Solved Machine Slow and Sticky

Hello friends.. Been a while since I have been here.. There once were diagnostics to run and post results for help.. but I don't see them now

My machine is crashing, slow to open programs, and responses to clicks are slow..

Thank you!!

 

Thank you, Broni! Running scans now...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by Arwen (administrator) on THEONE (SAMSUNG ELECTRONICS CO., LTD. 350V5C/350V5X/350V4C/350V4X/351V5C/351V5X/351V4C/351V4X/3540VC/3540VX/3440VC/3440VX) (11-08-2019 12:50:06)
Running from C:\Users\Arwen\Downloads
Loaded Profiles: Arwen & (Available Profiles: Arwen)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6\HP.Smart.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Structure Studios, L.L.C. -> Structure Studios) C:\StructureStudios\SE3D20\x64\SE3D_Core.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-10-23] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [130624 2018-10-23] (Corel Corporation -> WinZip Computing)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe [144728 2011-03-09] (Nova Development -> )
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353104 2017-12-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\RealDownloader\downloader2.exe [1268048 2017-11-29] (RealNetworks, Inc. -> )
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105449831\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105457319\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452034\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105458192\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Google Update] => C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-14] (Google Inc -> Google LLC)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Arwen\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Arwen\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\RunOnce: [Uninstall 19.103.0527.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arwen\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\RunOnce: [Uninstall 19.103.0527.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arwen\AppData\Local\Microsoft\OneDrive\19.103.0527.0003"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\Run: [Google Update] => C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-14] (Google Inc -> Google LLC)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\RunOnce: [Application Restart #0] => C:\Windows\System32\mspaint.exe [6780928 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\RunOnce: [Application Restart #1] => C:\Windows\System32\mspaint.exe [6780928 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2623096 2012-08-26] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1678832 2019-08-05] (Google LLC -> Google LLC)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Drivers32: [vidc.uly2] => C:\StructureStudios\SE3D20\codecs\utvideo64.dll [65568 2019-06-08] (Structure Studios, L.L.C. -> )
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Drivers32: [vidc.x264] => C:\StructureStudios\SE3D20\codecs\x264vfw64.dll [4042272 2019-06-08] (Structure Studios, L.L.C. -> x264vfw project)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\Drivers32: [vidc.uly2] => C:\StructureStudios\SE3D20\codecs\utvideo64.dll [65568 2019-06-08] (Structure Studios, L.L.C. -> )
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\Drivers32: [vidc.x264] => C:\StructureStudios\SE3D20\codecs\x264vfw64.dll [4042272 2019-06-08] (Structure Studios, L.L.C. -> x264vfw project)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-10] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-10] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-07-17]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-12-22]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0BD52A2F-4FF1-4B41-9054-5B7F03B2DA5D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Arwen\Downloads\esetonlinescanner_enu (6).exe [7969304 2019-08-10] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {10AD99B1-9990-4C73-B8E9-E6EA376A9E3D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {17B9C443-ABD3-4261-B188-BD1B5DDBD3C5} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-10-23] (Corel Corporation -> Corel Corporation)
Task: {1834511F-636F-4703-8D12-7C29F892135D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {24FA04AA-A5E4-4F25-B2FE-665AC1B37974} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [135504 2017-11-29] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {25273BEB-1596-4DF2-9ACB-64FB9B924E10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {273E163D-8BD0-4420-A6BF-604990062399} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {33C2B19B-605D-4B98-AB07-6A0AA22E83FA} - System32\Tasks\FaxArchive_CN2BD211XW05S1 => C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3F5DA5C4-9997-473E-945E-7CC7AA284FC9} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: {45ABB5F7-5C01-489E-9D24-75ECFC93A2EE} - System32\Tasks\{0B005567-2F27-4C11-B217-48FB79CD4CFB} => C:\windows\system32\pcalua.exe -a "C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe" -c /remove /q0
Task: {4AD36E97-A0A7-4DC5-A480-09E50B73AAFA} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [3466360 2012-08-30] (Samsung Electronics CO., LTD. -> SEC)
Task: {5145BED0-862E-46E8-BE0C-EE51E91AF5A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [455448 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {54025383-932A-492D-B975-3F3D00B91F0D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {54DE29B1-7A41-49EA-9C33-3F2CDD4E5464} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [135504 2017-11-29] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
Task: {5BF4106A-98B2-43EC-BFCA-BF41A8DD36A0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-15] (Intel® Services Manager -> Intel Corporation)
Task: {5CC84A7B-C17B-4951-A1F2-A2919DC9DC8A} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2623096 2012-08-26] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
Task: {5EC21BF0-4503-4CCC-8D8A-DAE98A25935D} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {675B1F76-91AB-44C7-B2FD-BCEB028FF6B3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6ED04B22-FF2B-4657-A2DC-4FCE1D90A9CB} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2788472 2012-08-24] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
Task: {7EC026DC-DC42-45DD-8D05-67BAC996642F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {82266BBE-21A7-4CAF-9A40-DED4B754EC2E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core1d35e28b237dd8d => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {866704E7-0F2E-4995-85D4-703CBF9E1241} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {A2D1765C-C2A2-46EA-8701-0F34765C564B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [455448 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {A816F8AD-3B4E-4B1D-8202-EABE3C5EE876} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-15] (Intel® Services Manager -> Intel Corporation)
Task: {AFAF86C6-3E00-4438-B502-493857123499} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {B1046984-FC95-4DBE-81AD-7C8A76DA8F5F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {B82FA7BA-DF38-4CEC-9FF3-FC3AED168754} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3995256 2016-01-31] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C55F4626-17E2-42A8-9B08-BBBA832CF2E8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2049928 2019-08-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CF98BCBD-78AD-4D44-B977-0D4CCAC027DE} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-10-23] (Corel Corporation -> Corel Corporation)
Task: {CF9AD7B1-A258-4614-AE15-AAB1352A2A4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {D5341CEA-C726-4E47-A3F5-5DD4C9FB61DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA1d35e28b249f63f => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {D9DD9F47-0F79-48A3-8A7F-51A089EE2D23} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DE75DCC2-4981-4804-91D8-D8248A1F1E6A} - System32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe
Task: {DF39CCBD-9EC0-4172-B81B-0296E0D23366} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Arwen\Downloads\esetonlinescanner_enu (6).exe [7969304 2019-08-10] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {DFD12F97-9B14-45BC-B5A7-BA2D483A2638} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-10-23] (Corel Corporation -> Corel Corporation)
Task: {E28C3419-18FC-4B6C-AE7F-1308CA9ACE32} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-10] (Adobe Inc. -> Adobe)
Task: {ECFD5F00-7404-4420-A935-6D616BD65FE3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe)
Task: {F861D239-AA3D-45D1-A85A-F84823969B4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [455448 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB6D6FE4-1610-4BB3-8519-231B3B051086} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5e936670-642f-4052-aa03-d47cb7323cae}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a1deafae-a273-4369-a12b-a8da1e15e848}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e8f08305-a01b-4b93-b012-19d5eb7d321c}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> {5702548C-054D-441C-8D09-68ACF36AA8ED} URL =
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971 -> {5702548C-054D-441C-8D09-68ACF36AA8ED} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-11-29] (RealNetworks, Inc. -> RealDownloader)
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-11-29] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4

 

117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {483EB14D-AF1C-4951-81B0-4E2B41829FF6} hxxps://assess.shlonline.com/cabs/QOLCheck.ocx
DPF: HKLM-x32 {494DE545-6D3C-4F63-9D73-CF408AB248D9} hxxps://vanillasoft.net/binarys/amiTapiPro.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: mso-minsb.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
Handler: osf.16 - No CLSID Value
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Software Sarl -> Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127 [2019-05-20]
FF Extension: (Avast SafePrice) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\Extensions\sp@avast.com.xpi [2017-11-21] [UpdateUrl:hxxps://firefoxextension.avast.com/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\Extensions\wrc@avast.com.xpi [2018-06-24]
FF Extension: (Telemetry coverage) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\features\{8a3af1d4-a426-4c6d-bce3-eadcf307e115}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-11-15] [Legacy]
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\kompozer.net\KompoZer\Profiles\jj4nfp63.default [2015-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.10.217 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-12-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.10.217 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-12-22] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arwen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/O1DPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-09-18] (Intel) [File not signed]
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-09-18] (Intel) [File not signed]
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin64 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: @citrixonline.com/appdetectorplugin -> C:\Users\Arwen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: @talk.google.com/GoogleTalkPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: @talk.google.com/O1DPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: @tools.google.com/Google Update;version=3 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: @tools.google.com/Google Update;version=9 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-09-18] (Intel) [File not signed]
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-09-18] (Intel) [File not signed]
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: SkypePlugin -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971: SkypePlugin64 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2017-04-11]
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npo1d.dll [2017-04-11]

