6 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.10.6 - CELSYS)
DevHub 0.102.0 (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\8a1dda72-8d31-5754-a8fa-acf344038eff) (Version: 0.102.0 - Bruno Lemos)
Discord (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Discord) (Version: 1.0.9005 - Discord Inc.)
Efficient Elements for presentations - Standard Edition (HKLM-x32\...\{A6C36819-29BF-44DE-BFB4-93BA6F43C1AA}) (Version: 3.9.9600.1 - Efficient Elements GmbH)
GitHub Desktop (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\GitHubDesktop) (Version: 3.1.2 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 69.0.0.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{D55C414A-684A-4B84-A003-C248B40FD7C6}) (Version: 6.8.263 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\{54da24a3-a032-400b-8762-669a8bf92df5}) (Version: 6.8.263 - Grammarly)
Grammarly for Windows (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Grammarly Desktop Integrations) (Version: 1.0.24.360 - )
Hubstaff (HKLM-x32\...\Hubstaff) (Version: 1.6.7 - Netsoft Holdings, LLC.)
iCloud Outlook (HKLM\...\{542806EA-AFEA-49B5-BC9D-DCAE98BA393B}) (Version: 13.4.0.99 - Apple Inc.)
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{FA2E7FDC-13E8-4FBD-B5F7-2FFAE7C6E6D9}) (Version: 12.6.3.6 - Apple Inc.)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.39.0.196 - LENOVO (UNITED STATES) INC.)
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 2.1.4.6 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.13 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.43.0 - Lenovo Group Ltd.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.70 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.70 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.007.0109.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Teams) (Version: 1.5.00.19563 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Teams) (Version: 1.5.00.8070 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{0d9d66bf-5d45-4aea-a4fb-0ef3b4d7b5b6}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Pentablet version 3.1.5.210625 (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 3.1.5.210625 - XP-PEN Technology)
PyCharm Community Edition 2022.1.3 (HKLM-x32\...\PyCharm Community Edition 2022.1.3) (Version: 221.5921.27 - JetBrains s.r.o.)
Python 3.10.5 (64-bit) (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\{e15803b8-d809-47f3-8818-73f0d155cf58}) (Version: 3.10.5150.0 - Python Software Foundation)
Python 3.10.5 Core Interpreter (64-bit) (HKLM\...\{496B2CAE-CF79-440A-82F1-7587559ABA00}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Development Libraries (64-bit) (HKLM\...\{7B0F6EAD-C8A1-4496-8492-801EDE1A6323}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Documentation (64-bit) (HKLM\...\{3BC23B98-3D25-4A74-98FD-A1BE957A1340}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Executables (64-bit) (HKLM\...\{0FE1250F-6DD6-4948-B211-741B7CDBB335}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 pip Bootstrap (64-bit) (HKLM\...\{C3B084B6-D193-4633-BBB4-E890AAB946A2}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Standard Library (64-bit) (HKLM\...\{67F90672-C696-4DBB-8F33-95CCCFA21DCE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Tcl/Tk Support (64-bit) (HKLM\...\{7F7E3C5D-2A37-4F1D-8E8C-3BB073D36BFE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Test Suite (64-bit) (HKLM\...\{269FCA5D-D0CF-43B2-B656-24DF6DAA0D4E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Utility Scripts (64-bit) (HKLM\...\{BBD9CCC0-981B-4976-91EC-4C1E637BCF85}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{25196DA8-29BD-4383-B7B5-B36C3BAF43F3}) (Version: 3.10.7826.0 - Python Software Foundation)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 2021.1.0.17805 - Medixant)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
RogueKiller version 15.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.8.0.0 - Adlice Software)
Sidekick (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Sidekick) (Version: 108.35.1.29387 - PUSH PLAY LABS, INC.)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.22976 - Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.36.6 - TeamViewer)
Toolkit (HKLM-x32\...\Toolkit) (Version: 2.2.0.37 - Seagate)
uTorrent Web (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\utweb) (Version: 1.3.0 - Rainberry, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Wacom Pen Service (HKLM\...\ISD Tablet Driver) (Version: 7.7.1.13 - Wacom Technology Corp.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\ZoomUMX) (Version: 5.13.3 (11494) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2023-02-02] (Advanced Micro Devices Inc.) [Startup Task]
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.2.8.0_neutral__yxz26nhyzhsrt [2023-02-02] (Microsoft Corp.)
Dolby Audio -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20602.609.0_x64__rz1tebttyb220 [2023-02-02] (Dolby Laboratories)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.28.0_x64__5grkq8ppsgwt4 [2023-02-02] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.7.61.0_neutral__ss941bf8mfs8a [2023-02-02] (Wacom Technology Corp.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2209.2.0_x64__k1h2ywk1493x8 [2023-02-02] (LENOVO INC.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corp.)
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.88.6132.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10114.505.0_x64__8wekyb3d8bbwe [2023-01-21] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corporation)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.5.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.30391.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2023-02-02] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-07-10] (Netflix, Inc.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2022-10-30] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-26] (Microsoft Corporation)
PowerPom - Pomodoro Timer -> C:\Program Files\WindowsApps\25994ProdDev.PowerPom-PomodoroTimer_1.1.6.0_x64__w3j63e9zf5dsr [2022-10-30] (Productive Team)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2023-02-02] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0 [2023-01-21] (Spotify AB) [Startup Task]
Springtime Art -> C:\Program Files\WindowsApps\Microsoft.SpringtimeArt_1.0.0.0_neutral__8wekyb3d8bbwe [2021-12-23] (Microsoft Corporation)
Vector Art PREMIUM -> C:\Program Files\WindowsApps\Microsoft.VectorArtPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2021-12-23] (Microsoft Corporation)
Wacom Pen -> C:\Program Files\WindowsApps\WacomTechnologyCorp.WacomComponentsSettings_7.7.58.0_neutral__ss941bf8mfs8a [2022-06-04] (Wacom Technology Corp.)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-01-30] (Microsoft Windows)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-11] (Microsoft Corporation)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_3.469.1654.0_x86__8wekyb3d8bbwe [2022-05-11] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1001.524.1918.0_x64__8wekyb3d8bbwe [2022-10-12] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1001.524.1918.0_x86__8wekyb3d8bbwe [2022-10-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{04271989-C4D2-2257-0DE6-DE7A9ECD3DA3} -> [OneDrive - University of the Philippines] => C:\Users\valynth\OneDrive - University of the Philippines [2021-07-05 02:31]
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\valynth\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\valynth\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.263\78674B98BA\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\valynth\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.263\78674B98BA\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\valynth\AppData\Local\Sidekick\Application\108.35.1.29387\notification_helper.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{7FCBEF0D-19E0-4533-B42B-39E078130EC8} -> [iCloud Photos] => C:\Users\valynth\iCloudPhotos\Photos [2022-10-16 13:42]
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{84BA2C07-4D78-4ED8-AD00-126D9EEE3073} -> [iCloud Drive] => C:\Users\valynth\iCloudDrive
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps\TikTok.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ee3369a2c94cfb68\Profile 2 - Brave.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e4ed22b324357c2e\Profile 3 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8421420c4b860b3e\Profile 3 - Brave.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Arishten (Yuh) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2022-05-20 00:09 - 2022-05-16 08:37 - 002714112 _____ () [File not signed] C:\Users\valynth\AppData\Local\Programs\Canva\ffmpeg.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 001490944 _____ () [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\avcodec-58.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 000949248 _____ () [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\avformat-58.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 000635392 _____ () [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\avutil-56.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 000153088 _____ () [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\swresample-3.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 002554880 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\libcrypto-1_1.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 000537600 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\libssl-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\.tmp:2B6F90CBEE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer (64-bit).lnk:8C451A749C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk:1FA7E99ECA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk:708E5666EE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk:1A5FAF1E4E [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"
 
==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2297796880-1066376711-690406554-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-01-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\sharepoint.com -> hxxps://goteam1-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 17:14 - 2022-07-15 05:19 - 000000859 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 keystone.mwbsys.com

2021-11-26 19:01 - 2022-04-22 00:08 - 000000571 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
1 616