Chrome:
=======
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default [2019-08-11]
CHR Extension: (Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-13]
CHR Extension: (Regex Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2015-04-13]
CHR Extension: (Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-13]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-24]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-05]
CHR Extension: (Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-10-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-15]
CHR Extension: (FB UID Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfeilckipmpkmoblecjildbpgdjjpnj [2015-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-13]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-07-10]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-10]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-10-12]
CHR Extension: (Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-13]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-13]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-30]
CHR Extension: (Cisco Webex Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-09]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04]
CHR Extension: (FreeConferenceCall.com Scheduler) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2018-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Arwen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Arwen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
S2 KDService; C:\Program Files\KDService\bin\KDService.exe [529424 2018-05-24] (KYOCERA Document Solutions Inc. -> KYOCERA Document Solutions Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [37104 2017-11-29] (RealNetworks, Inc. -> RealNetworks, Inc.)
S4 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-12-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-01-31] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37320 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279336 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168896 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225816 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387688 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2019-08-10] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-10] (AnchorFree Inc -> Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-11 12:47 - 2019-08-11 12:47 - 002097664 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (1).exe
2019-08-11 10:58 - 2019-08-11 10:58 - 000003802 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-08-11 10:58 - 2019-08-11 10:58 - 000003360 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-08-10 23:23 - 2019-08-10 23:23 - 000000726 _____ C:\Users\Arwen\Desktop\ESET Online Scanner.lnk
2019-08-10 23:22 - 2019-08-10 23:22 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (6).exe
2019-08-10 23:22 - 2019-08-10 23:22 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (5).exe
2019-08-10 23:22 - 2019-08-10 23:22 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (4).exe
2019-08-10 23:22 - 2019-08-10 23:22 - 000000825 _____ C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-08-10 10:54 - 2019-08-10 10:54 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-09 08:47 - 2019-08-09 08:47 - 000410616 _____ C:\Users\Arwen\Downloads\doc01825320190808114912.pdf
2019-08-08 13:13 - 2019-08-08 13:13 - 000080772 _____ C:\Users\Arwen\Downloads\Swale Cross Section.pdf
2019-08-07 15:46 - 2019-08-07 15:46 - 000615614 _____ C:\Users\Arwen\Desktop\Lucania ~ Jones Residence I _ Proposal .pdf
2019-08-07 12:59 - 2019-08-07 12:59 - 000910587 _____ C:\Users\Arwen\Downloads\16-22680_permit.pdf
2019-08-07 12:59 - 2019-08-07 12:59 - 000910587 _____ C:\Users\Arwen\Downloads\16-22680_permit (1).pdf
2019-08-07 12:59 - 2019-08-07 12:59 - 000646411 _____ C:\Users\Arwen\Downloads\17-10299_PERMIT_AND_PAPERWORK (1).pdf
2019-08-07 12:58 - 2019-08-07 12:58 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605 (4).pdf
2019-08-07 12:57 - 2019-08-07 12:57 - 000094255 _____ C:\Users\Arwen\Downloads\04-00051_docb023 (1).pdf
2019-08-07 12:53 - 2019-08-07 12:53 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605 (3).pdf
2019-08-07 12:52 - 2019-08-07 12:52 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit (4).pdf
2019-08-05 11:13 - 2019-08-05 11:13 - 000312607 _____ C:\Users\Arwen\Downloads\0325939.pdf
2019-08-05 11:10 - 2019-08-05 11:10 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit.pdf
2019-08-05 11:10 - 2019-08-05 11:10 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit (3).pdf
2019-08-05 11:10 - 2019-08-05 11:10 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit (2).pdf
2019-08-05 11:10 - 2019-08-05 11:10 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit (1).pdf
2019-08-04 19:40 - 2019-08-04 19:40 - 001452787 _____ C:\Users\Arwen\Downloads\COLGATE_SURVEY.pdf
2019-08-01 10:58 - 2019-08-01 11:02 - 000000000 ____D C:\Users\Arwen\Desktop\Gonzalez ~ Ferraro
2019-07-31 13:19 - 2019-07-31 13:19 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (23).pdf
2019-07-30 11:59 - 2019-07-30 14:33 - 000000000 ____D C:\Users\Arwen\Desktop\HBP Photos
2019-07-30 10:31 - 2019-07-30 10:31 - 000054494 _____ C:\Users\Arwen\Downloads\SURV_1813693.pdf
2019-07-30 10:31 - 2019-07-30 10:31 - 000054494 _____ C:\Users\Arwen\Downloads\SURV_1813693 (2).pdf
2019-07-30 10:31 - 2019-07-30 10:31 - 000054494 _____ C:\Users\Arwen\Downloads\SURV_1813693 (1).pdf
2019-07-26 17:31 - 2019-07-26 17:31 - 001669381 _____ C:\Users\Arwen\Downloads\97-74529 (1).pdf
2019-07-26 17:31 - 2019-07-26 17:31 - 000208520 _____ C:\Users\Arwen\Downloads\SURVEY_1901394 (5).pdf
2019-07-26 17:28 - 2019-07-26 17:28 - 000273844 _____ C:\Users\Arwen\Downloads\18-29955_plan (8).pdf
2019-07-26 17:26 - 2019-07-26 17:26 - 001993272 _____ C:\Users\Arwen\Downloads\41075 (8).pdf
2019-07-26 17:25 - 2019-07-26 17:25 - 000216768 _____ C:\Users\Arwen\Downloads\SURVEY_1901458 (4).pdf
2019-07-26 17:25 - 2019-07-26 17:25 - 000216768 _____ C:\Users\Arwen\Downloads\SURVEY_1901458 (3).pdf
2019-07-26 17:24 - 2019-07-26 17:24 - 000055357 _____ C:\Users\Arwen\Downloads\04-40560_docb073 (2).pdf
2019-07-26 17:23 - 2019-07-26 17:23 - 000273844 _____ C:\Users\Arwen\Downloads\18-29955_plan (7).pdf
2019-07-26 15:43 - 2019-07-26 15:43 - 000885338 _____ C:\Users\Arwen\Downloads\Re__Your_New_Pool_Design_and_Proposal.zip
2019-07-26 11:46 - 2019-07-26 11:46 - 000000000 ____D C:\Users\Arwen\Desktop\Recipe Books
2019-07-26 09:12 - 2019-07-26 09:12 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605 (2).pdf
2019-07-26 09:11 - 2019-07-26 09:11 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605 (1).pdf
2019-07-25 15:08 - 2019-07-25 15:08 - 000194141 _____ C:\Users\Arwen\Downloads\03613776.pdf
2019-07-25 15:08 - 2019-07-25 15:08 - 000194141 _____ C:\Users\Arwen\Downloads\03613776 (1).pdf
2019-07-25 15:07 - 2019-07-25 15:07 - 000646411 _____ C:\Users\Arwen\Downloads\17-10299_PERMIT_AND_PAPERWORK.pdf
2019-07-25 15:06 - 2019-07-25 15:06 - 000756376 _____ C:\Users\Arwen\Downloads\0400051.pdf
2019-07-25 15:06 - 2019-07-25 15:06 - 000756376 _____ C:\Users\Arwen\Downloads\0400051 (1).pdf
2019-07-25 15:05 - 2019-07-25 15:05 - 000094255 _____ C:\Users\Arwen\Downloads\04-00051_docb023.pdf
2019-07-24 15:44 - 2019-07-24 15:44 - 000587839 _____ C:\Users\Arwen\Downloads\0402565 (2).pdf
2019-07-24 15:44 - 2019-07-24 15:44 - 000587839 _____ C:\Users\Arwen\Downloads\0402565 (1).pdf
2019-07-24 15:43 - 2019-07-24 15:43 - 000587839 _____ C:\Users\Arwen\Downloads\0402565.pdf
2019-07-24 15:43 - 2019-07-24 15:43 - 000070283 _____ C:\Users\Arwen\Downloads\04-02565_docbcc137.pdf
2019-07-24 15:43 - 2019-07-24 15:43 - 000070283 _____ C:\Users\Arwen\Downloads\04-02565_docbcc137 (1).pdf
2019-07-24 15:42 - 2019-07-24 15:42 - 000207152 _____ C:\Users\Arwen\Downloads\13-03663_permit.pdf
2019-07-24 15:41 - 2019-07-24 15:41 - 000376420 _____ C:\Users\Arwen\Downloads\0322832.pdf
2019-07-24 15:40 - 2019-07-24 15:40 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605.pdf
2019-07-24 15:32 - 2019-07-24 15:32 - 000649885 _____ C:\Users\Arwen\Downloads\0232043.pdf
2019-07-23 15:42 - 2019-07-24 15:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-07-23 15:21 - 2019-07-23 15:22 - 179283504 _____ (Adobe Systems Incorporated) C:\Users\Arwen\Downloads\AcroRdrDC1901220034_en_US (2).exe
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (8).zip
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (7).zip
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (6).zip
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (5).zip
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (4).zip
2019-07-23 15:04 - 2019-07-23 15:04 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (3).zip
2019-07-23 15:02 - 2019-07-23 15:02 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (2).zip
2019-07-23 15:02 - 2019-07-23 15:02 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (1).zip
2019-07-23 15:01 - 2019-07-23 15:01 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015.zip
2019-07-23 14:56 - 2019-07-23 14:56 - 179283504 _____ (Adobe Systems Incorporated) C:\Users\Arwen\Downloads\AcroRdrDC1901220034_en_US (1).exe
2019-07-23 13:05 - 2019-07-23 13:06 - 179283504 _____ (Adobe Systems Incorporated) C:\Users\Arwen\Downloads\AcroRdrDC1901220034_en_US.exe
2019-07-23 11:43 - 2019-07-23 11:44 - 141015434 _____ C:\Users\Arwen\Downloads\AdbeRdr11000_mui_Std (2).zip
2019-07-23 11:41 - 2019-07-23 11:42 - 141015434 _____ C:\Users\Arwen\Downloads\AdbeRdr11000_mui_Std (1).zip
2019-07-23 11:40 - 2019-07-23 11:41 - 141015434 _____ C:\Users\Arwen\Downloads\AdbeRdr11000_mui_Std.zip
2019-07-23 11:20 - 2019-07-23 11:20 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (6).pdf
2019-07-23 11:19 - 2019-07-23 11:19 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (5).pdf
2019-07-23 11:18 - 2019-07-23 11:18 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (4).pdf
2019-07-23 11:01 - 2019-07-23 11:01 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard.pdf
2019-07-23 11:01 - 2019-07-23 11:01 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (3).pdf
2019-07-23 11:01 - 2019-07-23 11:01 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (2).pdf
2019-07-23 11:01 - 2019-07-23 11:01 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (1).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (22).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (21).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (20).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (19).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (18).pdf
2019-07-23 10:46 - 2019-07-23 10:46 - 000415455 _____ C:\Users\Arwen\Downloads\0415804 (1).pdf
2019-07-23 10:45 - 2019-07-23 10:45 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (17).pdf
2019-07-23 10:45 - 2019-07-23 10:45 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (16).pdf
2019-07-23 10:45 - 2019-07-23 10:45 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (15).pdf
2019-07-23 10:44 - 2019-07-23 10:44 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (14).pdf
2019-07-23 10:43 - 2019-07-23 10:43 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (13).pdf
2019-07-23 10:43 - 2019-07-23 10:43 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (12).pdf
2019-07-23 10:42 - 2019-07-23 10:42 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (11).pdf
2019-07-23 10:40 - 2019-07-23 10:40 - 000415455 _____ C:\Users\Arwen\Downloads\0415804.pdf
2019-07-23 10:40 - 2019-07-23 10:40 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (9).pdf
2019-07-23 10:40 - 2019-07-23 10:40 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (8).pdf
2019-07-23 10:40 - 2019-07-23 10:40 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (10).pdf
2019-07-23 10:39 - 2019-07-23 10:39 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (7).pdf
2019-07-23 10:39 - 2019-07-23 10:39 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (6).pdf
2019-07-23 10:39 - 2019-07-23 10:39 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (5).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 001045319 _____ C:\Users\Arwen\Downloads\0301720.pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 001045319 _____ C:\Users\Arwen\Downloads\0301720 (2).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 001045319 _____ C:\Users\Arwen\Downloads\0301720 (1).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (4).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (3).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (2).pdf
2019-07-23 10:37 - 2019-07-23 10:37 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan.pdf
2019-07-23 10:37 - 2019-07-23 10:37 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (1).pdf
2019-07-18 11:54 - 2019-07-18 12:05 - 000000000 ____D C:\Users\Arwen\Desktop\Card Dump _ 07.18.2019
2019-07-18 11:16 - 2019-07-18 11:16 - 001669381 _____ C:\Users\Arwen\Downloads\97-74529.pdf
2019-07-18 09:46 - 2019-07-18 09:46 - 000048026 _____ C:\Users\Arwen\Downloads\Biz Card_1.pdf
2019-07-17 04:47 - 2019-08-11 11:01 - 000000000 ____D C:\Users\Arwen\Desktop\McAuliffe
2019-07-16 23:44 - 2019-07-16 23:45 - 000208520 _____ C:\Users\Arwen\Downloads\SURVEY_1901394 (4).pdf
2019-07-15 14:29 - 2019-07-30 11:53 - 000000000 ____D C:\Users\Arwen\Desktop\My Pools _ HBP

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-11 12:52 - 2017-05-25 20:27 - 000054386 _____ C:\Users\Arwen\Downloads\FRST.txt
2019-08-11 12:50 - 2017-05-25 20:26 - 000000000 ____D C:\FRST
2019-08-11 11:51 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-11 11:00 - 2018-07-03 01:39 - 000000000 ____D C:\Users\Arwen\Desktop\PRO
2019-08-11 10:58 - 2018-07-04 23:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-10 23:47 - 2018-09-09 17:41 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2019-08-10 22:49 - 2018-07-05 00:00 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3548505277-2733688421-2640094488-1001
2019-08-10 22:49 - 2018-07-04 23:30 - 000002403 _____ C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-10 22:49 - 2014-10-12 23:59 - 000000000 ___RD C:\Users\Arwen\OneDrive
2019-08-10 22:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-10 22:34 - 2018-07-04 23:46 - 000005806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-10 10:55 - 2018-09-09 17:44 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2019-08-10 10:55 - 2014-10-12 23:51 - 000000000 __SHD C:\Users\Arwen\IntelGraphicsProfiles
2019-08-10 10:53 - 2018-07-05 00:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-10 10:52 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-10 10:52 - 2013-01-22 12:58 - 000000000 ____D C:\ProgramData\AVAST Software
2019-08-10 10:51 - 2018-07-04 23:30 - 000000000 ____D C:\Users\Arwen
2019-08-08 18:35 - 2013-07-12 13:33 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-08 13:16 - 2018-07-05 00:00 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-08-07 22:30 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-07 22:19 - 2018-08-23 21:25 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-08-07 16:24 - 2018-10-15 14:07 - 000000000 ____D C:\scans2
2019-08-07 14:29 - 2012-12-16 22:21 - 000000000 ____D C:\Users\Arwen\AppData\Local\CrashDumps
2019-08-07 09:36 - 2018-11-21 09:01 - 000000000 ____D C:\Users\Arwen\Desktop\Pending
2019-08-07 09:35 - 2019-03-24 15:38 - 000000000 ____D C:\Users\Arwen\Desktop\McWhorter
2019-08-05 11:18 - 2014-02-13 12:25 - 000387688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-08-04 18:50 - 2018-11-16 13:04 - 000000000 ____D C:\Program Files\rempl
2019-07-31 11:27 - 2019-06-25 17:58 - 000168896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-07-31 11:27 - 2014-02-13 12:25 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-07-26 15:52 - 2019-03-01 04:33 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-26 15:52 - 2018-07-05 00:00 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA1d35e28b249f63f
2019-07-26 15:52 - 2018-07-05 00:00 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-26 15:52 - 2018-07-05 00:00 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA
2019-07-26 15:52 - 2018-07-05 00:00 - 000003286 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core1d35e28b237dd8d
2019-07-26 15:52 - 2018-07-05 00:00 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-07-26 15:52 - 2018-07-05 00:00 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-26 15:52 - 2018-07-05 00:00 - 000003070 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF6E7FF6-A826-4FA6-A008-42C24AD91130}
2019-07-26 15:52 - 2018-07-05 00:00 - 000003040 _____ C:\WINDOWS\System32\Tasks\FaxArchive_CN2BD211XW05S1
2019-07-26 15:52 - 2018-07-05 00:00 - 000003020 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core
2019-07-26 15:52 - 2018-07-05 00:00 - 000002750 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec
2019-07-26 15:52 - 2018-07-05 00:00 - 000002642 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001
2019-07-26 15:52 - 2018-07-05 00:00 - 000002524 _____ C:\WINDOWS\System32\Tasks\Settings
2019-07-26 15:52 - 2018-07-05 00:00 - 000002514 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001
2019-07-26 15:52 - 2018-07-05 00:00 - 000002502 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet 4620 series
2019-07-26 15:52 - 2018-07-05 00:00 - 000002496 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2019-07-26 15:52 - 2018-07-05 00:00 - 000002458 _____ C:\WINDOWS\System32\Tasks\WLANStartup
2019-07-26 15:52 - 2018-07-05 00:00 - 000002378 _____ C:\WINDOWS\System32\Tasks\SWUpdateAgent
2019-07-26 15:52 - 2018-07-05 00:00 - 000002312 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check
2019-07-26 15:52 - 2018-07-05 00:00 - 000002128 _____ C:\WINDOWS\System32\Tasks\SAgent
2019-07-26 15:52 - 2018-07-05 00:00 - 000002126 _____ C:\WINDOWS\System32\Tasks\{0B005567-2F27-4C11-B217-48FB79CD4CFB}
2019-07-26 15:52 - 2018-07-05 00:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-07-26 11:48 - 2019-03-10 17:45 - 000000000 ____D C:\Users\Arwen\Desktop\POOLS 2019
2019-07-23 15:43 - 2018-11-21 09:01 - 000000000 ____D C:\Users\Arwen\Desktop\SOLD
2019-07-23 15:42 - 2016-02-13 19:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-07-23 13:10 - 2019-05-27 20:43 - 000000000 ____D C:\Users\Arwen\Desktop\Photos
2019-07-23 13:04 - 2014-07-07 17:49 - 000000000 ____D C:\Users\Arwen\AppData\Local\Adobe
2019-07-21 22:04 - 2014-02-12 07:05 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-21 22:03 - 2016-02-16 03:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories ================

2019-03-01 04:24 - 2019-03-01 04:24 - 000001477 _____ () C:\Users\Arwen\AppData\Local\recently-used.xbel