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2297796880-1066376711-690406554-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\valynth\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\FSeF846VIAAfra2.jpg
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\denise\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2297796880-1066376711-690406554-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "PenTablet"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "LenovoVantageToolbar"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "Toolkit"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57AE0A01-6475-4304-80F4-2F028D5D1F2F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{941B36A9-7FC9-47B5-939D-AD1EC0F3F584}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E43AD11C-FA51-41A5-B672-DA7F77D0B401}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE8D417E-0885-48FE-B935-2103F2AE2C36}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7239D2B4-49E6-4F4F-A530-61D8A85A06CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3652B230-C0C0-48FA-986A-76D02E35D161}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A476E0E-A2C7-4D01-AC36-0FF006E23184}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{4EDE7D84-66DF-4F1E-83CB-3E6B893DB798}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{29DB9FCA-D3C4-41F6-B82F-D76BB8F52F1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{28C9C66B-176F-4507-AE92-565D019DDD2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DF7920A-D614-4479-A39E-13493ED0B5C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F486CB41-EAD8-4ED1-A789-E724B903C87E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B50BE12-0455-4099-A16B-CB073C83A64A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D97D4F8-5488-4788-9A50-57317DADDEBC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{465B4D58-8EF3-4ACF-A5E8-5C562F87288C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{231856DD-6D1D-4B65-B57F-9A201183591E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D7226FCD-3A11-484B-AC29-180B5CDB53D1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F35FC24C-0149-49C0-B029-65144D08159E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{195875D4-385A-4659-8FCD-BB56BD8B02B0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8EEA5ABF-1B63-4A84-9AFA-EC669EE02524}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FD4DF0EB-0CDE-48D3-ADE1-14255782C788}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{42FEFBB2-AECB-4126-844D-9B1C846627F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{DC8B4433-3AEF-41BA-B7C7-A4FBC741EDA2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{02FB27C0-DA68-4388-BEB9-D680B63D1DA7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{97CBEC1B-6985-47B4-B912-87F1538D1476}] => (Allow) LPort=80
FirewallRules: [{58264059-A0B4-4457-964C-99D80809E5AB}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{4D38396A-418A-4DA0-96DB-7605B9A5DC84}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{10395400-1380-41DA-9348-060BC08B5B0C}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1909.2618\gxxsvc.exe => No File
FirewallRules: [{0F310EB6-B407-477B-84E7-88FF30BBD210}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe => No File
FirewallRules: [{9AFC6A21-8B33-4C1A-889F-5B883C9DDDEC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22183.300.1431.9295_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE754E60-2470-4E51-B45D-8EC0EE842B11}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22183.300.1431.9295_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0E2C607C-305D-412F-A067-6F0771F1CB42}C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [TCP Query User{EE171744-7A10-46D8-A77A-05C20E865BCE}C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [UDP Query User{FDD8EE93-0831-409B-9404-C7033DA50C91}C:\users\valynth\appdata\local\sidekick\application\sidekick.exe] => (Allow) C:\users\valynth\appdata\local\sidekick\application\sidekick.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
FirewallRules: [TCP Query User{B7C19B2C-AFC1-41BE-9083-8C6729CC2CFB}C:\users\valynth\appdata\local\sidekick\application\sidekick.exe] => (Allow) C:\users\valynth\appdata\local\sidekick\application\sidekick.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
FirewallRules: [UDP Query User{1EEFB71B-E438-4688-8C38-6D1348DF0F9B}C:\users\valynth\appdata\local\sidekick\application\sidekick.exe] => (Allow) C:\users\valynth\appdata\local\sidekick\application\sidekick.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
FirewallRules: [TCP Query User{01EFA2A3-566B-4D5B-835F-3D203F8B558D}C:\users\valynth\appdata\local\sidekick\application\sidekick.exe] => (Allow) C:\users\valynth\appdata\local\sidekick\application\sidekick.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
FirewallRules: [UDP Query User{02E8533F-47C6-4DF2-BCFD-E3D78FF948B4}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{933E0C05-B991-4DED-80B4-60C3002AAE63}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{1C470B6E-454E-496E-8725-C937CFDCAD5C}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{072F1448-49C9-4ECD-BF0D-7866E110E97D}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{1E81DC67-2048-4539-9671-47E7457A7DCD}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [UDP Query User{B29D888A-2D40-4FE9-9494-5BB258E597A8}C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [TCP Query User{A9F7C08D-B8D7-4936-B8F6-30898400903F}C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{18D84DEE-9D7D-45C9-B179-229C35FAAAE8}C:\riot games\riot client\riotclientservices.exe] => (Block) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{B028603F-5D9B-4883-B00F-0189406C3A3E}C:\riot games\riot client\riotclientservices.exe] => (Block) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{53DDAC35-72B6-480E-875A-776ECC96DEFB}C:\users\valynth\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\valynth\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5317ED43-7DA5-4C3F-A86E-586FFA8B2523}C:\users\valynth\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\valynth\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C5059077-6F7C-4092-875B-0BE51D17C6D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F9D51B3D-76C9-4A30-B268-4151793EBFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{014A1B32-2300-41BF-A7ED-A2230AF6F3BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F640AB0F-73BC-4FFA-9FCA-305C854C0D89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{47F8B96F-7C30-4432-965F-559C900F9421}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3D67CCA2-FFBE-4110-AF57-28A6672062E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6FFB4E1E-BFC4-49DA-8589-0914EC5BA797}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2C2E657C-04C7-4552-BE62-17217574A412}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{63F39249-79AD-49D5-B083-6F946D4285E7}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{1FC6A7DE-3FEA-4F34-84D2-63DBF5F4686D}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{412A3EF2-6203-45E6-A1C1-5A09DC4B1681}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{596B2C99-F9A8-40E7-89D3-2B3CDCDC834A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{462784B2-1299-4222-82FE-AC66B5B641CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30E1AE7A-192E-4D5E-B083-9A444E29F86A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BD3FF2C-6E2E-4AE6-B31C-AD94754A3FFD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C3F05FB-8BC9-441F-BBB6-7A5F2A839867}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30B64F18-1999-47C4-B8F1-598D4201EA4B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30C5CA5D-5A03-45A4-BBCE-CE59609E57A6}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{8CD88A12-3239-4F53-8BFB-2DB2369D46BE}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{046B55BC-53D6-409C-9A0C-582D73A25F2A}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\82.0.4227.23\opera.exe => No File
FirewallRules: [{91456C03-D3F0-4550-9BBB-011D2DBE3F01}] => (Allow) C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CEFA0625-1B31-4F04-BE42-EE23BC350C18}] => (Allow) C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{725252EC-DAF7-4FDC-B342-8B1070E88074}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0FE7523-9D65-418B-AB96-81C2744A1132}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{435D7875-9B0C-4A98-9130-ED7288E22E5C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E3F88A38-3414-4994-A8B6-28FC86C894BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC0D8B4F-4FF0-40EF-994B-49305093C9E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1E6C987-A785-4CA3-B2B0-0166DD5A05FE}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\81.0.4196.60\opera.exe => No File
FirewallRules: [{B70431BD-7526-4B74-95E8-6617CEC625B2}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\81.0.4196.54\opera.exe => No File
FirewallRules: [{06145C1C-57B1-47D4-AA37-7164C844FA8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9D7AE8FD-B65B-467B-A299-1E081554DF0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{004BA257-284A-4EB2-8BAA-41D71BF725BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{CA524D9B-D864-4858-8B75-11A4C4DB2CE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FF6907DE-A5C6-4DD4-A9A0-E9C5C60361BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E210B7A-B0E0-4C28-8127-8A572E860AD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{09DDEC58-1890-45F0-979E-31B520C217B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{36D6DCCB-DB62-464F-99B8-1FA9B7909947}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2FA4221E-45D4-4094-A444-942D2A3C4698}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F2B62415-1D71-4046-8F58-95632FC61058}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{48FBE407-70B4-4A53-A501-6D2EF7B846FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{EACD7767-B18A-4875-830C-6865E0500E55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{BCEB237F-29F0-4825-8353-E1DBC69C2D6B}C:\users\valynth\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\valynth\appdata\roaming\utorrent web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{4EAAD9A1-DADB-4A18-9368-BCEA140699C9}C:\users\valynth\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\valynth\appdata\roaming\utorrent web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F459BCB1-F8F9-4CDB-85C8-6F82C1D69A20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2A772FA5-4272-48EC-9FED-2590ECFA0C75}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D0DFE593-BBFC-48E1-A817-070A23491572}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{64DBC22A-2071-4BF3-86BF-E5C9DC63A1E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3A5EDAFA-2F0C-4D08-9756-C4A2088CFC7E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FB87F1F9-0FC0-4ECF-BE04-9A2F33F4D2F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D7CCB059-D6DA-409E-BDB9-FFB644272F01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{466FC1B8-6CA1-4BCB-8A6A-A187CBCBC4B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2923BCC8-770B-450B-9B57-71EC3F0A27E5}] => (Block) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [TCP Query User{6C1F4045-C275-491F-978A-158E2211EEB3}C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{A3D06926-4057-4CF3-80B3-70294F12ADB9}C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [TCP Query User{AC170D5E-029B-4BE0-86D8-5D3DDC662008}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [UDP Query User{7A1623BE-89B9-4380-9442-BD0754617B19}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{24B48657-A8F8-41A6-BD25-6308A5F56923}C:\program files (x86)\neatreader\neatreader.exe] => (Allow) C:\program files (x86)\neatreader\neatreader.exe => No File
FirewallRules: [UDP Query User{1B79E296-1A6B-4BDC-AAF4-B167AB7D1095}C:\program files (x86)\neatreader\neatreader.exe] => (Allow) C:\program files (x86)\neatreader\neatreader.exe => No File
FirewallRules: [TCP Query User{5AE868B8-7DD4-4188-B1CD-376E28D50723}C:\users\valynth\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\valynth\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{10DD2875-E08A-4375-A35E-329C4FFF4207}C:\users\valynth\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\valynth\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{20769638-5F9D-4CD1-B54F-AD159A64FD67}] => (Allow) C:\Users\valynth\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C42E234F-B0F9-478A-9D1D-323F33C7F45C}] => (Allow) C:\Users\valynth\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F645FAA3-5FAA-4D1B-AE81-7098A11B7D83}] => (Allow) C:\Users\valynth\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AB89D474-20EA-4B86-B980-2CA521116E0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1573C3B3-4173-4E9F-AB9A-D138129245CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C984A893-88D0-420A-BBC9-68DD56A16025}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9B7E8650-21D4-4167-93DA-7424ECBB27A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{BE233D8B-2930-4C27-A93A-E507BD640190}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{5AC811AB-24C6-4788-B9ED-5D0CFB4BFA15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E61B673-2630-4AFE-84D3-0E0EAC0B9C42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{BC6BF9F2-C739-4B13-AA9F-FC64FC8E9042}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [TCP Query User{FC8E815C-0270-4964-AC33-1DC9AF07D1A8}C:\program files (x86)\toolkit\toolkit.exe] => (Block) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{28D96820-CB3A-4D9A-ADAD-2ACB20C74108}C:\program files (x86)\toolkit\toolkit.exe] => (Block) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [{72FD6913-3719-4A43-9AED-52D5758CF473}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2AC0733C-147C-4869-B55B-145894263CE8}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{6A4C6653-B3D5-4B98-B2EC-100DE81F2A89}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED75740D-7CED-4DD9-BBAC-5EABD6E9AEF6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/02/2023 04:28:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, PID: 4912, ProfSvc PID: 2104.

Error: (02/02/2023 04:28:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, PID: 4912, ProfSvc PID: 2104.

Error: (02/02/2023 04:27:24 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\VALYNTH$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 08:27:26 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b3f4ac28-9832-47a2-8271-bf1baa8ed0e4

Method: GET(1000ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/02/2023 04:10:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: VALYNTH)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147024662

Error: (02/02/2023 04:04:56 PM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (30956,P,98) TILEREPOSITORYS-1-5-21-2297796880-1066376711-690406554-500: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (02/02/2023 02:37:47 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\VALYNTH$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/02/2023 02:36:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\VALYNTH$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(218ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/02/2023 03:38:27 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\VALYNTH$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(703ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)


System errors:
=============
Error: (02/02/2023 04:25:25 PM) (Source: DCOM) (EventID: 10010) (User: VALYNTH)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/02/2023 04:25:25 PM) (Source: DCOM) (EventID: 10010) (User: VALYNTH)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/02/2023 04:25:25 PM) (Source: DCOM) (EventID: 10010) (User: VALYNTH)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/02/2023 04:25:25 PM) (Source: DCOM) (EventID: 10010) (User: VALYNTH)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/02/2023 04:25:25 PM) (Source: DCOM) (EventID: 10010) (User: VALYNTH)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/02/2023 04:25:25 PM) (Source: DCOM) (EventID: 10010) (User: VALYNTH)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/02/2023 04:25:25 PM) (Source: DCOM) (EventID: 10010) (User: VALYNTH)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/02/2023 04:25:25 PM) (Source: DCOM) (EventID: 10010) (User: VALYNTH)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2023-02-02 15:40:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

CodeIntegrity:
===============
Date: 2023-02-02 16:49:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2023-02-02 16:40:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Avast Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO EECN35WW 04/16/2021
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 7 4700U with Radeon Graphics
Percentage of memory in use: 63%
Total physical RAM: 15742.16 MB
Available physical RAM: 5676.14 MB
Total Virtual: 17470.16 MB
Available Virtual: 6326.55 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:171.26 GB) (Model: SAMSUNG MZALQ512HALU-000L2) NTFS
Drive d: (VIRIDESCENT) (Removable) (Total:7.05 GB) (Free:6.37 GB) FAT32
Drive g: (Google Drive) (Fixed) (Total:475.69 GB) (Free:162.7 GB) (Model: SAMSUNG MZALQ512HALU-000L2) FAT32

\\?\Volume{3797ef98-3804-4cd8-bf11-4ca4c08440fd}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.4 GB) NTFS
\\?\Volume{72199305-12a4-43b7-9e12-de2da08660e9}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: F194FA30)

Partition: GPT.

==========================================================
Disk: 1 (Size: 7.3 GB) (Disk ID: FD75E4FE)
Partition 1: (Not Active) - (Size=7.1 GB) - (Type=FAT32)

==================== End of Addition.txt =======================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Program : RogueKiller Anti-Malware
Version : 15.8.0.0
x64 : Yes
Program Date : Jan 26 2023
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22621) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : valynth
User is Admin : Yes
Date : 2023/02/02 08:54:09
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 299
Found items : 1
Total scanned : 110627
Signatures Version : 20230124_072020
Truesight Driver : Yes
Updates Count : 5
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
TeamViewer (64-bit), version 15.36.6
[+] Available Version : 15.38.3
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\TeamViewer

WinRAR 5.91 (64-bit) (64-bit), version 5.91.0
[+] Available Version : 6.20
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\

Malwarebytes version 3.8.3.2965 (64-bit), version 3.8.3.2965
[+] Available Version : 4.5.21
[+] Size : 179 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Malwarebytes\Anti-Malware\

iTunes (64-bit), version 12.6.3.6
[+] Available Version : 12.12.7.1
[+] Size : 431 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\iTunes\

OBS Studio (32-bit), version 27.2.4
[+] Available Version : 29.0
[+] Wow6432 : Yes
[+] Portable : No


************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts


************************* Filesystem *************************
[Tr.Gen (Malicious)] (folder) gecici_proje_klasoru -- C:\gecici_proje_klasoru -> Found

************************* Web Browsers *************************

************************* Antirootkit *************************


Program : RogueKiller Anti-Malware
Version : 15.8.0.0
x64 : Yes
Program Date : Jan 26 2023
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22621) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : valynth
User is Admin : Yes
Date : 2023/02/02 08:54:27
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 299
Found items : 1
Total scanned : 110627
Signatures Version : 20230124_072020
Truesight Driver : Yes
Updates Count : 5
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[Tr.Gen (Malicious)] gecici_proje_klasoru -- %SystemDrive%\gecici_proje_klasoru -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : gecici_proje_klasoru
[+] value : %SystemDrive%\gecici_proje_klasoru
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 0
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/2/23
Scan Time: 5:30 PM
Log File: 492b41c2-a2dc-11ed-91ef-dce99409d9de.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.28819
License: Free

-System Information-
OS: Windows 10 (Build 22621.1194)
CPU: x64
File System: NTFS
User: VALYNTH\valynth

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327148
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 3 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\579FF2E6F7EDBF99.VIR, Quarantined, [0], [392686],1.0.28819
Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\A27E312D2AD1B66F.VIR, Quarantined, [0], [392686],1.0.28819
Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\8E938717CD64A543.VIR, Quarantined, [0], [392686],1.0.28819
Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\E3445052D2EE3349.VIR, Quarantined, [0], [392686],1.0.28819

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)




I have since deleted all the files in RogueKiller's Quarantine.
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-02-2023
# Duration: 00:00:00
# OS: Windows 11 (Build 22621.1194)
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2604 octets] - [02/02/2023 17:46:51]
AdwCleaner[S01].txt - [2665 octets] - [02/02/2023 18:20:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2023
Ran by valynth (administrator) on VALYNTH (LENOVO 81X2) (03-02-2023 11:01:22)
Running from C:\Users\valynth\Downloads
Loaded Profiles: valynth
Platform: Microsoft Windows 11 Home Single Language Version 22H2 22621.1194 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(MultimediaAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files\Microsoft OneDrive\OneDrive.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.007.0109.0004\Microsoft.SharePoint.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2301.1131.0_x64__8wekyb3d8bbwe\WebViewHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\msedgewebview2.exe <13>
(C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\valynth\AppData\Roaming\uTorrent Web\helper\helper.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\valynth\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ea4acce9a2fdda82\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~2.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_da914fb427b10059\LenovoUtilityService.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_da914fb427b10059\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\atieclxx.exe
(explorer.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe
(explorer.exe ->) (Canva -> Canva Pty Ltd) C:\Users\valynth\AppData\Local\Programs\Canva\Canva.exe <8>
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\69.0.0.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\69.0.0.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Grammarly, Inc. -> ) C:\Users\valynth\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2301.1131.0_x64__8wekyb3d8bbwe\WebViewHost.exe
(explorer.exe ->) (Push Play Labs Inc -> PushPlayLabs, Inc.) C:\Users\valynth\AppData\Local\Sidekick\Application\sidekick.exe <32>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2210.5.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <39>
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ea4acce9a2fdda82\DAX3API.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_da914fb427b10059\LenovoUtilityService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC) C:\ProgramData\Toolkit\SeagateSecureService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_2767484eb7b0598d\WTabletServiceISD.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21256.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21256.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.11281.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.11281.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteamsupdate.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PenTablet] => C:\Program Files\Pentablet\PenTablet.exe [814840 2021-06-25] (Hanvon Ugee Technology Co., Ltd. -> XPPEN TECHNOLOGY CO.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-09-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-11-11] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [215960 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [124599048 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2627968 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38935376 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [utweb] => C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe [6415008 2022-11-17] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\valynth\AppData\Local\Microsoft\Teams\Update.exe [2508552 2022-07-27] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\69.0.0.0\GoogleDriveFS.exe [51022104 2023-01-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [CanvaAutoLaunchAvailabilityCheckAgent] => C:\Users\valynth\AppData\Local\Programs\Canva\Canva.exe [147001632 2022-05-16] (Canva -> Canva Pty Ltd)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [Discord] => C:\Users\valynth\AppData\Local\Discord\Update.exe [1522176 2022-06-08] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1601048 2022-10-26] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [Grammarly] => C:\Users\valynth\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [951216 2023-01-26] (Grammarly, Inc. -> )
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Run: [MicrosoftEdgeAutoLaunch_F54D2CCB77A6A8F13F68537500702520] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188576 2023-01-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2627968 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Run: [MicrosoftEdgeAutoLaunch_7A706471971BDA2923B2A09929095543] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188576 2023-01-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\denise\AppData\Local\Microsoft\Teams\Update.exe [2492128 2022-04-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2297796880-1066376711-690406554-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2627968 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\AuthManSvr.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\Browser.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\CDViewer.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\CtxWebBrowser.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\SelfService.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\Custom\wfica32.exe: [{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\InstalledSDB\{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb [2022-12-13]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe [2023-01-29] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obs.lnk [2023-02-02]
ShortcutTarget: obs.lnk -> C:\Users\valynth\AppData\Roaming\obs-studio\bin\64bit\obs64.scr (No File)
Startup: C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-10-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {099506C4-2F84-4816-8ED9-C6E78720C45E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-07] (Google LLC -> Google LLC)
Task: {0ADEF4CE-834E-4C7F-BFC2-DCC48D842D2E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {10E2871A-484F-4E1A-BA1A-709F27C6B854} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {11579BCC-9B6D-48A7-8D88-11A011CFC6FF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-07-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1941698B-4115-4EB7-9087-0C179CCC14C3} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DEBC40A-E1CF-4B5F-A72B-AF6C8FE215EF} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {20AFC2DA-6B3B-4297-816B-4467598FDED4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c777d6d2-9ace-416d-8b2f-6f6f543a9319 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {2187E8CB-4576-4466-8405-4370D869B1A1} - System32\Tasks\Opera scheduled Autoupdate 1637580750 => C:\Users\valynth\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {22BE948B-F2DD-48CA-9045-3A707D177FF6} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [184656 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {27A254C3-A0D2-43B9-A84B-CF326BD78C38} - System32\Tasks\Opera scheduled Autoupdate 1638649909 => C:\Users\valynth\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {28635E06-9FD3-48D6-91F1-6CE70353E56D} - System32\Tasks\Opera scheduled Autoupdate 1629168609 => C:\Users\valynth\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {2966410F-9CE5-4E13-92FF-6FD137559A9E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C77466E-AA1E-49CD-AF72-08DFD14615A7} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {2D581A3C-4E5F-4A11-834D-095C9E0B7341} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-07-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {31F91325-7358-472C-BD11-CD75C5AFD079} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4954008 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
Task: {32AD0A41-5D92-4F53-AAF3-3DD4A239E37D} - System32\Tasks\Opera scheduled assistant Autoupdate 1629168613 => C:\Users\valynth\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\valynth\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {345431AE-2F14-4014-BD14-27298E22A76F} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {3815A878-6045-41C2-A6BA-2BB1379E97DE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {3B5FD82F-4C35-4D08-9C04-C8DDABEC1E6A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2297796880-1066376711-690406554-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {3CC20165-08C4-4371-ACDB-DDC2C257DA53} - System32\Tasks\CCleanerSkipUAC - valynth => C:\Program Files\CCleaner\CCleaner.exe [32617808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {4284CB9F-7738-4218-A8AC-45383D630FCB} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {45B6E44E-6596-441B-B93C-C492BC005704} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {5E28841C-5225-4863-AB70-FDC7645DF181} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {5FAA3181-F450-4F9F-987F-AB4017634DCA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {626487BC-6B72-44DD-8D82-49C90495D4A5} - System32\Tasks\Lenovo\Lenovo MigrationAssistant start event task => C:\Program Files\Lenovo\Lenovo Migration Assistant\Lenovo Migration Assistant Srv.exe [291216 2020-11-11] (Lenovo -> )
Task: {6A4FE43B-5F34-4BE7-81CC-EEB84366FF0D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\BlueStacksHelper_nxt" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineCore" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineUA" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - valynth" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d7b4994c1a0fad" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-2297796880-1066376711-690406554-1002" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-2297796880-1066376711-690406554-1003" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3945968138-501286664-768322970-500" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\Opera scheduled assistant Autoupdate 1629168613" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1629168609" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1637580750" /ENABLE
Task: {751394F1-2A65-4E67-98BF-3CD0531D9A87} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {7CD86A55-D8B9-4965-BC28-D8EC6519DB15} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7d5b88b0-5fab-44ee-9da1-518f957ead3d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {848E72BD-A1D2-4302-8BEA-058CD5AC531D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {8B0038CE-385C-4978-8DAB-D904A41D4407} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [89408 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {945BE9BC-3475-4506-AC59-140B08B23F2E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f0588777-7b2c-439f-a7be-b9f6bfab9a84 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {979F2C3E-5416-4B4B-8D40-BF69ABB8DA70} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4713808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "9b44d43a-93a4-4726-97be-78846b08e1b0" --version "6.08.10255" --silent
Task: {999F4C56-1626-4F84-BA5A-62DA1CC1AB9D} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {A2C48318-A85E-4D88-A425-C56BC4A7755D} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2297796880-1066376711-690406554-1002 => C:\Users\valynth\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [89096 2022-10-19] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {A485D6BC-BA53-482D-BF2B-59FBCAAC0F01} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A4B048B6-C0D0-4FE1-9D0A-AD1F26CD4BB0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {B0130E0B-564E-4960-AC38-6180A4842E05} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\22d87862-93f7-4008-9727-c4c668ae03d8 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {B2314A5B-6BE8-4CF0-951B-1BECFCDA7398} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2295192 2023-02-02] (Avast Software s.r.o. -> Avast Software)
Task: {B68D073A-A705-4176-A076-C097EB704514} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3826312 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD33C332-06C5-4207-8102-FC34E8ED75D2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {C36C59C2-DF6E-44A7-9283-9C98AE639603} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2297796880-1066376711-690406554-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {C7C349CB-009A-47BA-BBA2-D205263401AB} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {CB490F52-88AB-485A-BA55-311D406923EA} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {DA8143C7-77B7-4CD7-ADD7-B26A0958D2F5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-01-11] (Piriform Software Ltd -> Piriform)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {E585DD3B-8AE4-48A3-A3AE-DD9DCCEDA217} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {E9698AB4-B720-496E-BDFB-7F836ABE1187} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {ED986F4A-A40A-4212-974E-0D964D4A4AA0} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {F7C6A3D2-D5D1-4E4D-B1AD-9447A0E2A309} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {F868AA57-3BA0-4E54-A791-43249CF49C5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-07] (Google LLC -> Google LLC)
Task: {FCE09D19-2FDD-4D78-874C-A49143437A77} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {FE5DC72A-111F-4678-B5E3-4AA96759EE2E} - System32\Tasks\ar => wscript.exe "%appdata%\obs-studio\bin\64bit\.vbs" "%appdata%\obs-studio\bin\64bit\.cmd"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5def37c7-9178-412e-8a5d-26cdcf2a9f33}: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{5def37c7-9178-412e-8a5d-26cdcf2a9f33}: [DhcpNameServer] 114.108.193.201 114.108.195.1
Tcpip\..\Interfaces\{6e60fe1a-89bf-4c65-9230-c7b510edb9df}: [DhcpNameServer] 172.168.181.2
Tcpip\..\Interfaces\{8a1ad36f-78ce-4bcf-a382-399c5a03f90e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8a1ad36f-78ce-4bcf-a382-399c5a03f90e}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-03]
Edge Notifications: Default -> hxxps://teams.microsoft.com
Edge Extension: (IDM Integration Module) - C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-05-20]
Edge Profile: C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-12-10]
Edge Profile: C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2022-12-10]
Edge HKU\S-1-5-21-2297796880-1066376711-690406554-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-01-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-09] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-09] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-01-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-01-18] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-02]
CHR Profile: C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-02]
CHR Extension: (Tampermonkey) - C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2023-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-02]
CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\valynth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-05]
CHR Profile: C:\Users\valynth\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-02]
CHR HKU\S-1-5-21-2297796880-1066376711-690406554-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-02-02]
BRA Notifications: Default -> hxxps://app.slack.com
BRA Extension: (Google Translate) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-15]
BRA Extension: (Safe Torrent Scanner) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-06-15]
BRA Extension: (DuckDuckGo) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-01-19]
BRA Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-12-22]
BRA Extension: (Google Docs Offline) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-02]
BRA Extension: (LastPass: Free Password Manager) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2023-02-02]
BRA Extension: (Language Reactor) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hoombieeljmmljlkjmnheibnpciblicm [2022-06-21]
BRA Extension: (Unpaywall) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2021-08-16]
BRA Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-01-21]
BRA Extension: (Bionic Reading) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kdfkejelgkdjgfoolngegkhkiecmlflj [2022-08-08]
BRA Extension: (Website Translation by Text United) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kgnmpiibaebfhmhmialmbmaakpepafpl [2021-07-04]
BRA Extension: (Forest: stay focused, be present) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kjacjjdnoddnpbbcjilcajfhhbdhkpgk [2022-12-23]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-02-02]
BRA Extension: (Toucan - Language Learning) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lokjgaehpcnlmkebpmjiofccpklbmoci [2023-02-02]
BRA Extension: (Hoxx VPN Proxy) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2023-02-02]
BRA Extension: (Notion Themes) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pglbhommhmgieofbdbnlpcbgcdmoagfo [2022-06-22]
BRA Extension: (Webtime Tracker) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ppaojnbmmaigjmlpjaldnkgnklhicppk [2022-11-30]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2023-02-02]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1 [2023-02-02]
BRA DefaultSearchURL: Profile 1 -> hxxps://avi12.com/youtube-auto-hd
BRA Extension: (Easy Auto Refresh) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-12-24]
BRA Extension: (MuteTab) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\acofndgbcimipbpeoplfjcapdbebbmca [2021-12-24]
BRA Extension: (Auto Clear Browsing Data) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\bfgoiiandhlddbcenmpijfpacgkdeenp [2021-12-24]
BRA Extension: (Clear Cache) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2021-12-24]
BRA Extension: (YouTube Auto HD + FPS) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\fcphghnknhkimeagdglkljinmpbagone [2021-12-24]
BRA Extension: (IDM Integration Module) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-12-30]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 2 [2023-02-02]
BRA Extension: (Pool Party) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 2\Extensions\kkdpcclippggiadgghfmkggpemadbfcj [2022-06-14]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-06-14]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3 [2023-02-02]
BRA DefaultSearchURL: Profile 3 -> hxxps://avi12.com/youtube-auto-hd
BRA Extension: (Easy Auto Refresh) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-12-24]
BRA Extension: (MuteTab) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\acofndgbcimipbpeoplfjcapdbebbmca [2021-12-24]
BRA Extension: (Auto Tab Mute) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\dnfohmfimbkmondbppcnkgjlnfnbppok [2021-12-24]
BRA Extension: (YouTube Auto HD + FPS) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\fcphghnknhkimeagdglkljinmpbagone [2021-12-24]
BRA Extension: (AutoMute) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\kjcdcbhfpjkcjinohfaaihpcmpnpmpie [2021-12-24]
BRA Extension: (IDM Integration Module) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-12-30]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4 [2023-02-02]
BRA DefaultSearchURL: Profile 4 -> hxxps://avi12.com/youtube-auto-hd
BRA Extension: (Easy Auto Refresh) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-12-24]
BRA Extension: (MuteTab) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\acofndgbcimipbpeoplfjcapdbebbmca [2021-12-24]
BRA Extension: (Auto Clear Browsing Data) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\bfgoiiandhlddbcenmpijfpacgkdeenp [2021-12-24]
BRA Extension: (YouTube Auto HD + FPS) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\fcphghnknhkimeagdglkljinmpbagone [2021-12-24]
BRA Extension: (IDM Integration Module) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-12-30]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 5 [2023-02-02]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-02-02]
BRA Profile: C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\System Profile [2023-02-02]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-02-02]
BRA Extension: (Brave NTP background images) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-01-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-12-02]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-01-27]
BRA Extension: (Brave NTP sponsored images) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-07-04]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-01-19]
BRA Extension: (Brave NTP sponsored images) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\gnpenibjeonfpmokjgpndnckjaehmcfm [2023-02-02]
BRA Extension: (Brave Ads Resources) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2021-07-04]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-02-02]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-15]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2022-12-23]
BRA Extension: (Brave Ads Resources) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2023-01-19]
BRA Extension: (Brave Ads Resources) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocmnmegmbhbfmdnjoppmlbhfcpmedacn [2023-01-19]
BRA Extension: (Crypto Wallets) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2022-07-12]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\valynth\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-02-02]
 