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\vanillasoft.net -> hxxps://vanillasoft.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2019-01-20 04:01 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105449831\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105457319\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452034\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105458192\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arwen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\blue_chameleon.jpg
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\Control Panel\Desktop\\Wallpaper -> C:\Users\Arwen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\blue_chameleon.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "ReminderApp_EEAC3053-7055-4143-B8A0-306758055099"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "HP Officejet 4620 series (NET)"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "eyeBeam SIP Client"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "MobileAppSync"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\Run: => "HP Officejet 4620 series (NET)"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\Run: => "eyeBeam SIP Client"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\Run: => "MobileAppSync"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A05F996A-DFF2-4DBB-BB7B-6213C42CCB38}] => (Allow) LPort=9444
FirewallRules: [{FB20C203-237D-4AAA-8145-14677711D0F2}] => (Allow) LPort=9244
FirewallRules: [{DFA7C63E-6E6F-4733-AA36-61E968113BBB}] => (Allow) LPort=3702
FirewallRules: [{FD99183D-808A-4608-8C89-AB567A2962D9}] => (Allow) LPort=9247
FirewallRules: [{EE0FA760-C9FE-4FB1-96E3-B8FDCC0CD2BA}] => (Allow) LPort=9246
FirewallRules: [{88685F0B-6B08-44F8-BC31-D7871A661965}] => (Allow) LPort=9245
FirewallRules: [{20E7F0C6-043C-4966-A82C-F02D75B34E9F}] => (Allow) LPort=9422
FirewallRules: [UDP Query User{C7A6B246-6029-45FB-9C56-91DF3EA9606D}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Allow) C:\program files (x86)\microsoft silverlight\sllauncher.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5547B77C-F52E-4D7D-8BBA-BC0DA696B906}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Allow) C:\program files (x86)\microsoft silverlight\sllauncher.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B57F6A28-6920-4F77-A75A-FCB3FB40A696}C:\users\arwen\documents\wpf\dynamic\1.2.3\softphone.exe] => (Block) C:\users\arwen\documents\wpf\dynamic\1.2.3\softphone.exe No File
FirewallRules: [TCP Query User{2A9CD1BA-9AAB-496C-B494-1A7BEEB32C99}C:\users\arwen\documents\wpf\dynamic\1.2.3\softphone.exe] => (Block) C:\users\arwen\documents\wpf\dynamic\1.2.3\softphone.exe No File
FirewallRules: [UDP Query User{3AAD7360-9D41-4F80-A214-7693FEBF5197}C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe] => (Allow) C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe (Chase Data Corporation -> ChaseData) [File not signed]
FirewallRules: [TCP Query User{A29AFC7B-3E25-4483-A5FA-0E78546E91FF}C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe] => (Allow) C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe (Chase Data Corporation -> ChaseData) [File not signed]
FirewallRules: [{9DCB8878-D257-4603-842F-3FBEDF56723D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3AC79786-79B8-4A5D-9E78-7302C16ED780}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{A37F0A12-6BDF-4469-A8D2-755EBA9B8FC5}C:\users\arwen\kodi\kodi.exe] => (Allow) C:\users\arwen\kodi\kodi.exe No File
FirewallRules: [TCP Query User{E0BB190D-654A-49BD-A81C-5933829A0D70}C:\users\arwen\kodi\kodi.exe] => (Allow) C:\users\arwen\kodi\kodi.exe No File
FirewallRules: [{87F7ACBE-C5B0-4702-AC7D-DFEA5BB85994}] => (Allow) C:\Users\Arwen\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{35C62B24-008C-47F3-8842-CD26973164D8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{BD31835B-F3F4-44B4-9E61-9321DD1C0B1A}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe No File
FirewallRules: [TCP Query User{F30DBDEB-139B-4448-A1FD-462F3C70FDF1}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe No File
FirewallRules: [UDP Query User{2669B789-2724-4AEE-955C-47B057D19522}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe No File
FirewallRules: [TCP Query User{835DE832-FED2-47EE-9F44-1CC3F943C203}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe No File
FirewallRules: [{537DE16A-DE03-4780-8EE2-65CE35CB3509}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{E76076D8-B77B-4717-8927-F0FCC8D3ACBA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{E5BDA255-2693-4BA1-A18C-DDDCFC6447C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{475845B5-8E58-4B86-9021-F02FE930CAFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BE4847A3-39DA-4D16-9341-FC190F8C5255}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{9A233B96-B59A-4837-AAF0-6F73C8FCFFE3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{75A7B777-C639-4F54-B838-0616DF7E3EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{897FCBF3-3082-48C3-9C78-0351D95DF122}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{F43B2C4C-F5EA-4363-9415-ECF9FAFFC407}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [TCP Query User{AF65212D-E559-4D49-819C-46656D5E5574}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe No File
FirewallRules: [UDP Query User{34DCC5C5-F507-4750-A702-89C5C976901A}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe No File
FirewallRules: [TCP Query User{6FB881D4-3548-4915-9B65-EFCF834D023F}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe No File
FirewallRules: [UDP Query User{D20A30A3-E10B-455C-964E-F3168399D131}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe No File
FirewallRules: [TCP Query User{D10F29B3-A1D4-4199-A79A-1D8F9E6A3498}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [UDP Query User{E920F795-8C2E-47C2-8BC7-AD34E45AB82E}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{7FC20502-F09E-4883-B32D-33DB7A6F7BB1}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe (APL, INC.) [File not signed]
FirewallRules: [UDP Query User{FDB83730-E44D-42BA-B0BE-7325D05CFF85}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{47220578-96A8-48BC-8FA9-81CD8483B8B9}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [UDP Query User{2A1AB145-840C-4E4B-A732-E6AEA182B799}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{EE9B6915-CE09-48C0-B34A-B48F9C88A47D}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe No File
FirewallRules: [UDP Query User{B8A52E80-E47F-4A31-8652-BBD0C01845C3}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe No File
FirewallRules: [{C70516C4-682D-4C00-AEBA-9516CDE43654}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{1CBD6BF6-C91F-4AD7-B790-05962F10B60D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{89291383-A2BC-4BA5-827A-07C7D77C1058}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe No File
FirewallRules: [{48A033F5-76D1-48E1-A766-66C38E6AB5EE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe No File
FirewallRules: [{A715A783-E8A3-41C6-A5D1-91D53A40F5F6}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe No File
FirewallRules: [{AD505DC0-F9C7-4705-A44A-AE403692F7A1}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe No File
FirewallRules: [{2DE15FEF-6E01-428D-A182-546B170AAE15}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File
FirewallRules: [{5E8A3DB7-6CD0-49AA-BEA6-1C2C78F8BD92}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File
FirewallRules: [{A815C66B-2F5A-4DC6-8E6A-8422AAD9968A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A256DE0D-91C4-4813-8D37-4094F0093856}] => (Allow) LPort=2869
FirewallRules: [{BC33BA8B-43DA-4101-A7EF-C845A5EE9C1B}] => (Allow) LPort=1900
FirewallRules: [{FA9129FF-73AD-4F17-A3E4-08C387470DC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1F94449-8AEC-4E3A-8DE8-DBCDD44097B6}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{060EE5CE-E754-4068-A9F0-DB0B1E52745D}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6A0B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{A96936A1-718D-4199-9428-17A856DD2034}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6A0B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{48C0F54D-90C5-4C58-A35A-F89CE471DCAB}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS01AB\HPDiagnosticCoreUI.exe No File
FirewallRules: [{E2EF637B-0A93-4615-B67B-075AF757B145}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS01AB\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D30358D4-C296-44E2-B7C4-AF6483584874}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS34AE\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C4AC9F0E-858B-4AA0-BB14-05790415AD7A}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS34AE\HPDiagnosticCoreUI.exe No File
FirewallRules: [{3EAA0162-F9A5-42C5-81B5-2183153AF1C3}] => (Allow) C:\Users\Arwen\AppData\Roaming\Zoom\bin\Zoom.exe No File
FirewallRules: [{2EA059D6-344A-459C-837D-6FF78927AE5C}] => (Allow) C:\Users\Arwen\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{CDF90023-4E0C-4594-BF52-6183EDB3B776}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

23-07-2019 11:48:01 Removed Adobe Acrobat Reader DC.
31-07-2019 17:34:21 Scheduled Checkpoint
04-08-2019 18:45:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2019 10:50:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x50376629
Faulting module name: EasySettingsBase.dll, version: 0.0.0.0, time stamp: 0x5039da3f
Exception code: 0xc000041d
Fault offset: 0x00001610
Faulting process id: 0xb0c
Faulting application start time: 0x01d54f8b7eb0eeff
Faulting application path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
Faulting module path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
Report Id: 14f02706-abbd-40cc-8905-d8e34f096f76
Faulting package full name:
Faulting package-relative application ID:

Error: (08/10/2019 10:49:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x50376629
Faulting module name: EasySettingsBase.dll, version: 0.0.0.0, time stamp: 0x5039da3f
Exception code: 0xc0000005
Fault offset: 0x00001610
Faulting process id: 0xb0c
Faulting application start time: 0x01d54f8b7eb0eeff
Faulting application path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
Faulting module path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
Report Id: 33e24d65-d8cd-4160-8ae4-385c1cef5a7a
Faulting package full name:
Faulting package-relative application ID:

Error: (08/10/2019 10:33:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/10/2019 10:33:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/10/2019 10:30:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/10/2019 10:30:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/08/2019 06:17:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SE3D_Core.exe, version: 2.5.10.0, time stamp: 0x5c89ffa8
Faulting module name: mfc140.dll, version: 14.15.26706.0, time stamp: 0x5b3f07fe
Exception code: 0xc0000005
Fault offset: 0x000000000000355e
Faulting process id: 0x2b08
Faulting application start time: 0x01d54e33fad416d0
Faulting application path: C:\StructureStudios\SE3D20\x64\SE3D_Core.exe
Faulting module path: C:\WINDOWS\SYSTEM32\mfc140.dll
Report Id: a69d17ed-cc4c-4f75-aafc-5538a763904f
Faulting package full name:
Faulting package-relative application ID:

Error: (08/08/2019 06:17:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SE3D_Core.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at SSGUI.IWPFConnectionPoint.On_Event(System.String, System.String, System.String, Int32)
at SSGUI.CtrlMgr.Mouse_Click_Hook(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
at System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)
at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)


System errors:
=============
Error: (08/11/2019 04:37:30 AM) (Source: DCOM) (EventID: 10016) (User: THEONE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user TheOne\Arwen SID (S-1-5-21-3548505277-2733688421-2640094488-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 11:24:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/10/2019 11:24:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arwen\AppData\Local\Temp\ehdrv.sys

Error: (08/10/2019 11:24:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arwen\AppData\Local\Temp\ehdrv.sys

Error: (08/10/2019 11:24:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/10/2019 11:24:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/10/2019 11:24:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arwen\AppData\Local\Temp\ehdrv.sys

Error: (08/10/2019 11:24:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading


CodeIntegrity:
===================================

Date: 2019-08-10 23:20:32.806
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AcSignIcon.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 23:20:32.799
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 23:20:32.728
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 23:20:32.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 23:20:32.711
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 23:20:32.671
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AcSignIcon.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 23:20:32.619
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 23:20:32.282
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P02ABE 08/24/2012
Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP350E7C-A01US
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 8083.5 MB
Available physical RAM: 2411.11 MB
Total Virtual: 15251.5 MB
Available Virtual: 7306.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.58 GB) (Free:729.66 GB) NTFS

\\?\Volume{b98955a8-b61a-418a-8b15-55d68631086a}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
\\?\Volume{1f808df2-4ce7-4b0b-8cd4-ad4f9b3c3067}\ () (Fixed) (Total:0.92 GB) (Free:0.42 GB) NTFS
\\?\Volume{c3ab75b8-3ab2-49ef-9c79-6f83d9e2e80b}\ (SAMSUNG_REC2) (Fixed) (Total:22.11 GB) (Free:0.99 GB) NTFS
\\?\Volume{354f307c-2e13-46a4-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.29 GB) FAT32
\\?\Volume{0802c3af-e7db-4cb4-8bb4-24a1348c0432}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A56C4F25)

Partition: GPT.

==================== End of Addition.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by Arwen (11-08-2019 12:53:07)
Running from C:\Users\Arwen\Downloads
Windows 10 Home Version 1803 17134.885 (X64) (2018-07-05 04:01:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3548505277-2733688421-2640094488-500 - Administrator - Disabled)
Arwen (S-1-5-21-3548505277-2733688421-2640094488-1001 - Administrator - Enabled) => C:\Users\Arwen
DefaultAccount (S-1-5-21-3548505277-2733688421-2640094488-503 - Limited - Disabled)
Guest (S-1-5-21-3548505277-2733688421-2640094488-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3548505277-2733688421-2640094488-1049 - Limited - Enabled)
scans (S-1-5-21-3548505277-2733688421-2640094488-1051 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3548505277-2733688421-2640094488-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBulkMailer (HKLM-x32\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 8.5 - Advanced Business Objects)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Art Explosion Publisher Pro Silver Edition (HKLM-x32\...\{C62D7344-8709-4443-9C95-F90659CBC27F}) (Version: 1.0.0.8 - Nova Development)
Autodesk DWG TrueView 2019 - English (HKLM\...\DWG TrueView 2019 - English) (Version: 23.0.46.0 - Autodesk)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software)
Avast Driver Updater (HKLM-x32\...\{630C3D8E-2BEE-465F-9E59-BB069ED10761}) (Version: 2.5.6 - AVAST Software) Hidden
Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.5.6 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Chromium (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Chromium (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DWG TrueView 2019 - English (HKLM\...\{28B89EEF-2028-0409-0100-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 41450 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 5.0.1120 - KYOCERA Document Solutions Inc.)
KYOCERA Status Monitor 5 (HKLM\...\{24EE7F6D-C648-463f-9E71-DC5FD2258D17}) (Version: 5.0.6015 - KYOCERA Document Solutions Inc.)
ListExtractor (HKLM-x32\...\{9BDEFE48-95D2-45A7-AC9F-B9CECC0E8E42}) (Version: 2.00.0000 - AtPacific)
Luxor 3 (HKLM-x32\...\BFG-Luxor 3) (Version: - )
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Print Artist Platinum 24 (HKLM-x32\...\{7568CBAC-FC7F-4EE9-8CAC-B4274FC93B4E}) (Version: 24.0.1.2 - Nova Development)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RealDownloader (HKLM-x32\...\{EAC491EB-9FD9-4B6A-A277-047C7DE2C4B4}) (Version: 18.1.10.217 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.10 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.0 - Samsung Electronics CO., LTD.)
SE3D_Installer (HKLM-x32\...\{B717245E-8A7C-4ABF-B383-2930A5AD9555}) (Version: 2.2.23.0 - Structure Studios) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SHA Premium Quotation System (HKLM-x32\...\SHA Premium Quotation System) (Version: Version 2.1 - USHEALTH)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{F7C13D74-E0FD-4A76-896A-E8687769767D}) (Version: 7.5.0.127 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Structure Studios SE3D 2 (HKLM-x32\...\{f34fdbb4-7449-4b2e-89e5-0c15c7190665}) (Version: 2.2.23.0 - Structure Studios)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411D}) (Version: 23.0.13300 - Corel Corporation)

Packages:
=========
Adera -> C:\Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe [2014-10-14] (Microsoft Studios)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Google -> C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_2.1.19.0_x64__yfg5n0ztvskxp [2017-07-27] (Google Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-20] (HP Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2018-05-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2018-05-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw [2019-07-29] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.)
PhotoEditor -> C:\Program Files\WindowsApps\6E04A0BD.PhotoEditor_1.0.0.37_neutral__ez4k4b2fwzhzt [2013-01-30] (SAMSUNG ELECTRONICS CO,. LTD.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation)
S Camera -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SCamera_1.0.1903.26021_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
S Gallery -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SGallery_1.0.1903.26021_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
S Player -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SPlayer_1.0.2216.21222_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
Samsung Signature Store -> C:\Program Files\WindowsApps\128374E71F94E.SamsungStore_1.0.2.815_neutral__9sy8ehn46reqm [2012-12-16] (Digital River, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Zuma Revenge! -> C:\Program Files\WindowsApps\22669SuperFreeHotGames.ZumaRevenge_2.5.0.0_x64__ztn9gjgw8wrhe [2019-07-04] (Super Free Hot Games) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{0825CC0E-34BD-4FE4-B78D-EF6582A94B6A}\InprocServer32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\GatewayActiveX-x64.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\en-US\dwgviewrficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\dwgviewr.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2018-01-30] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2018-01-30] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-30] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-18] (CyberLink -> Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-12-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Arwen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-07-17 15:50 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2019-07-20 12:27 - 2019-07-20 12:27 - 068388352 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6\HP.Smart.dll
2019-07-20 12:27 - 2019-07-20 12:27 - 000029696 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6\HP.Smart.exe
2019-06-28 14:20 - 2019-06-28 14:20 - 000013312 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6\NativeRpcClient.dll
2016-07-12 16:33 - 2013-12-05 23:05 - 000179712 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMBMDE.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:59846E5E [446]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\evolvondemand.net -> hxxps://transcom.evolvondemand.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\vanillasoft.net -> hxxps://vanillasoft.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105452971\...\evolvondemand.net -> hxxps://transcom.evolvondemand.net
IE trusted site: HKU\S-1

 

RogueKiller Anti-Malware V13.4.2.0 (x64) [Aug 9 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Arwen [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190812_111803, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/08/12 10:28:36 (Duration : 00:37:05)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Slimware (Potentially Malicious)] SWDUMon [AVG Technologies CZ, s.r.o.] -- %SystemRoot%\System32\drivers\SWDUMon.sys -> Stopped
[PUP.Gen1 (Potentially Malicious)] \{0B005567-2F27-4C11-B217-48FB79CD4CFB} -- C:\windows\system32\pcalua.exe (-a "C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe" -c /remove /q0) -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -- -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\IncrediMail -- -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105445565\Software\IncrediMail -- -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08102019105456454\Software\IncrediMail -- -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\IncrediMail -- -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\IncrediMail -- -> Deleted
[PUP.Slimware (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater -- -> Deleted
[PUP.Slimware (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- [%SystemRoot%\System32\drivers\SWDUMon.sys] -> Deleted
[PUP.Slimware (Potentially Malicious)] SWDUMon.sys [AVG Technologies CZ, s.r.o.] -- %SystemRoot%\System32\drivers\SWDUMon.sys -> Deleted
[PUP.HighPCBooster (Potentially Malicious)] BSD -- %programdata%\BSD -> Deleted
[PUP.Iolo (Potentially Malicious)] iolo -- %programdata%\iolo -> Deleted
[PUP.Slimware (Potentially Malicious)] Avast Driver Updater -- %programdata%\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater -> Deleted
[PUP.Slimware (Potentially Malicious)] Avast Driver Updater -- %programfiles(x86)%\Avast Driver Updater -> Deleted
[PUP.Iolo (Potentially Malicious)] iolo -- %programfiles(x86)%\iolo -> Deleted
[PUP.Gen0 (Potentially Malicious)] Amazon Assistant for Chrome -- pbjikboenpfhbbejgkoklgkhjpfogcam -> Deleted

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/12/19
Scan Time: 10:35 AM
Log File: 6438f71e-bd0e-11e9-bec7-b888e36c7608.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11972
License: Free

-System Information-
OS: Windows 10 (Build 17134.885)
CPU: x64
File System: NTFS
User: THEONE\Arwen

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 330257
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 21 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-12-2019
# Duration: 00:00:16
# OS: Windows 10 Home
# Cleaned: 57
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6791B659-D23C-4222-8A5-B2FC2F8E3489}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E43FA1A-BF9C-4CFC-949D-EB5EB54530}
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
Deleted HKLM\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted HKLM\Software\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted HKLM\Software\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted HKLM\Software\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted HKLM\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted HKLM\Software\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted HKLM\Software\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted HKLM\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted HKLM\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted HKLM\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted HKLM\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted HKLM\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted HKLM\Software\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted HKLM\Software\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted HKLM\Software\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted HKLM\Software\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted HKLM\Software\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted HKLM\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted HKLM\Software\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted HKLM\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted HKLM\Software\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.CyberLinkShellExtension
Deleted Preinstalled.HPHealthCheck
Deleted Preinstalled.HPSupportAssistant
Deleted Preinstalled.LenovoPower2Go
Deleted Preinstalled.LenovoPowerDVD
Deleted Preinstalled.SamsungSAgent
Deleted Preinstalled.SamsungSettings
Deleted Preinstalled.SamsungUpdate