==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8553880 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [597400 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2038168 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [597400 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-02-02] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-07-04] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-07-04] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ea4acce9a2fdda82\DAX3API.exe [1903776 2020-02-07] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncHelper.exe [3484544 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_da914fb427b10059\LenovoUtilityService.exe [245968 2022-11-13] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1832944 2021-08-12] (Lenovo -> Lenovo(beijing) Limited)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [46416 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\OneDriveUpdaterService.exe [3854208 2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15358896 2023-01-26] (ADLICE -> )
R2 SeagateSecure; C:\ProgramData\Toolkit\SeagateSecureService.exe [375328 2022-09-08] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16452920 2022-11-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [71504 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10430256 2022-11-11] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137600 2023-02-02] (Microsoft Windows -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856920 2020-06-17] (Lenovo -> Lenovo Group Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\amdkmdag.sys [82677912 2021-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31424 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229208 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391272 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-02-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [267888 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555560 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695504 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318456 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [184424 2020-07-14] (BayHub Technology Inc. -> BayHubTech/O2Micro)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2023-02-02] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [41920 2023-02-02] (ADLICE (Julien ASCOET) -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2021-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22216888 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2021-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\mvvad.sys [48144 2022-07-26] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
R3 WacHIDFilterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISDU.sys [130160 2020-11-09] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2022-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [473376 2022-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-10] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-02 20:49 - 2023-02-02 20:49 - 000121172 _____ C:\Users\valynth\Downloads\Communication Starter - team bonding.pdf
2023-02-02 20:49 - 2023-02-02 20:49 - 000108730 _____ C:\Users\valynth\Downloads\Parking Lot Builder_Printable[25].pdf
2023-02-02 20:38 - 2023-02-02 20:38 - 000123395 _____ C:\Users\valynth\Downloads\Virtual best practices.pdf
2023-02-02 18:42 - 2023-02-02 18:42 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2023-02-02 18:34 - 2023-02-02 18:34 - 000807700 _____ C:\WINDOWS\system32\perfh00C.dat
2023-02-02 18:34 - 2023-02-02 18:34 - 000481456 _____ C:\WINDOWS\system32\perfh011.dat
2023-02-02 18:34 - 2023-02-02 18:34 - 000156502 _____ C:\WINDOWS\system32\perfc00C.dat
2023-02-02 18:34 - 2023-02-02 18:34 - 000134832 _____ C:\WINDOWS\system32\perfc011.dat
2023-02-02 18:21 - 2023-02-02 18:21 - 000001965 _____ C:\Users\valynth\Downloads\AdwCleaner[C01].txt
2023-02-02 17:46 - 2023-02-02 18:21 - 000000000 ____D C:\AdwCleaner
2023-02-02 17:45 - 2023-02-02 17:45 - 008791352 _____ (Malwarebytes) C:\Users\valynth\Downloads\AdwCleaner (1).exe
2023-02-02 17:45 - 2023-02-02 17:45 - 002552184 _____ (Malwarebytes) C:\Users\valynth\Downloads\MBSetup-785BB8BF (2).exe
2023-02-02 17:43 - 2023-02-02 17:43 - 000001698 _____ C:\Users\valynth\Downloads\MB.txt
2023-02-02 17:32 - 2023-02-02 17:32 - 008791352 _____ (Malwarebytes) C:\Users\valynth\Downloads\AdwCleaner.exe
2023-02-02 17:29 - 2023-02-02 17:29 - 002552184 _____ (Malwarebytes) C:\Users\valynth\Downloads\MBSetup-785BB8BF.exe
2023-02-02 17:29 - 2023-02-02 17:29 - 002552184 _____ (Malwarebytes) C:\Users\valynth\Downloads\MBSetup-785BB8BF (1).exe
2023-02-02 17:29 - 2023-02-02 17:29 - 000006062 _____ C:\Users\valynth\Downloads\RKReport Scan.txt
2023-02-02 17:28 - 2023-02-02 17:28 - 000003286 _____ C:\Users\valynth\Downloads\RKReport.txt
2023-02-02 17:01 - 2023-02-02 17:01 - 000072561 _____ C:\Users\valynth\Downloads\Addition.txt
2023-02-02 16:59 - 2023-02-03 11:02 - 000058495 _____ C:\Users\valynth\Downloads\FRST.txt
2023-02-02 16:56 - 2023-02-03 11:01 - 000000000 ____D C:\FRST
2023-02-02 16:53 - 2023-02-02 16:53 - 002376704 _____ (Farbar) C:\Users\valynth\Downloads\FRST64.exe
2023-02-02 16:48 - 2023-02-02 18:27 - 000041920 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2023-02-02 16:48 - 2023-02-02 17:03 - 000000000 ____D C:\ProgramData\RogueKiller
2023-02-02 16:48 - 2023-02-02 16:48 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-02-02 16:48 - 2023-02-02 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-02-02 16:48 - 2023-02-02 16:48 - 000000000 ____D C:\Program Files\RogueKiller
2023-02-02 16:47 - 2023-02-02 16:47 - 047201632 _____ (Adlice Software ) C:\Users\valynth\Downloads\RogueKiller_setup.exe
2023-02-02 16:29 - 2023-02-02 16:29 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2023-02-02 16:21 - 2023-02-02 16:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2023-02-02 16:14 - 2023-02-02 16:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Avast Software
2023-02-02 16:14 - 2023-02-02 16:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2023-02-02 16:10 - 2023-02-02 16:10 - 000000000 ___HD C:\$WinREAgent
2023-02-02 16:06 - 2023-02-02 16:07 - 000000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2023-02-02 16:05 - 2023-02-02 16:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2023-02-02 16:04 - 2023-02-02 16:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2023-02-02 16:04 - 2023-02-02 16:07 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2023-02-02 16:04 - 2023-02-02 16:04 - 000002406 _____ C:\Users\Administrator\Desktop\Brave.lnk
2023-02-02 16:04 - 2023-02-02 16:04 - 000002289 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2023-02-02 16:04 - 2023-02-02 16:04 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\BraveSoftware
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2023-02-02 16:04 - 2023-02-02 16:04 - 000000000 ____D C:\Users\Administrator
2023-02-02 16:04 - 2021-12-19 20:22 - 000000000 ___RD C:\Users\Administrator\OneDrive
2023-02-02 15:53 - 2023-02-02 15:53 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2023-02-02 15:52 - 2023-02-02 15:40 - 000273816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-02-02 15:40 - 2023-02-02 16:00 - 000000000 ____D C:\Users\valynth\AppData\Local\Avast Software
2023-02-02 15:40 - 2023-02-02 15:58 - 000002171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2023-02-02 15:40 - 2023-02-02 15:58 - 000002159 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2023-02-02 15:40 - 2023-02-02 15:57 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-02-02 15:40 - 2023-02-02 15:40 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Avast Software
2023-02-02 15:40 - 2023-02-02 15:40 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-02-02 15:39 - 2023-02-02 15:39 - 000000000 ____D C:\Program Files\Avast Software
2023-02-02 14:48 - 2023-02-02 14:48 - 000000000 ____D C:\Users\valynth\AppData\Local\Sentry
2023-02-02 03:37 - 2023-02-02 17:44 - 000001535 _____ C:\WINDOWS\system32\config\VSMIDK
2023-02-02 03:32 - 2023-02-02 16:25 - 000000000 __SHD C:\tmp
2023-02-02 03:32 - 2023-02-02 03:32 - 000003382 _____ C:\WINDOWS\system32\Tasks\ar
2023-02-02 00:14 - 2023-02-02 00:14 - 000000000 ____D C:\ProgramData\ZoomVDI
2023-02-02 00:11 - 2023-02-02 00:11 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-01-31 13:09 - 2023-01-30 21:20 - 000000000 ____D C:\Windows.old
2023-01-31 13:06 - 2023-01-31 13:09 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-01-31 13:05 - 2023-01-31 13:06 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-01-31 13:04 - 2023-01-31 13:04 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-01-31 12:57 - 2023-01-31 12:57 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-01-31 12:57 - 2023-01-31 12:57 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-01-31 12:57 - 2023-01-31 12:57 - 000000000 ____D C:\WINDOWS\addins
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\Program Files\MSBuild
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-01-31 12:56 - 2023-01-31 12:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-01-31 12:54 - 2023-01-31 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\fr
2023-01-31 12:54 - 2023-01-31 12:54 - 000000000 ____D C:\WINDOWS\system32\fr
2023-01-31 12:53 - 2023-01-31 12:53 - 000000000 ____D C:\WINDOWS\SysWOW64\ja
2023-01-31 12:53 - 2023-01-31 12:53 - 000000000 ____D C:\WINDOWS\system32\ja
2023-01-30 21:22 - 2023-01-30 21:22 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-01-30 21:20 - 2023-02-02 18:34 - 002409750 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-01-30 21:20 - 2023-01-30 21:20 - 000000020 ___SH C:\Users\valynth\ntuser.ini
2023-01-30 21:19 - 2023-02-02 18:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-01-30 21:19 - 2023-02-02 15:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-01-30 21:19 - 2023-02-02 14:47 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-01-30 21:19 - 2023-01-30 21:20 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-30 21:19 - 2023-01-30 21:20 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2297796880-1066376711-690406554-1003
2023-01-30 21:19 - 2023-01-30 21:20 - 000003046 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-01-30 21:19 - 2023-01-30 21:20 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-01-30 21:19 - 2023-01-30 21:20 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2023-01-30 21:19 - 2023-01-30 21:19 - 000003872 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1629168613
2023-01-30 21:19 - 2023-01-30 21:19 - 000003614 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1629168609
2023-01-30 21:19 - 2023-01-30 21:19 - 000003582 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1638649909
2023-01-30 21:19 - 2023-01-30 21:19 - 000003582 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1637580750
2023-01-30 21:19 - 2023-01-30 21:19 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-01-30 21:19 - 2023-01-30 21:19 - 000003418 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2023-01-30 21:19 - 2023-01-30 21:19 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-01-30 21:19 - 2023-01-30 21:19 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-01-30 21:19 - 2023-01-30 21:19 - 000003194 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2023-01-30 21:19 - 2023-01-30 21:19 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-01-30 21:19 - 2023-01-30 21:19 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2297796880-1066376711-690406554-1002
2023-01-30 21:19 - 2023-01-30 21:19 - 000002256 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - valynth
2023-01-30 21:19 - 2023-01-30 21:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2023-01-30 21:19 - 2023-01-30 21:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2023-01-30 21:18 - 2023-01-30 21:19 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2023-01-30 21:18 - 2023-01-30 21:19 - 000017148 _____ C:\WINDOWS\diagerr.xml
2023-01-30 21:16 - 2023-01-30 21:16 - 000023480 _____ C:\WINDOWS\system32\emptyregdb.dat
2023-01-30 21:11 - 2023-02-02 16:25 - 000000000 ____D C:\Users\valynth
2023-01-30 21:11 - 2023-01-30 21:14 - 000000000 ____D C:\Users\denise
2023-01-30 21:09 - 2023-02-03 04:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-01-30 21:09 - 2023-02-02 16:27 - 000515880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-30 21:09 - 2023-01-30 21:09 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-01-29 04:22 - 2023-02-02 16:20 - 000000000 ___DC C:\WINDOWS\Panther
2023-01-18 15:58 - 2023-01-30 21:10 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-03 11:02 - 2021-07-04 11:01 - 000000512 _____ C:\Users\Public\amdsfhdcd.bin
2023-02-03 11:01 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-03 11:01 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-02-03 11:01 - 2021-11-22 19:30 - 000000000 ____D C:\Users\valynth\AppData\Roaming\uTorrent Web
2023-02-03 10:57 - 2022-06-17 11:12 - 000002426 _____ C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidekick.lnk
2023-02-03 10:57 - 2022-06-17 11:12 - 000000000 ____D C:\Users\valynth\AppData\Local\Sidekick
2023-02-03 10:56 - 2022-05-07 13:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-03 10:56 - 2022-01-07 15:45 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-03 10:56 - 2021-10-04 21:37 - 000000000 ____D C:\Program Files\CCleaner
2023-02-03 00:58 - 2021-11-16 20:18 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Canva
2023-02-02 20:01 - 2022-05-07 13:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-02 18:55 - 2021-07-03 20:28 - 000000000 ____D C:\Users\valynth\AppData\Local\D3DSCache
2023-02-02 18:42 - 2021-09-07 17:51 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2023-02-02 18:30 - 2021-07-30 15:35 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2023-02-02 18:27 - 2022-11-24 01:42 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-02 18:27 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-02 18:27 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-02 18:27 - 2021-08-17 10:51 - 000000000 ____D C:\ProgramData\Avast Software
2023-02-02 18:27 - 2021-07-09 00:50 - 000000000 ____D C:\Users\valynth\AppData\Local\BitTorrentHelper
2023-02-02 18:27 - 2021-07-05 02:31 - 000000000 ___RD C:\Users\valynth\OneDrive - University of the Philippines
2023-02-02 18:27 - 2021-07-04 11:00 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-02 18:27 - 2021-07-04 11:00 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2023-02-02 18:26 - 2022-05-07 13:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2023-02-02 17:24 - 2021-07-11 18:36 - 000000000 ____D C:\Users\valynth\AppData\Roaming\vlc
2023-02-02 17:05 - 2021-08-17 20:41 - 000000000 ____D C:\Users\valynth\AppData\Local\CrashDumps
2023-02-02 16:28 - 2022-05-07 13:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\UUS
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-02 16:26 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-02 16:21 - 2022-05-07 13:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-02-02 16:21 - 2021-07-25 16:56 - 000000000 ____D C:\Users\valynth\AppData\Roaming\TeamViewer
2023-02-02 16:20 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-02-02 16:20 - 2021-07-03 20:28 - 000000000 ____D C:\Users\valynth\AppData\Local\ConnectedDevicesPlatform
2023-02-02 16:16 - 2022-05-07 13:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-02 16:04 - 2020-05-07 02:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-02-02 15:59 - 2021-07-03 20:28 - 000000000 ____D C:\Users\valynth\AppData\Local\Packages
2023-02-02 15:58 - 2022-12-02 00:10 - 000000000 ____D C:\Riot Games
2023-02-02 15:58 - 2021-07-29 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2023-02-02 15:52 - 2022-05-07 13:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-02 14:48 - 2022-11-10 18:11 - 000000000 ____D C:\Program Files (x86)\Citrix
2023-02-02 14:48 - 2022-11-10 18:07 - 000000000 ____D C:\Users\valynth\AppData\Local\Citrix
2023-02-02 14:47 - 2022-11-10 18:07 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Citrix
2023-02-02 14:47 - 2022-10-29 23:45 - 000000000 ____D C:\Program Files\Electronic Arts
2023-02-02 14:47 - 2021-01-18 10:59 - 000000000 ____D C:\ProgramData\Package Cache
2023-02-02 03:38 - 2022-10-16 13:46 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Toolkit
2023-02-02 03:32 - 2022-04-30 09:39 - 000000000 __SHD C:\Users\valynth\AppData\Roaming\obs-studio
2023-02-02 00:25 - 2022-07-14 03:14 - 000001440 _____ C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2023-02-02 00:11 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-02-02 00:11 - 2021-08-26 13:54 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Zoom
2023-02-02 00:09 - 2021-01-18 11:02 - 000000000 ____D C:\Program Files\Microsoft Office
2023-01-31 13:09 - 2022-07-12 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2023-01-31 13:09 - 2022-06-20 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hubstaff
2023-01-31 13:09 - 2022-05-07 13:28 - 000000000 ____D C:\WINDOWS\Setup
2023-01-31 13:09 - 2022-05-07 13:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-01-31 13:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-01-31 13:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-01-31 13:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-01-31 13:09 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-01-31 13:09 - 2022-04-30 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2023-01-31 13:09 - 2022-01-07 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-01-31 13:09 - 2021-12-31 00:11 - 000000000 ____D C:\WINDOWS\system32\Samsung
2023-01-31 13:09 - 2021-12-05 01:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2023-01-31 13:09 - 2021-10-20 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2023-01-31 13:09 - 2021-10-04 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-01-31 13:09 - 2021-09-23 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2023-01-31 13:09 - 2021-09-07 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2023-01-31 13:09 - 2021-08-11 01:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-01-31 13:09 - 2021-08-06 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadiAnt DICOM Viewer
2023-01-31 13:09 - 2021-07-15 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2023-01-31 13:09 - 2021-07-11 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2023-01-31 13:09 - 2021-07-05 02:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Migration Assistant
2023-01-31 13:09 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-01-31 13:09 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2023-01-31 13:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2023-01-31 13:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-01-31 13:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2023-01-31 13:08 - 2022-05-07 13:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-01-31 13:08 - 2022-05-07 13:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-01-31 13:06 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2023-01-31 13:06 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-01-31 13:06 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\Lenovo
2023-01-31 13:06 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\Firmware
2023-01-31 13:06 - 2021-07-05 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\Globalization
2023-01-31 13:04 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-01-31 13:03 - 2022-05-07 13:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-01-31 13:03 - 2022-05-07 13:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2023-01-31 13:03 - 2022-05-07 13:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-01-31 13:03 - 2022-05-07 13:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2023-01-31 12:56 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-01-31 12:56 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-01-31 12:56 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\OCR
2023-01-31 12:54 - 2022-05-07 14:10 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-01-31 12:54 - 2022-05-07 14:10 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-01-31 12:54 - 2022-05-07 14:01 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\Com
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\IME
2023-01-31 12:54 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-01-31 12:54 - 2022-05-07 13:17 - 000000000 ____D C:\WINDOWS\servicing
2023-01-31 07:36 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-01-31 07:36 - 2021-07-05 02:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-31 00:18 - 2021-07-03 20:28 - 000000000 ____D C:\ProgramData\Packages
2023-01-30 21:20 - 2022-05-07 13:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-01-30 21:19 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-01-30 21:16 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\Registration
2023-01-30 21:15 - 2022-01-07 15:47 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-30 21:15 - 2021-07-04 09:45 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-01-30 21:12 - 2022-10-27 20:26 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2023-01-30 21:12 - 2022-07-12 00:42 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.10
2023-01-30 21:12 - 2022-06-09 18:17 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2023-01-30 21:12 - 2021-11-27 23:31 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-01-30 21:12 - 2021-10-20 00:31 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps
2023-01-30 21:12 - 2021-08-11 01:03 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-01-30 21:12 - 2021-07-24 10:28 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pentablet
2023-01-30 21:12 - 2021-07-04 20:05 - 000000000 ____D C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2023-01-30 21:11 - 2021-11-20 11:47 - 000000000 ____D C:\Users\denise\AppData\Local\Packages
2023-01-30 21:10 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-01-30 21:10 - 2021-07-04 11:00 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-01-30 21:09 - 2021-09-29 02:27 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2023-01-30 20:24 - 2021-07-29 18:47 - 000000000 ____D C:\ProgramData\Riot Games
2023-01-30 19:32 - 2021-12-05 01:47 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2023-01-30 19:32 - 2021-07-05 02:51 - 000000000 _____ C:\WINDOWS\system32\.tmp
2023-01-30 03:14 - 2022-01-07 11:02 - 000002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-01-30 03:14 - 2021-09-08 00:21 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk
2023-01-30 03:04 - 2022-10-12 07:08 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-30 03:04 - 2022-01-07 11:02 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-01-30 03:04 - 2021-09-08 15:37 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
2023-01-30 03:04 - 2021-08-06 12:28 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer (64-bit).lnk
2023-01-29 20:28 - 2022-10-01 21:52 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-01-29 04:26 - 2022-10-12 07:08 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-01-29 04:13 - 2021-12-21 11:22 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-01-29 02:17 - 2021-12-19 20:22 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-01-24 04:19 - 2021-11-27 23:31 - 000000000 ____D C:\Users\valynth\AppData\Roaming\discord
2023-01-24 04:15 - 2022-07-06 16:42 - 000000000 ____D C:\Users\valynth\AppData\Local\Discord
2023-01-20 05:31 - 2022-05-19 19:33 - 000002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-01-18 18:04 - 2022-08-29 03:37 - 000000000 ____D C:\Users\valynth\AppData\Local\ElevatedDiagnostics
2023-01-18 16:06 - 2021-07-05 02:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-18 16:00 - 2021-07-05 02:13 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2022-10-19 03:57 - 2022-10-19 03:57 - 000017408 _____ () C:\Users\valynth\AppData\Local\WebpageIcons.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2023
Ran by valynth (03-02-2023 11:02:43)
Running from C:\Users\valynth\Downloads
Microsoft Windows 11 Home Single Language Version 22H2 22621.1194 (X64) (2023-01-30 13:20:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2297796880-1066376711-690406554-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2297796880-1066376711-690406554-503 - Limited - Disabled)
denise (S-1-5-21-2297796880-1066376711-690406554-1003 - Limited - Enabled) => C:\Users\denise
Guest (S-1-5-21-2297796880-1066376711-690406554-501 - Limited - Disabled)
valynth (S-1-5-21-2297796880-1066376711-690406554-1002 - Administrator - Enabled) => C:\Users\valynth
WDAGUtilityAccount (S-1-5-21-2297796880-1066376711-690406554-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_2_3) (Version: 24.2.3 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2_3) (Version: 21.2.3.308 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.06.16.703 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.126 - Advanced Micro Devices, Inc.) Hidden
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.102 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 4.13.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD SFH Driver (HKLM-x32\...\{A52D862F-3082-46E6-B1A2-7473F111FA1F}) (Version: 1.0.0.303 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{d6ca217e-8981-495f-a6c6-6feaf1c8bf34}) (Version: 2.06.16.703 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Authy Desktop (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\authy) (Version: 2.2.0 - Twilio Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.12.6044 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 109.1.47.186 - Brave Software Inc)
Browser Discord Status (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\1f8e1f5a-2c47-5ee8-86ae-042338040164) (Version: 1.0.3 - 3xanax)
calibre (HKLM-x32\...\{F8B80815-02B9-41C3-88C4-DA539BDC1635}) (Version: 5.27.0 - Kovid Goyal)
Canva (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2) (Version: 1.43.0 - Canva Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 6.08 - Piriform)
Citrix Workspace (HKLM\...\{dcdaa2fd-eaac-4ab0-9ece-f3df127a6c45}.sdb) (Version: - )
CLIP STUDIO 1.10.5 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.10.5 - CELSYS)
CLIP STUDIO PAINT 1.10.6 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.10.6 - CELSYS)
DevHub 0.102.0 (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\8a1dda72-8d31-5754-a8fa-acf344038eff) (Version: 0.102.0 - Bruno Lemos)
Discord (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Discord) (Version: 1.0.9005 - Discord Inc.)
Efficient Elements for presentations - Standard Edition (HKLM-x32\...\{A6C36819-29BF-44DE-BFB4-93BA6F43C1AA}) (Version: 3.9.9600.1 - Efficient Elements GmbH)
GitHub Desktop (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\GitHubDesktop) (Version: 3.1.2 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 69.0.0.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{D55C414A-684A-4B84-A003-C248B40FD7C6}) (Version: 6.8.263 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\{54da24a3-a032-400b-8762-669a8bf92df5}) (Version: 6.8.263 - Grammarly)
Grammarly for Windows (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Grammarly Desktop Integrations) (Version: 1.0.24.360 - )
Hubstaff (HKLM-x32\...\Hubstaff) (Version: 1.6.7 - Netsoft Holdings, LLC.)
iCloud Outlook (HKLM\...\{542806EA-AFEA-49B5-BC9D-DCAE98BA393B}) (Version: 13.4.0.99 - Apple Inc.)
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{FA2E7FDC-13E8-4FBD-B5F7-2FFAE7C6E6D9}) (Version: 12.6.3.6 - Apple Inc.)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.39.0.196 - LENOVO (UNITED STATES) INC.)
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 2.1.4.6 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.13 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.43.0 - Lenovo Group Ltd.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.70 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.70 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.007.0109.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Teams) (Version: 1.5.00.19563 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2297796880-1066376711-690406554-1003\...\Teams) (Version: 1.5.00.8070 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{0d9d66bf-5d45-4aea-a4fb-0ef3b4d7b5b6}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Pentablet version 3.1.5.210625 (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 3.1.5.210625 - XP-PEN Technology)
PyCharm Community Edition 2022.1.3 (HKLM-x32\...\PyCharm Community Edition 2022.1.3) (Version: 221.5921.27 - JetBrains s.r.o.)
Python 3.10.5 (64-bit) (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\{e15803b8-d809-47f3-8818-73f0d155cf58}) (Version: 3.10.5150.0 - Python Software Foundation)
Python 3.10.5 Core Interpreter (64-bit) (HKLM\...\{496B2CAE-CF79-440A-82F1-7587559ABA00}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Development Libraries (64-bit) (HKLM\...\{7B0F6EAD-C8A1-4496-8492-801EDE1A6323}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Documentation (64-bit) (HKLM\...\{3BC23B98-3D25-4A74-98FD-A1BE957A1340}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Executables (64-bit) (HKLM\...\{0FE1250F-6DD6-4948-B211-741B7CDBB335}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 pip Bootstrap (64-bit) (HKLM\...\{C3B084B6-D193-4633-BBB4-E890AAB946A2}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Standard Library (64-bit) (HKLM\...\{67F90672-C696-4DBB-8F33-95CCCFA21DCE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Tcl/Tk Support (64-bit) (HKLM\...\{7F7E3C5D-2A37-4F1D-8E8C-3BB073D36BFE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Test Suite (64-bit) (HKLM\...\{269FCA5D-D0CF-43B2-B656-24DF6DAA0D4E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Utility Scripts (64-bit) (HKLM\...\{BBD9CCC0-981B-4976-91EC-4C1E637BCF85}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{25196DA8-29BD-4383-B7B5-B36C3BAF43F3}) (Version: 3.10.7826.0 - Python Software Foundation)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 2021.1.0.17805 - Medixant)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
RogueKiller version 15.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.8.0.0 - Adlice Software)
Sidekick (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\Sidekick) (Version: 108.36.1.29780 - PUSH PLAY LABS, INC.)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.22976 - Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.36.6 - TeamViewer)
Toolkit (HKLM-x32\...\Toolkit) (Version: 2.2.0.37 - Seagate)
uTorrent Web (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\utweb) (Version: 1.3.0 - Rainberry, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Wacom Pen Service (HKLM\...\ISD Tablet Driver) (Version: 7.7.1.13 - Wacom Technology Corp.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\ZoomUMX) (Version: 5.13.3 (11494) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2023-02-02] (Advanced Micro Devices Inc.) [Startup Task]
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.2.8.0_neutral__yxz26nhyzhsrt [2023-02-02] (Microsoft Corp.)
Dolby Audio -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20602.609.0_x64__rz1tebttyb220 [2023-02-02] (Dolby Laboratories)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.28.0_x64__5grkq8ppsgwt4 [2023-02-02] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.7.61.0_neutral__ss941bf8mfs8a [2023-02-02] (Wacom Technology Corp.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2209.2.0_x64__k1h2ywk1493x8 [2023-02-02] (LENOVO INC.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corp.)
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.88.6132.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10114.505.0_x64__8wekyb3d8bbwe [2023-01-21] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corporation)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.5.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.30391.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2023-02-02] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-07-10] (Netflix, Inc.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2022-10-30] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-26] (Microsoft Corporation)
PowerPom - Pomodoro Timer -> C:\Program Files\WindowsApps\25994ProdDev.PowerPom-PomodoroTimer_1.1.6.0_x64__w3j63e9zf5dsr [2022-10-30] (Productive Team)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2023-02-02] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0 [2023-01-21] (Spotify AB) [Startup Task]
Springtime Art -> C:\Program Files\WindowsApps\Microsoft.SpringtimeArt_1.0.0.0_neutral__8wekyb3d8bbwe [2021-12-23] (Microsoft Corporation)
Vector Art PREMIUM -> C:\Program Files\WindowsApps\Microsoft.VectorArtPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2021-12-23] (Microsoft Corporation)
Wacom Pen -> C:\Program Files\WindowsApps\WacomTechnologyCorp.WacomComponentsSettings_7.7.58.0_neutral__ss941bf8mfs8a [2022-06-04] (Wacom Technology Corp.)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-01-30] (Microsoft Windows)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-11] (Microsoft Corporation)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_3.469.1654.0_x86__8wekyb3d8bbwe [2022-05-11] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1001.524.1918.0_x64__8wekyb3d8bbwe [2022-10-12] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1001.524.1918.0_x86__8wekyb3d8bbwe [2022-10-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{04271989-C4D2-2257-0DE6-DE7A9ECD3DA3} -> [OneDrive - University of the Philippines] => C:\Users\valynth\OneDrive - University of the Philippines [2021-07-05 02:31]
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\valynth\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\valynth\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.263\78674B98BA\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\valynth\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.263\78674B98BA\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\valynth\AppData\Local\Sidekick\Application\108.36.1.29780\notification_helper.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{7FCBEF0D-19E0-4533-B42B-39E078130EC8} -> [iCloud Photos] => C:\Users\valynth\iCloudPhotos\Photos [2022-10-16 13:42]
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{84BA2C07-4D78-4ED8-AD00-126D9EEE3073} -> [iCloud Drive] => C:\Users\valynth\iCloudDrive
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2297796880-1066376711-690406554-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\69.0.0.0\drivefsext.dll [2023-01-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps\TikTok.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ee3369a2c94cfb68\Profile 2 - Brave.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e4ed22b324357c2e\Profile 3 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8421420c4b860b3e\Profile 3 - Brave.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Arishten (Yuh) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\valynth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2022-05-20 00:09 - 2022-05-16 08:37 - 002714112 _____ () [File not signed] C:\Users\valynth\AppData\Local\Programs\Canva\ffmpeg.dll
2022-05-20 00:09 - 2022-05-16 08:37 - 000447488 _____ () [File not signed] C:\Users\valynth\AppData\Local\Programs\Canva\libegl.dll
2022-05-20 00:09 - 2022-05-16 08:37 - 007040512 _____ () [File not signed] C:\Users\valynth\AppData\Local\Programs\Canva\libglesv2.dll
2022-05-20 00:09 - 2022-05-16 08:37 - 004654592 _____ () [File not signed] C:\Users\valynth\AppData\Local\Programs\Canva\vk_swiftshader.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 001490944 _____ () [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\avcodec-58.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 000949248 _____ () [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\avformat-58.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 000635392 _____ () [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\avutil-56.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 000153088 _____ () [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\swresample-3.dll
2021-01-18 11:02 - 2021-01-18 11:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2021-01-18 11:02 - 2021-01-18 11:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2021-01-18 11:02 - 2021-01-18 11:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Client\C2R64.dll
2021-01-18 11:02 - 2021-01-18 11:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 002554880 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\libcrypto-1_1.dll
2022-11-17 06:57 - 2022-11-17 06:57 - 000537600 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\valynth\AppData\Roaming\uTorrent Web\libssl-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\.tmp:2B6F90CBEE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer (64-bit).lnk:8C451A749C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk:1FA7E99ECA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk:708E5666EE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk:1A5FAF1E4E [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2297796880-1066376711-690406554-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-01-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\sharepoint.com -> hxxps://goteam1-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 17:14 - 2022-07-15 05:19 - 000000859 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 keystone.mwbsys.com