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5226 octets] - [12/08/2019 11:05:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by Arwen (administrator) on THEONE (SAMSUNG ELECTRONICS CO., LTD. 350V5C/350V5X/350V4C/350V4X/351V5C/351V5X/351V4C/351V4X/3540VC/3540VX/3440VC/3440VX) (12-08-2019 13:11:26)
Running from C:\Users\Arwen\Downloads
Loaded Profiles: Arwen (Available Profiles: Arwen)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Arwen\Downloads\AdwCleaner (1).exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-10-23] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [130624 2018-10-23] (Corel Corporation -> WinZip Computing)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe [144728 2011-03-09] (Nova Development -> )
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353104 2017-12-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\RealDownloader\downloader2.exe [1268048 2017-11-29] (RealNetworks, Inc. -> )
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Google Update] => C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-14] (Google Inc -> Google LLC)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Drivers32: [vidc.uly2] => C:\StructureStudios\SE3D20\codecs\utvideo64.dll [65568 2019-06-08] (Structure Studios, L.L.C. -> )
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Drivers32: [vidc.x264] => C:\StructureStudios\SE3D20\codecs\x264vfw64.dll [4042272 2019-06-08] (Structure Studios, L.L.C. -> x264vfw project)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-10] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-10] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-07-17]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-12-22]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0BD52A2F-4FF1-4B41-9054-5B7F03B2DA5D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Arwen\Downloads\esetonlinescanner_enu (6).exe [7969304 2019-08-10] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {10AD99B1-9990-4C73-B8E9-E6EA376A9E3D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {17B9C443-ABD3-4261-B188-BD1B5DDBD3C5} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-10-23] (Corel Corporation -> Corel Corporation)
Task: {1834511F-636F-4703-8D12-7C29F892135D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {24FA04AA-A5E4-4F25-B2FE-665AC1B37974} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [135504 2017-11-29] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {25273BEB-1596-4DF2-9ACB-64FB9B924E10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {273E163D-8BD0-4420-A6BF-604990062399} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {33C2B19B-605D-4B98-AB07-6A0AA22E83FA} - System32\Tasks\FaxArchive_CN2BD211XW05S1 => C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3F5DA5C4-9997-473E-945E-7CC7AA284FC9} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: {4AD36E97-A0A7-4DC5-A480-09E50B73AAFA} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [3466360 2012-08-30] (Samsung Electronics CO., LTD. -> SEC)
Task: {5145BED0-862E-46E8-BE0C-EE51E91AF5A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [455448 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {54025383-932A-492D-B975-3F3D00B91F0D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {54DE29B1-7A41-49EA-9C33-3F2CDD4E5464} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [135504 2017-11-29] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
Task: {5BF4106A-98B2-43EC-BFCA-BF41A8DD36A0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-15] (Intel® Services Manager -> Intel Corporation)
Task: {5EC21BF0-4503-4CCC-8D8A-DAE98A25935D} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {675B1F76-91AB-44C7-B2FD-BCEB028FF6B3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7EC026DC-DC42-45DD-8D05-67BAC996642F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {82266BBE-21A7-4CAF-9A40-DED4B754EC2E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core1d35e28b237dd8d => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {866704E7-0F2E-4995-85D4-703CBF9E1241} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {A2D1765C-C2A2-46EA-8701-0F34765C564B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [455448 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {A816F8AD-3B4E-4B1D-8202-EABE3C5EE876} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-15] (Intel® Services Manager -> Intel Corporation)
Task: {AFAF86C6-3E00-4438-B502-493857123499} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {B1046984-FC95-4DBE-81AD-7C8A76DA8F5F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {B82FA7BA-DF38-4CEC-9FF3-FC3AED168754} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3995256 2016-01-31] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C55F4626-17E2-42A8-9B08-BBBA832CF2E8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2049928 2019-08-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CF98BCBD-78AD-4D44-B977-0D4CCAC027DE} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-10-23] (Corel Corporation -> Corel Corporation)
Task: {CF9AD7B1-A258-4614-AE15-AAB1352A2A4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {D5341CEA-C726-4E47-A3F5-5DD4C9FB61DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA1d35e28b249f63f => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DE75DCC2-4981-4804-91D8-D8248A1F1E6A} - System32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe
Task: {DF39CCBD-9EC0-4172-B81B-0296E0D23366} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Arwen\Downloads\esetonlinescanner_enu (6).exe [7969304 2019-08-10] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {DFD12F97-9B14-45BC-B5A7-BA2D483A2638} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-10-23] (Corel Corporation -> Corel Corporation)
Task: {E28C3419-18FC-4B6C-AE7F-1308CA9ACE32} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-10] (Adobe Inc. -> Adobe)
Task: {ECFD5F00-7404-4420-A935-6D616BD65FE3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe)
Task: {F648ADA2-6A14-486C-9BC4-64444B7D899F} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [34922040 2019-08-09] (Adlice -> )
Task: {F861D239-AA3D-45D1-A85A-F84823969B4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [455448 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB6D6FE4-1610-4BB3-8519-231B3B051086} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5e936670-642f-4052-aa03-d47cb7323cae}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a1deafae-a273-4369-a12b-a8da1e15e848}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e8f08305-a01b-4b93-b012-19d5eb7d321c}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> {5702548C-054D-441C-8D09-68ACF36AA8ED} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-11-29] (RealNetworks, Inc. -> RealDownloader)
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-11-29] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {483EB14D-AF1C-4951-81B0-4E2B41829FF6} hxxps://assess.shlonline.com/cabs/QOLCheck.ocx
DPF: HKLM-x32 {494DE545-6D3C-4F63-9D73-CF408AB248D9} hxxps://vanillasoft.net/binarys/amiTapiPro.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: mso-minsb.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
Handler: osf.16 - No CLSID Value
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Software Sarl -> Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127 [2019-05-20]
FF Extension: (Avast SafePrice) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\Extensions\sp@avast.com.xpi [2017-11-21] [UpdateUrl:hxxps://firefoxextension.avast.com/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\Extensions\wrc@avast.com.xpi [2018-06-24]
FF Extension: (Telemetry coverage) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\features\{8a3af1d4-a426-4c6d-bce3-eadcf307e115}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-11-15] [Legacy]
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\kompozer.net\KompoZer\Profiles\jj4nfp63.default [2015-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-

 

07-10] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.10.217 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-12-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.10.217 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-12-22] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arwen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/O1DPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-09-18] (Intel) [File not signed]
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-09-18] (Intel) [File not signed]
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin64 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2017-04-11]
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npo1d.dll [2017-04-11]