2021-11-26 19:01 - 2022-04-22 00:08 - 000000571 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
1 616

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2297796880-1066376711-690406554-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\valynth\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\FSeF846VIAAfra2.jpg
HKU\S-1-5-21-2297796880-1066376711-690406554-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\denise\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2297796880-1066376711-690406554-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "PenTablet"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "LenovoVantageToolbar"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2297796880-1066376711-690406554-1002\...\StartupApproved\Run: => "Toolkit"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57AE0A01-6475-4304-80F4-2F028D5D1F2F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{941B36A9-7FC9-47B5-939D-AD1EC0F3F584}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E43AD11C-FA51-41A5-B672-DA7F77D0B401}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE8D417E-0885-48FE-B935-2103F2AE2C36}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7239D2B4-49E6-4F4F-A530-61D8A85A06CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3652B230-C0C0-48FA-986A-76D02E35D161}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A476E0E-A2C7-4D01-AC36-0FF006E23184}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{4EDE7D84-66DF-4F1E-83CB-3E6B893DB798}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{29DB9FCA-D3C4-41F6-B82F-D76BB8F52F1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{28C9C66B-176F-4507-AE92-565D019DDD2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DF7920A-D614-4479-A39E-13493ED0B5C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F486CB41-EAD8-4ED1-A789-E724B903C87E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B50BE12-0455-4099-A16B-CB073C83A64A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D97D4F8-5488-4788-9A50-57317DADDEBC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{465B4D58-8EF3-4ACF-A5E8-5C562F87288C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{231856DD-6D1D-4B65-B57F-9A201183591E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D7226FCD-3A11-484B-AC29-180B5CDB53D1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F35FC24C-0149-49C0-B029-65144D08159E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{195875D4-385A-4659-8FCD-BB56BD8B02B0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8EEA5ABF-1B63-4A84-9AFA-EC669EE02524}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FD4DF0EB-0CDE-48D3-ADE1-14255782C788}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{42FEFBB2-AECB-4126-844D-9B1C846627F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{DC8B4433-3AEF-41BA-B7C7-A4FBC741EDA2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{02FB27C0-DA68-4388-BEB9-D680B63D1DA7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{97CBEC1B-6985-47B4-B912-87F1538D1476}] => (Allow) LPort=80
FirewallRules: [{58264059-A0B4-4457-964C-99D80809E5AB}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{4D38396A-418A-4DA0-96DB-7605B9A5DC84}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{10395400-1380-41DA-9348-060BC08B5B0C}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1909.2618\gxxsvc.exe => No File
FirewallRules: [{0F310EB6-B407-477B-84E7-88FF30BBD210}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe => No File
FirewallRules: [{9AFC6A21-8B33-4C1A-889F-5B883C9DDDEC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22183.300.1431.9295_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE754E60-2470-4E51-B45D-8EC0EE842B11}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22183.300.1431.9295_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0E2C607C-305D-412F-A067-6F0771F1CB42}C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [TCP Query User{EE171744-7A10-46D8-A77A-05C20E865BCE}C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [UDP Query User{FDD8EE93-0831-409B-9404-C7033DA50C91}C:\users\valynth\appdata\local\sidekick\application\sidekick.exe] => (Allow) C:\users\valynth\appdata\local\sidekick\application\sidekick.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
FirewallRules: [TCP Query User{B7C19B2C-AFC1-41BE-9083-8C6729CC2CFB}C:\users\valynth\appdata\local\sidekick\application\sidekick.exe] => (Allow) C:\users\valynth\appdata\local\sidekick\application\sidekick.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
FirewallRules: [UDP Query User{1EEFB71B-E438-4688-8C38-6D1348DF0F9B}C:\users\valynth\appdata\local\sidekick\application\sidekick.exe] => (Allow) C:\users\valynth\appdata\local\sidekick\application\sidekick.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
FirewallRules: [TCP Query User{01EFA2A3-566B-4D5B-835F-3D203F8B558D}C:\users\valynth\appdata\local\sidekick\application\sidekick.exe] => (Allow) C:\users\valynth\appdata\local\sidekick\application\sidekick.exe (Push Play Labs Inc -> PushPlayLabs, Inc.)
FirewallRules: [UDP Query User{02E8533F-47C6-4DF2-BCFD-E3D78FF948B4}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{933E0C05-B991-4DED-80B4-60C3002AAE63}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{1C470B6E-454E-496E-8725-C937CFDCAD5C}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{072F1448-49C9-4ECD-BF0D-7866E110E97D}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{1E81DC67-2048-4539-9671-47E7457A7DCD}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [UDP Query User{B29D888A-2D40-4FE9-9494-5BB258E597A8}C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [TCP Query User{A9F7C08D-B8D7-4936-B8F6-30898400903F}C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{18D84DEE-9D7D-45C9-B179-229C35FAAAE8}C:\riot games\riot client\riotclientservices.exe] => (Block) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{B028603F-5D9B-4883-B00F-0189406C3A3E}C:\riot games\riot client\riotclientservices.exe] => (Block) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{53DDAC35-72B6-480E-875A-776ECC96DEFB}C:\users\valynth\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\valynth\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5317ED43-7DA5-4C3F-A86E-586FFA8B2523}C:\users\valynth\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\valynth\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C5059077-6F7C-4092-875B-0BE51D17C6D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F9D51B3D-76C9-4A30-B268-4151793EBFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{014A1B32-2300-41BF-A7ED-A2230AF6F3BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F640AB0F-73BC-4FFA-9FCA-305C854C0D89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{47F8B96F-7C30-4432-965F-559C900F9421}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3D67CCA2-FFBE-4110-AF57-28A6672062E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6FFB4E1E-BFC4-49DA-8589-0914EC5BA797}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2C2E657C-04C7-4552-BE62-17217574A412}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{63F39249-79AD-49D5-B083-6F946D4285E7}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{1FC6A7DE-3FEA-4F34-84D2-63DBF5F4686D}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{412A3EF2-6203-45E6-A1C1-5A09DC4B1681}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{596B2C99-F9A8-40E7-89D3-2B3CDCDC834A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{462784B2-1299-4222-82FE-AC66B5B641CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30E1AE7A-192E-4D5E-B083-9A444E29F86A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BD3FF2C-6E2E-4AE6-B31C-AD94754A3FFD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C3F05FB-8BC9-441F-BBB6-7A5F2A839867}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30B64F18-1999-47C4-B8F1-598D4201EA4B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30C5CA5D-5A03-45A4-BBCE-CE59609E57A6}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{8CD88A12-3239-4F53-8BFB-2DB2369D46BE}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{046B55BC-53D6-409C-9A0C-582D73A25F2A}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\82.0.4227.23\opera.exe => No File
FirewallRules: [{91456C03-D3F0-4550-9BBB-011D2DBE3F01}] => (Allow) C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CEFA0625-1B31-4F04-BE42-EE23BC350C18}] => (Allow) C:\Users\valynth\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{725252EC-DAF7-4FDC-B342-8B1070E88074}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0FE7523-9D65-418B-AB96-81C2744A1132}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{435D7875-9B0C-4A98-9130-ED7288E22E5C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E3F88A38-3414-4994-A8B6-28FC86C894BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC0D8B4F-4FF0-40EF-994B-49305093C9E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1E6C987-A785-4CA3-B2B0-0166DD5A05FE}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\81.0.4196.60\opera.exe => No File
FirewallRules: [{B70431BD-7526-4B74-95E8-6617CEC625B2}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\81.0.4196.54\opera.exe => No File
FirewallRules: [{06145C1C-57B1-47D4-AA37-7164C844FA8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9D7AE8FD-B65B-467B-A299-1E081554DF0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{004BA257-284A-4EB2-8BAA-41D71BF725BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{CA524D9B-D864-4858-8B75-11A4C4DB2CE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FF6907DE-A5C6-4DD4-A9A0-E9C5C60361BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E210B7A-B0E0-4C28-8127-8A572E860AD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{09DDEC58-1890-45F0-979E-31B520C217B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{36D6DCCB-DB62-464F-99B8-1FA9B7909947}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2FA4221E-45D4-4094-A444-942D2A3C4698}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F2B62415-1D71-4046-8F58-95632FC61058}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{48FBE407-70B4-4A53-A501-6D2EF7B846FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{EACD7767-B18A-4875-830C-6865E0500E55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{BCEB237F-29F0-4825-8353-E1DBC69C2D6B}C:\users\valynth\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\valynth\appdata\roaming\utorrent web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{4EAAD9A1-DADB-4A18-9368-BCEA140699C9}C:\users\valynth\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\valynth\appdata\roaming\utorrent web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F459BCB1-F8F9-4CDB-85C8-6F82C1D69A20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2A772FA5-4272-48EC-9FED-2590ECFA0C75}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D0DFE593-BBFC-48E1-A817-070A23491572}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{64DBC22A-2071-4BF3-86BF-E5C9DC63A1E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3A5EDAFA-2F0C-4D08-9756-C4A2088CFC7E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FB87F1F9-0FC0-4ECF-BE04-9A2F33F4D2F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D7CCB059-D6DA-409E-BDB9-FFB644272F01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{466FC1B8-6CA1-4BCB-8A6A-A187CBCBC4B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2923BCC8-770B-450B-9B57-71EC3F0A27E5}] => (Block) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [TCP Query User{6C1F4045-C275-491F-978A-158E2211EEB3}C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{A3D06926-4057-4CF3-80B3-70294F12ADB9}C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [TCP Query User{AC170D5E-029B-4BE0-86D8-5D3DDC662008}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [UDP Query User{7A1623BE-89B9-4380-9442-BD0754617B19}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{24B48657-A8F8-41A6-BD25-6308A5F56923}C:\program files (x86)\neatreader\neatreader.exe] => (Allow) C:\program files (x86)\neatreader\neatreader.exe => No File
FirewallRules: [UDP Query User{1B79E296-1A6B-4BDC-AAF4-B167AB7D1095}C:\program files (x86)\neatreader\neatreader.exe] => (Allow) C:\program files (x86)\neatreader\neatreader.exe => No File
FirewallRules: [TCP Query User{5AE868B8-7DD4-4188-B1CD-376E28D50723}C:\users\valynth\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\valynth\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{10DD2875-E08A-4375-A35E-329C4FFF4207}C:\users\valynth\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\valynth\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{20769638-5F9D-4CD1-B54F-AD159A64FD67}] => (Allow) C:\Users\valynth\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C42E234F-B0F9-478A-9D1D-323F33C7F45C}] => (Allow) C:\Users\valynth\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F645FAA3-5FAA-4D1B-AE81-7098A11B7D83}] => (Allow) C:\Users\valynth\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AB89D474-20EA-4B86-B980-2CA521116E0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1573C3B3-4173-4E9F-AB9A-D138129245CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C984A893-88D0-420A-BBC9-68DD56A16025}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9B7E8650-21D4-4167-93DA-7424ECBB27A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{BE233D8B-2930-4C27-A93A-E507BD640190}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{5AC811AB-24C6-4788-B9ED-5D0CFB4BFA15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E61B673-2630-4AFE-84D3-0E0EAC0B9C42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{BC6BF9F2-C739-4B13-AA9F-FC64FC8E9042}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [TCP Query User{FC8E815C-0270-4964-AC33-1DC9AF07D1A8}C:\program files (x86)\toolkit\toolkit.exe] => (Block) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{28D96820-CB3A-4D9A-ADAD-2ACB20C74108}C:\program files (x86)\toolkit\toolkit.exe] => (Block) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [{72FD6913-3719-4A43-9AED-52D5758CF473}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2AC0733C-147C-4869-B55B-145894263CE8}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{6A4C6653-B3D5-4B98-B2EC-100DE81F2A89}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED75740D-7CED-4DD9-BBAC-5EABD6E9AEF6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/02/2023 06:27:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\VALYNTH$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 10:27:43 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: facf61c9-41ce-4042-a05e-c94d1c14031f

Method: GET(6421ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/02/2023 05:45:08 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\VALYNTH$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 09:45:12 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 8cbc8c04-3846-4514-b758-7e3a62557fe9

Method: GET(1344ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/02/2023 05:05:49 PM) (Source: Application Error) (EventID: 1000) (User: VALYNTH)
Description: Faulting application name: ctfmon.exe, version: 10.0.22621.1, time stamp: 0xf4b8fb49
Faulting module name: InputService.dll, version: 10.0.22621.1105, time stamp: 0x37d665b1
Exception code: 0x00000675
Fault offset: 0x00000000000a05c8
Faulting process id: 0x0x3e48
Faulting application start time: 0x0x1d936e050226be1
Faulting application path: C:\WINDOWS\system32\ctfmon.exe
Faulting module path: C:\WINDOWS\system32\InputService.dll
Report Id: b7bd5221-fb17-49d6-89a8-a4874cb183ef
Faulting package full name:
Faulting package-relative application ID:

Error: (02/02/2023 04:28:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, PID: 4912, ProfSvc PID: 2104.

Error: (02/02/2023 04:28:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, PID: 4912, ProfSvc PID: 2104.

Error: (02/02/2023 04:27:24 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\VALYNTH$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 08:27:26 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b3f4ac28-9832-47a2-8271-bf1baa8ed0e4

Method: GET(1000ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/02/2023 04:10:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: VALYNTH)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147024662

Error: (02/02/2023 04:04:56 PM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (30956,P,98) TILEREPOSITORYS-1-5-21-2297796880-1066376711-690406554-500: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (02/02/2023 06:21:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/02/2023 06:21:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LenovoVantageService service terminated unexpectedly. It has done this 1 time(s).

Error: (02/02/2023 06:21:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Notebook ITS Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/02/2023 06:21:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FileSyncHelper service terminated unexpectedly. It has done this 1 time(s).

Error: (02/02/2023 06:21:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Universal Device Client Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2023 06:21:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/02/2023 06:21:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RogueKiller RTP service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/02/2023 06:21:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================
Date: 2023-02-02 15:40:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

CodeIntegrity:
===============
Date: 2023-02-03 10:57:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO EECN35WW 04/16/2021
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 7 4700U with Radeon Graphics
Percentage of memory in use: 71%
Total physical RAM: 15742.16 MB
Available physical RAM: 4407.96 MB
Total Virtual: 25810.28 MB
Available Virtual: 2717.71 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:171.39 GB) (Model: SAMSUNG MZALQ512HALU-000L2) NTFS
Drive g: (Google Drive) (Fixed) (Total:475.69 GB) (Free:162.82 GB) (Model: SAMSUNG MZALQ512HALU-000L2) FAT32

\\?\Volume{3797ef98-3804-4cd8-bf11-4ca4c08440fd}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.4 GB) NTFS
\\?\Volume{72199305-12a4-43b7-9e12-de2da08660e9}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: F194FA30)

Partition: GPT.