Chrome:
=======
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default [2019-08-12]
CHR Extension: (Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-13]
CHR Extension: (Regex Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2015-04-13]
CHR Extension: (Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-13]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-24]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-05]
CHR Extension: (Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-10-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-15]
CHR Extension: (FB UID Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfeilckipmpkmoblecjildbpgdjjpnj [2015-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-13]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-08-12]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-10]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-10-12]
CHR Extension: (Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-13]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-13]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-30]
CHR Extension: (Cisco Webex Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-09]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04]
CHR Extension: (FreeConferenceCall.com Scheduler) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2018-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Arwen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
S2 KDService; C:\Program Files\KDService\bin\KDService.exe [529424 2018-05-24] (KYOCERA Document Solutions Inc. -> KYOCERA Document Solutions Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [37104 2017-11-29] (RealNetworks, Inc. -> RealNetworks, Inc.)
S4 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-12-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-01-31] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37320 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279336 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168896 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225816 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387688 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-12] (Malwarebytes Corporation -> Malwarebytes)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-10] (AnchorFree Inc -> Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-08-12] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-12 13:11 - 2019-08-12 13:11 - 002097664 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (2).exe
2019-08-12 11:26 - 2019-08-12 11:26 - 007623880 _____ (Malwarebytes) C:\Users\Arwen\Downloads\adwcleaner_7.4.exe
2019-08-12 11:22 - 2019-08-12 11:23 - 032828200 _____ (Adlice Software ) C:\Users\Arwen\Downloads\RogueKiller_setup_ref3 (2).exe
2019-08-12 11:22 - 2019-08-12 11:23 - 007623880 _____ (Malwarebytes) C:\Users\Arwen\Downloads\AdwCleaner (2).exe
2019-08-12 11:11 - 2019-08-12 11:11 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-12 11:03 - 2019-08-12 11:03 - 007623880 _____ (Malwarebytes) C:\Users\Arwen\Downloads\AdwCleaner (1).exe
2019-08-12 11:01 - 2019-08-12 11:01 - 000001224 _____ C:\Users\Arwen\Desktop\Malware log.txt
2019-08-12 10:32 - 2019-08-12 10:32 - 064988544 _____ (Malwarebytes ) C:\Users\Arwen\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11962.exe
2019-08-12 10:30 - 2019-08-12 10:30 - 032828200 _____ (Adlice Software ) C:\Users\Arwen\Downloads\RogueKiller_setup_ref3 (1).exe
2019-08-12 09:19 - 2019-08-12 11:34 - 000003138 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-08-12 09:19 - 2019-08-12 09:19 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-08-12 09:19 - 2019-08-12 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-08-12 09:16 - 2019-08-12 09:16 - 032828200 _____ (Adlice Software ) C:\Users\Arwen\Downloads\RogueKiller_setup_ref3.exe
2019-08-11 19:05 - 2019-08-11 19:05 - 000594269 _____ C:\Users\Arwen\Desktop\McAuliffe Residence II _ PERMIT 929 _ 08.08.2019.pdf
2019-08-11 12:47 - 2019-08-11 12:47 - 002097664 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (1).exe
2019-08-11 10:58 - 2019-08-12 11:00 - 000002984 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-08-11 10:58 - 2019-08-12 11:00 - 000002604 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-08-10 23:23 - 2019-08-10 23:23 - 000000726 _____ C:\Users\Arwen\Desktop\ESET Online Scanner.lnk
2019-08-10 23:22 - 2019-08-10 23:22 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (6).exe
2019-08-10 23:22 - 2019-08-10 23:22 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (5).exe
2019-08-10 23:22 - 2019-08-10 23:22 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (4).exe
2019-08-10 23:22 - 2019-08-10 23:22 - 000000825 _____ C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-08-09 08:47 - 2019-08-09 08:47 - 000410616 _____ C:\Users\Arwen\Downloads\doc01825320190808114912.pdf
2019-08-08 13:13 - 2019-08-08 13:13 - 000080772 _____ C:\Users\Arwen\Downloads\Swale Cross Section.pdf
2019-08-07 15:46 - 2019-08-07 15:46 - 000615614 _____ C:\Users\Arwen\Desktop\Lucania ~ Jones Residence I _ Proposal .pdf
2019-08-07 12:59 - 2019-08-07 12:59 - 000910587 _____ C:\Users\Arwen\Downloads\16-22680_permit.pdf
2019-08-07 12:59 - 2019-08-07 12:59 - 000910587 _____ C:\Users\Arwen\Downloads\16-22680_permit (1).pdf
2019-08-07 12:59 - 2019-08-07 12:59 - 000646411 _____ C:\Users\Arwen\Downloads\17-10299_PERMIT_AND_PAPERWORK (1).pdf
2019-08-07 12:58 - 2019-08-07 12:58 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605 (4).pdf
2019-08-07 12:57 - 2019-08-07 12:57 - 000094255 _____ C:\Users\Arwen\Downloads\04-00051_docb023 (1).pdf
2019-08-07 12:53 - 2019-08-07 12:53 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605 (3).pdf
2019-08-07 12:52 - 2019-08-07 12:52 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit (4).pdf
2019-08-05 11:13 - 2019-08-05 11:13 - 000312607 _____ C:\Users\Arwen\Downloads\0325939.pdf
2019-08-05 11:10 - 2019-08-05 11:10 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit.pdf
2019-08-05 11:10 - 2019-08-05 11:10 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit (3).pdf
2019-08-05 11:10 - 2019-08-05 11:10 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit (2).pdf
2019-08-05 11:10 - 2019-08-05 11:10 - 000249159 _____ C:\Users\Arwen\Downloads\07-11141_permit (1).pdf
2019-08-04 19:40 - 2019-08-04 19:40 - 001452787 _____ C:\Users\Arwen\Downloads\COLGATE_SURVEY.pdf
2019-08-01 10:58 - 2019-08-01 11:02 - 000000000 ____D C:\Users\Arwen\Desktop\Gonzalez ~ Ferraro
2019-07-31 13:19 - 2019-07-31 13:19 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (23).pdf
2019-07-30 11:59 - 2019-07-30 14:33 - 000000000 ____D C:\Users\Arwen\Desktop\HBP Photos
2019-07-30 10:31 - 2019-07-30 10:31 - 000054494 _____ C:\Users\Arwen\Downloads\SURV_1813693.pdf
2019-07-30 10:31 - 2019-07-30 10:31 - 000054494 _____ C:\Users\Arwen\Downloads\SURV_1813693 (2).pdf
2019-07-30 10:31 - 2019-07-30 10:31 - 000054494 _____ C:\Users\Arwen\Downloads\SURV_1813693 (1).pdf
2019-07-26 17:31 - 2019-07-26 17:31 - 001669381 _____ C:\Users\Arwen\Downloads\97-74529 (1).pdf
2019-07-26 17:31 - 2019-07-26 17:31 - 000208520 _____ C:\Users\Arwen\Downloads\SURVEY_1901394 (5).pdf
2019-07-26 17:28 - 2019-07-26 17:28 - 000273844 _____ C:\Users\Arwen\Downloads\18-29955_plan (8).pdf
2019-07-26 17:26 - 2019-07-26 17:26 - 001993272 _____ C:\Users\Arwen\Downloads\41075 (8).pdf
2019-07-26 17:25 - 2019-07-26 17:25 - 000216768 _____ C:\Users\Arwen\Downloads\SURVEY_1901458 (4).pdf
2019-07-26 17:25 - 2019-07-26 17:25 - 000216768 _____ C:\Users\Arwen\Downloads\SURVEY_1901458 (3).pdf
2019-07-26 17:24 - 2019-07-26 17:24 - 000055357 _____ C:\Users\Arwen\Downloads\04-40560_docb073 (2).pdf
2019-07-26 17:23 - 2019-07-26 17:23 - 000273844 _____ C:\Users\Arwen\Downloads\18-29955_plan (7).pdf
2019-07-26 15:43 - 2019-07-26 15:43 - 000885338 _____ C:\Users\Arwen\Downloads\Re__Your_New_Pool_Design_and_Proposal.zip
2019-07-26 11:46 - 2019-07-26 11:46 - 000000000 ____D C:\Users\Arwen\Desktop\Recipe Books
2019-07-26 09:12 - 2019-07-26 09:12 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605 (2).pdf
2019-07-26 09:11 - 2019-07-26 09:11 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605 (1).pdf
2019-07-25 15:08 - 2019-07-25 15:08 - 000194141 _____ C:\Users\Arwen\Downloads\03613776.pdf
2019-07-25 15:08 - 2019-07-25 15:08 - 000194141 _____ C:\Users\Arwen\Downloads\03613776 (1).pdf
2019-07-25 15:07 - 2019-07-25 15:07 - 000646411 _____ C:\Users\Arwen\Downloads\17-10299_PERMIT_AND_PAPERWORK.pdf
2019-07-25 15:06 - 2019-07-25 15:06 - 000756376 _____ C:\Users\Arwen\Downloads\0400051.pdf
2019-07-25 15:06 - 2019-07-25 15:06 - 000756376 _____ C:\Users\Arwen\Downloads\0400051 (1).pdf
2019-07-25 15:05 - 2019-07-25 15:05 - 000094255 _____ C:\Users\Arwen\Downloads\04-00051_docb023.pdf
2019-07-24 15:44 - 2019-07-24 15:44 - 000587839 _____ C:\Users\Arwen\Downloads\0402565 (2).pdf
2019-07-24 15:44 - 2019-07-24 15:44 - 000587839 _____ C:\Users\Arwen\Downloads\0402565 (1).pdf
2019-07-24 15:43 - 2019-07-24 15:43 - 000587839 _____ C:\Users\Arwen\Downloads\0402565.pdf
2019-07-24 15:43 - 2019-07-24 15:43 - 000070283 _____ C:\Users\Arwen\Downloads\04-02565_docbcc137.pdf
2019-07-24 15:43 - 2019-07-24 15:43 - 000070283 _____ C:\Users\Arwen\Downloads\04-02565_docbcc137 (1).pdf
2019-07-24 15:42 - 2019-07-24 15:42 - 000207152 _____ C:\Users\Arwen\Downloads\13-03663_permit.pdf
2019-07-24 15:41 - 2019-07-24 15:41 - 000376420 _____ C:\Users\Arwen\Downloads\0322832.pdf
2019-07-24 15:40 - 2019-07-24 15:40 - 002221186 _____ C:\Users\Arwen\Downloads\91-08605.pdf
2019-07-24 15:32 - 2019-07-24 15:32 - 000649885 _____ C:\Users\Arwen\Downloads\0232043.pdf
2019-07-23 15:42 - 2019-07-24 15:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-07-23 15:21 - 2019-07-23 15:22 - 179283504 _____ (Adobe Systems Incorporated) C:\Users\Arwen\Downloads\AcroRdrDC1901220034_en_US (2).exe
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (8).zip
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (7).zip
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (6).zip
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (5).zip
2019-07-23 15:05 - 2019-07-23 15:05 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (4).zip
2019-07-23 15:04 - 2019-07-23 15:04 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (3).zip
2019-07-23 15:02 - 2019-07-23 15:02 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (2).zip
2019-07-23 15:02 - 2019-07-23 15:02 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015 (1).zip
2019-07-23 15:01 - 2019-07-23 15:01 - 000480177 _____ C:\Users\Arwen\Downloads\AdobeAcroCleaner_DC2015.zip
2019-07-23 14:56 - 2019-07-23 14:56 - 179283504 _____ (Adobe Systems Incorporated) C:\Users\Arwen\Downloads\AcroRdrDC1901220034_en_US (1).exe
2019-07-23 13:05 - 2019-07-23 13:06 - 179283504 _____ (Adobe Systems Incorporated) C:\Users\Arwen\Downloads\AcroRdrDC1901220034_en_US.exe
2019-07-23 11:43 - 2019-07-23 11:44 - 141015434 _____ C:\Users\Arwen\Downloads\AdbeRdr11000_mui_Std (2).zip
2019-07-23 11:41 - 2019-07-23 11:42 - 141015434 _____ C:\Users\Arwen\Downloads\AdbeRdr11000_mui_Std (1).zip
2019-07-23 11:40 - 2019-07-23 11:41 - 141015434 _____ C:\Users\Arwen\Downloads\AdbeRdr11000_mui_Std.zip
2019-07-23 11:20 - 2019-07-23 11:20 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (6).pdf
2019-07-23 11:19 - 2019-07-23 11:19 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (5).pdf
2019-07-23 11:18 - 2019-07-23 11:18 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (4).pdf
2019-07-23 11:01 - 2019-07-23 11:01 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard.pdf
2019-07-23 11:01 - 2019-07-23 11:01 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (3).pdf
2019-07-23 11:01 - 2019-07-23 11:01 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (2).pdf
2019-07-23 11:01 - 2019-07-23 11:01 - 000211394 _____ C:\Users\Arwen\Downloads\19-06430_formboard (1).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (22).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (21).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (20).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (19).pdf
2019-07-23 11:00 - 2019-07-23 11:00 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (18).pdf
2019-07-23 10:46 - 2019-07-23 10:46 - 000415455 _____ C:\Users\Arwen\Downloads\0415804 (1).pdf
2019-07-23 10:45 - 2019-07-23 10:45 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (17).pdf
2019-07-23 10:45 - 2019-07-23 10:45 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (16).pdf
2019-07-23 10:45 - 2019-07-23 10:45 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (15).pdf
2019-07-23 10:44 - 2019-07-23 10:44 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (14).pdf
2019-07-23 10:43 - 2019-07-23 10:43 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (13).pdf
2019-07-23 10:43 - 2019-07-23 10:43 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (12).pdf
2019-07-23 10:42 - 2019-07-23 10:42 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (11).pdf
2019-07-23 10:40 - 2019-07-23 10:40 - 000415455 _____ C:\Users\Arwen\Downloads\0415804.pdf
2019-07-23 10:40 - 2019-07-23 10:40 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (9).pdf
2019-07-23 10:40 - 2019-07-23 10:40 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (8).pdf
2019-07-23 10:40 - 2019-07-23 10:40 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (10).pdf
2019-07-23 10:39 - 2019-07-23 10:39 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (7).pdf
2019-07-23 10:39 - 2019-07-23 10:39 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (6).pdf
2019-07-23 10:39 - 2019-07-23 10:39 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (5).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 001045319 _____ C:\Users\Arwen\Downloads\0301720.pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 001045319 _____ C:\Users\Arwen\Downloads\0301720 (2).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 001045319 _____ C:\Users\Arwen\Downloads\0301720 (1).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (4).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (3).pdf
2019-07-23 10:38 - 2019-07-23 10:38 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (2).pdf
2019-07-23 10:37 - 2019-07-23 10:37 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan.pdf
2019-07-23 10:37 - 2019-07-23 10:37 - 000212556 _____ C:\Users\Arwen\Downloads\11-08484_plan (1).pdf
2019-07-18 11:54 - 2019-07-18 12:05 - 000000000 ____D C:\Users\Arwen\Desktop\Card Dump _ 07.18.2019
2019-07-18 11:16 - 2019-07-18 11:16 - 001669381 _____ C:\Users\Arwen\Downloads\97-74529.pdf
2019-07-18 09:46 - 2019-07-18 09:46 - 000048026 _____ C:\Users\Arwen\Downloads\Biz Card_1.pdf
2019-07-17 04:47 - 2019-08-11 11:01 - 000000000 ____D C:\Users\Arwen\Desktop\McAuliffe
2019-07-16 23:44 - 2019-07-16 23:45 - 000208520 _____ C:\Users\Arwen\Downloads\SURVEY_1901394 (4).pdf
2019-07-15 14:29 - 2019-07-30 11:53 - 000000000 ____D C:\Users\Arwen\Desktop\My Pools _ HBP