==================== End of Addition.txt =======================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    11.5 KB · Views: 16
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-01-2023
Ran by valynth (03-02-2023 15:54:01) Run:1
Running from C:\Users\valynth\Downloads
Loaded Profiles: valynth
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2022-10-19 03:57 - 2022-10-19 03:57 - 000017408 _____ () C:\Users\valynth\AppData\Local\WebpageIcons.db
AlternateDataStreams: C:\WINDOWS\system32\.tmp:2B6F90CBEE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer (64-bit).lnk:8C451A749C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk:1FA7E99ECA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk:708E5666EE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk:1A5FAF1E4E [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
FirewallRules: [{FD4DF0EB-0CDE-48D3-ADE1-14255782C788}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{42FEFBB2-AECB-4126-844D-9B1C846627F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{DC8B4433-3AEF-41BA-B7C7-A4FBC741EDA2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{02FB27C0-DA68-4388-BEB9-D680B63D1DA7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{58264059-A0B4-4457-964C-99D80809E5AB}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{4D38396A-418A-4DA0-96DB-7605B9A5DC84}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{10395400-1380-41DA-9348-060BC08B5B0C}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1909.2618\gxxsvc.exe => No File
FirewallRules: [{0F310EB6-B407-477B-84E7-88FF30BBD210}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe => No File
FirewallRules: [UDP Query User{0E2C607C-305D-412F-A067-6F0771F1CB42}C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [TCP Query User{EE171744-7A10-46D8-A77A-05C20E865BCE}C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [{1C470B6E-454E-496E-8725-C937CFDCAD5C}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{072F1448-49C9-4ECD-BF0D-7866E110E97D}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{1E81DC67-2048-4539-9671-47E7457A7DCD}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [UDP Query User{B29D888A-2D40-4FE9-9494-5BB258E597A8}C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [TCP Query User{A9F7C08D-B8D7-4936-B8F6-30898400903F}C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [{C5059077-6F7C-4092-875B-0BE51D17C6D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F9D51B3D-76C9-4A30-B268-4151793EBFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{014A1B32-2300-41BF-A7ED-A2230AF6F3BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F640AB0F-73BC-4FFA-9FCA-305C854C0D89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{47F8B96F-7C30-4432-965F-559C900F9421}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3D67CCA2-FFBE-4110-AF57-28A6672062E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6FFB4E1E-BFC4-49DA-8589-0914EC5BA797}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2C2E657C-04C7-4552-BE62-17217574A412}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{30C5CA5D-5A03-45A4-BBCE-CE59609E57A6}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{8CD88A12-3239-4F53-8BFB-2DB2369D46BE}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{046B55BC-53D6-409C-9A0C-582D73A25F2A}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\82.0.4227.23\opera.exe => No File
FirewallRules: [{F1E6C987-A785-4CA3-B2B0-0166DD5A05FE}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\81.0.4196.60\opera.exe => No File
FirewallRules: [{B70431BD-7526-4B74-95E8-6617CEC625B2}] => (Allow) C:\Users\valynth\AppData\Local\Programs\Opera\81.0.4196.54\opera.exe => No File
FirewallRules: [{06145C1C-57B1-47D4-AA37-7164C844FA8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9D7AE8FD-B65B-467B-A299-1E081554DF0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{004BA257-284A-4EB2-8BAA-41D71BF725BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{CA524D9B-D864-4858-8B75-11A4C4DB2CE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FF6907DE-A5C6-4DD4-A9A0-E9C5C60361BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E210B7A-B0E0-4C28-8127-8A572E860AD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{09DDEC58-1890-45F0-979E-31B520C217B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{36D6DCCB-DB62-464F-99B8-1FA9B7909947}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2FA4221E-45D4-4094-A444-942D2A3C4698}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F2B62415-1D71-4046-8F58-95632FC61058}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{48FBE407-70B4-4A53-A501-6D2EF7B846FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{EACD7767-B18A-4875-830C-6865E0500E55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F459BCB1-F8F9-4CDB-85C8-6F82C1D69A20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2A772FA5-4272-48EC-9FED-2590ECFA0C75}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D0DFE593-BBFC-48E1-A817-070A23491572}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{64DBC22A-2071-4BF3-86BF-E5C9DC63A1E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3A5EDAFA-2F0C-4D08-9756-C4A2088CFC7E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FB87F1F9-0FC0-4ECF-BE04-9A2F33F4D2F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D7CCB059-D6DA-409E-BDB9-FFB644272F01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{466FC1B8-6CA1-4BCB-8A6A-A187CBCBC4B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [TCP Query User{6C1F4045-C275-491F-978A-158E2211EEB3}C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{A3D06926-4057-4CF3-80B3-70294F12ADB9}C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [TCP Query User{24B48657-A8F8-41A6-BD25-6308A5F56923}C:\program files (x86)\neatreader\neatreader.exe] => (Allow) C:\program files (x86)\neatreader\neatreader.exe => No File
FirewallRules: [UDP Query User{1B79E296-1A6B-4BDC-AAF4-B167AB7D1095}C:\program files (x86)\neatreader\neatreader.exe] => (Allow) C:\program files (x86)\neatreader\neatreader.exe => No File
FirewallRules: [{AB89D474-20EA-4B86-B980-2CA521116E0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1573C3B3-4173-4E9F-AB9A-D138129245CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C984A893-88D0-420A-BBC9-68DD56A16025}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9B7E8650-21D4-4167-93DA-7424ECBB27A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{BE233D8B-2930-4C27-A93A-E507BD640190}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{5AC811AB-24C6-4788-B9ED-5D0CFB4BFA15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E61B673-2630-4AFE-84D3-0E0EAC0B9C42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{BC6BF9F2-C739-4B13-AA9F-FC64FC8E9042}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe => No File

*****************

HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
C:\Users\valynth\AppData\Local\WebpageIcons.db => moved successfully
C:\WINDOWS\system32\.tmp => ":2B6F90CBEE" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer (64-bit).lnk => ":8C451A749C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk => ":A1B76439FE" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk => ":1FA7E99ECA" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk => ":708E5666EE" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk => ":1A5FAF1E4E" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk => ":B026C77744" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk => ":B96E9B8455" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD4DF0EB-0CDE-48D3-ADE1-14255782C788}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42FEFBB2-AECB-4126-844D-9B1C846627F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC8B4433-3AEF-41BA-B7C7-A4FBC741EDA2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02FB27C0-DA68-4388-BEB9-D680B63D1DA7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58264059-A0B4-4457-964C-99D80809E5AB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D38396A-418A-4DA0-96DB-7605B9A5DC84}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10395400-1380-41DA-9348-060BC08B5B0C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F310EB6-B407-477B-84E7-88FF30BBD210}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0E2C607C-305D-412F-A067-6F0771F1CB42}C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EE171744-7A10-46D8-A77A-05C20E865BCE}C:\users\valynth\appdata\local\discord\app-1.0.9005\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C470B6E-454E-496E-8725-C937CFDCAD5C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{072F1448-49C9-4ECD-BF0D-7866E110E97D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E81DC67-2048-4539-9671-47E7457A7DCD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B29D888A-2D40-4FE9-9494-5BB258E597A8}C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A9F7C08D-B8D7-4936-B8F6-30898400903F}C:\users\valynth\appdata\local\discord\app-1.0.9004\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5059077-6F7C-4092-875B-0BE51D17C6D2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9D51B3D-76C9-4A30-B268-4151793EBFC2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{014A1B32-2300-41BF-A7ED-A2230AF6F3BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F640AB0F-73BC-4FFA-9FCA-305C854C0D89}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47F8B96F-7C30-4432-965F-559C900F9421}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D67CCA2-FFBE-4110-AF57-28A6672062E2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6FFB4E1E-BFC4-49DA-8589-0914EC5BA797}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C2E657C-04C7-4552-BE62-17217574A412}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30C5CA5D-5A03-45A4-BBCE-CE59609E57A6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8CD88A12-3239-4F53-8BFB-2DB2369D46BE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{046B55BC-53D6-409C-9A0C-582D73A25F2A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1E6C987-A785-4CA3-B2B0-0166DD5A05FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B70431BD-7526-4B74-95E8-6617CEC625B2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06145C1C-57B1-47D4-AA37-7164C844FA8E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D7AE8FD-B65B-467B-A299-1E081554DF0B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{004BA257-284A-4EB2-8BAA-41D71BF725BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA524D9B-D864-4858-8B75-11A4C4DB2CE0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF6907DE-A5C6-4DD4-A9A0-E9C5C60361BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E210B7A-B0E0-4C28-8127-8A572E860AD9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09DDEC58-1890-45F0-979E-31B520C217B2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36D6DCCB-DB62-464F-99B8-1FA9B7909947}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FA4221E-45D4-4094-A444-942D2A3C4698}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2B62415-1D71-4046-8F58-95632FC61058}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48FBE407-70B4-4A53-A501-6D2EF7B846FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EACD7767-B18A-4875-830C-6865E0500E55}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F459BCB1-F8F9-4CDB-85C8-6F82C1D69A20}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A772FA5-4272-48EC-9FED-2590ECFA0C75}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0DFE593-BBFC-48E1-A817-070A23491572}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64DBC22A-2071-4BF3-86BF-E5C9DC63A1E7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A5EDAFA-2F0C-4D08-9756-C4A2088CFC7E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB87F1F9-0FC0-4ECF-BE04-9A2F33F4D2F5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7CCB059-D6DA-409E-BDB9-FFB644272F01}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{466FC1B8-6CA1-4BCB-8A6A-A187CBCBC4B0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C1F4045-C275-491F-978A-158E2211EEB3}C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A3D06926-4057-4CF3-80B3-70294F12ADB9}C:\program files\windowsapps\spotifyab.spotifymusic_1.167.586.0_x86__zpdnekdrzrea0\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{24B48657-A8F8-41A6-BD25-6308A5F56923}C:\program files (x86)\neatreader\neatreader.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B79E296-1A6B-4BDC-AAF4-B167AB7D1095}C:\program files (x86)\neatreader\neatreader.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB89D474-20EA-4B86-B980-2CA521116E0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1573C3B3-4173-4E9F-AB9A-D138129245CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C984A893-88D0-420A-BBC9-68DD56A16025}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B7E8650-21D4-4167-93DA-7424ECBB27A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE233D8B-2930-4C27-A93A-E507BD640190}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AC811AB-24C6-4788-B9ED-5D0CFB4BFA15}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E61B673-2630-4AFE-84D3-0E0EAC0B9C42}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC6BF9F2-C739-4B13-AA9F-FC64FC8E9042}" => removed successfully

==== End of Fixlog 15:54:02 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 0.99.93
x64
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Avast Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Lenovo VantageService 3.13.43.0 LenovoVantage-(DeviceSettingsSystemAddin).exe
system32 AvastSvc.exe -?-
Avast Software Avast aswToolsSvc.exe
Avast Software Avast aswEngSrv.exe
Avast Software Avast afwServ.exe
Avast Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 13-08-2022 01
Ran by valynth (administrator) on 03-02-2023 at 17:49:26
Running from "C:\Users\valynth\Downloads"
Windows 10 Home Single Language (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is unreachable
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Code:
Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : VALYNTH
   Windows . . . . . . . : 10.0.0.22621.X64/8
   User name . . . . . . : VALYNTH\valynth
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2023-02-03 17:57:45
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 15m 8s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 6

   Objects scanned . . . : 4,968,505
   Files scanned . . . . : 333,595
   Remnants scanned  . . : 2,854,291 files / 1,780,619 keys

Cookies _____________________________________________________________________

   C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:addthis.com
   C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:adnxs.com
   C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:crwdcntrl.net
   C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:doubleclick.net
   C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:ml314.com
   C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:scorecardresearch.com
 
Sophos Scan & Clean
www.sophos.com

Computer name . . . . : VALYNTH
Windows . . . . . . . : 10.0.0.22621.X64/8
User name . . . . . . : VALYNTH\valynth
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2023-02-03 17:57:45
Scan mode . . . . . . : Normal
Scan duration . . . . : 15m 8s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 6

Objects scanned . . . : 4,968,505
Files scanned . . . . : 333,595
Remnants scanned . . : 2,854,291 files / 1,780,619 keys

Cookies _____________________________________________________________________

C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:addthis.com
C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:adnxs.com
C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:crwdcntrl.net
C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:doubleclick.net
C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:ml314.com
C:\Users\valynth\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:scorecardresearch.com
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 
Thank you so much, Broni! You are a legend!
I will try doing the remaining items tomorrow and update you. Have a great rest of your day.
 
Back