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-12 13:13 - 2017-05-25 20:27 - 000044376 _____ C:\Users\Arwen\Downloads\FRST.txt
2019-08-12 13:11 - 2017-05-25 20:26 - 000000000 ____D C:\FRST
2019-08-12 13:09 - 2018-07-04 23:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-12 11:59 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-12 11:25 - 2013-01-22 12:58 - 000000000 ____D C:\ProgramData\AVAST Software
2019-08-12 11:18 - 2018-07-04 23:46 - 000005806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-12 11:14 - 2014-10-12 23:51 - 000000000 __SHD C:\Users\Arwen\IntelGraphicsProfiles
2019-08-12 11:10 - 2018-07-05 00:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-12 11:10 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-12 11:08 - 2013-12-09 19:43 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2019-08-12 11:08 - 2012-09-04 02:24 - 000000000 ____D C:\Program Files (x86)\Samsung
2019-08-12 11:05 - 2017-05-30 10:26 - 000000000 ____D C:\AdwCleaner
2019-08-12 11:00 - 2019-03-01 04:33 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-12 11:00 - 2018-07-05 00:00 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA1d35e28b249f63f
2019-08-12 11:00 - 2018-07-05 00:00 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-08-12 11:00 - 2018-07-05 00:00 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-08-12 11:00 - 2018-07-05 00:00 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA
2019-08-12 11:00 - 2018-07-05 00:00 - 000003286 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core1d35e28b237dd8d
2019-08-12 11:00 - 2018-07-05 00:00 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-08-12 11:00 - 2018-07-05 00:00 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-08-12 11:00 - 2018-07-05 00:00 - 000003070 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF6E7FF6-A826-4FA6-A008-42C24AD91130}
2019-08-12 11:00 - 2018-07-05 00:00 - 000003040 _____ C:\WINDOWS\System32\Tasks\FaxArchive_CN2BD211XW05S1
2019-08-12 11:00 - 2018-07-05 00:00 - 000003020 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core
2019-08-12 11:00 - 2018-07-05 00:00 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3548505277-2733688421-2640094488-1001
2019-08-12 11:00 - 2018-07-05 00:00 - 000002750 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec
2019-08-12 11:00 - 2018-07-05 00:00 - 000002642 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001
2019-08-12 11:00 - 2018-07-05 00:00 - 000002514 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001
2019-08-12 11:00 - 2018-07-05 00:00 - 000002502 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet 4620 series
2019-08-12 11:00 - 2018-07-05 00:00 - 000002496 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2019-08-12 11:00 - 2018-07-05 00:00 - 000002458 _____ C:\WINDOWS\System32\Tasks\WLANStartup
2019-08-12 11:00 - 2018-07-05 00:00 - 000002312 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check
2019-08-12 11:00 - 2018-07-05 00:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-08-12 09:20 - 2015-03-17 22:56 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-08-12 09:20 - 2015-03-17 22:56 - 000000000 ____D C:\ProgramData\RogueKiller
2019-08-12 09:19 - 2017-05-25 21:19 - 000000000 ____D C:\Program Files\RogueKiller
2019-08-12 09:17 - 2017-05-25 20:28 - 000030289 _____ C:\Users\Arwen\Downloads\Addition.txt
2019-08-11 18:51 - 2018-10-15 14:07 - 000000000 ____D C:\scans2
2019-08-11 11:00 - 2018-07-03 01:39 - 000000000 ____D C:\Users\Arwen\Desktop\PRO
2019-08-10 22:49 - 2018-07-04 23:30 - 000002403 _____ C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-10 22:49 - 2014-10-12 23:59 - 000000000 ___RD C:\Users\Arwen\OneDrive
2019-08-10 22:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-10 10:51 - 2018-07-04 23:30 - 000000000 ____D C:\Users\Arwen
2019-08-08 18:35 - 2013-07-12 13:33 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-07 22:30 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-07 22:19 - 2018-08-23 21:25 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-08-07 14:29 - 2012-12-16 22:21 - 000000000 ____D C:\Users\Arwen\AppData\Local\CrashDumps
2019-08-07 09:36 - 2018-11-21 09:01 - 000000000 ____D C:\Users\Arwen\Desktop\Pending
2019-08-07 09:35 - 2019-03-24 15:38 - 000000000 ____D C:\Users\Arwen\Desktop\McWhorter
2019-08-05 11:18 - 2014-02-13 12:25 - 000387688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-08-04 18:50 - 2018-11-16 13:04 - 000000000 ____D C:\Program Files\rempl
2019-07-31 11:27 - 2019-06-25 17:58 - 000168896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-07-31 11:27 - 2014-02-13 12:25 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-07-26 11:48 - 2019-03-10 17:45 - 000000000 ____D C:\Users\Arwen\Desktop\POOLS 2019
2019-07-23 15:43 - 2018-11-21 09:01 - 000000000 ____D C:\Users\Arwen\Desktop\SOLD
2019-07-23 15:42 - 2016-02-13 19:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-07-23 13:10 - 2019-05-27 20:43 - 000000000 ____D C:\Users\Arwen\Desktop\Photos
2019-07-23 13:04 - 2014-07-07 17:49 - 000000000 ____D C:\Users\Arwen\AppData\Local\Adobe
2019-07-21 22:04 - 2014-02-12 07:05 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-21 22:03 - 2016-02-16 03:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories ================

2019-03-01 04:24 - 2019-03-01 04:24 - 000001477 _____ () C:\Users\Arwen\AppData\Local\recently-used.xbel

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by Arwen (12-08-2019 13:13:50)
Running from C:\Users\Arwen\Downloads
Windows 10 Home Version 1803 17134.885 (X64) (2018-07-05 04:01:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3548505277-2733688421-2640094488-500 - Administrator - Disabled)
Arwen (S-1-5-21-3548505277-2733688421-2640094488-1001 - Administrator - Enabled) => C:\Users\Arwen
DefaultAccount (S-1-5-21-3548505277-2733688421-2640094488-503 - Limited - Disabled)
Guest (S-1-5-21-3548505277-2733688421-2640094488-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3548505277-2733688421-2640094488-1049 - Limited - Enabled)
scans (S-1-5-21-3548505277-2733688421-2640094488-1051 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3548505277-2733688421-2640094488-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBulkMailer (HKLM-x32\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 8.5 - Advanced Business Objects)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Art Explosion Publisher Pro Silver Edition (HKLM-x32\...\{C62D7344-8709-4443-9C95-F90659CBC27F}) (Version: 1.0.0.8 - Nova Development)
Autodesk DWG TrueView 2019 - English (HKLM\...\DWG TrueView 2019 - English) (Version: 23.0.46.0 - Autodesk)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software)
Avast Driver Updater (HKLM-x32\...\{630C3D8E-2BEE-465F-9E59-BB069ED10761}) (Version: 2.5.6 - AVAST Software) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Chromium (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DWG TrueView 2019 - English (HKLM\...\{28B89EEF-2028-0409-0100-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 41450 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 5.0.1120 - KYOCERA Document Solutions Inc.)
KYOCERA Status Monitor 5 (HKLM\...\{24EE7F6D-C648-463f-9E71-DC5FD2258D17}) (Version: 5.0.6015 - KYOCERA Document Solutions Inc.)
ListExtractor (HKLM-x32\...\{9BDEFE48-95D2-45A7-AC9F-B9CECC0E8E42}) (Version: 2.00.0000 - AtPacific)
Luxor 3 (HKLM-x32\...\BFG-Luxor 3) (Version: - )
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Print Artist Platinum 24 (HKLM-x32\...\{7568CBAC-FC7F-4EE9-8CAC-B4274FC93B4E}) (Version: 24.0.1.2 - Nova Development)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RealDownloader (HKLM-x32\...\{EAC491EB-9FD9-4B6A-A277-047C7DE2C4B4}) (Version: 18.1.10.217 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.10 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.0 - Samsung Electronics CO., LTD.)
RogueKiller version 13.4.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.4.2.0 - Adlice Software)
SE3D_Installer (HKLM-x32\...\{B717245E-8A7C-4ABF-B383-2930A5AD9555}) (Version: 2.2.23.0 - Structure Studios) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHA Premium Quotation System (HKLM-x32\...\SHA Premium Quotation System) (Version: Version 2.1 - USHEALTH)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{F7C13D74-E0FD-4A76-896A-E8687769767D}) (Version: 7.5.0.127 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Structure Studios SE3D 2 (HKLM-x32\...\{f34fdbb4-7449-4b2e-89e5-0c15c7190665}) (Version: 2.2.23.0 - Structure Studios)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411D}) (Version: 23.0.13300 - Corel Corporation)

Packages:
=========
Adera -> C:\Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe [2014-10-14] (Microsoft Studios)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Google -> C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_2.1.19.0_x64__yfg5n0ztvskxp [2017-07-27] (Google Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-20] (HP Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2018-05-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2018-05-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw [2019-07-29] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.)
PhotoEditor -> C:\Program Files\WindowsApps\6E04A0BD.PhotoEditor_1.0.0.37_neutral__ez4k4b2fwzhzt [2013-01-30] (SAMSUNG ELECTRONICS CO,. LTD.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation)
S Camera -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SCamera_1.0.1903.26021_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
S Gallery -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SGallery_1.0.1903.26021_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
S Player -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SPlayer_1.0.2216.21222_x86__h7cwzt5medr84 [2014-08-11] (CYBERLINKCOM)
Samsung Signature Store -> C:\Program Files\WindowsApps\128374E71F94E.SamsungStore_1.0.2.815_neutral__9sy8ehn46reqm [2012-12-16] (Digital River, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Zuma Revenge! -> C:\Program Files\WindowsApps\22669SuperFreeHotGames.ZumaRevenge_2.5.0.0_x64__ztn9gjgw8wrhe [2019-07-04] (Super Free Hot Games) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{0825CC0E-34BD-4FE4-B78D-EF6582A94B6A}\InprocServer32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\GatewayActiveX-x64.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\en-US\dwgviewrficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\dwgviewr.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2018-01-30] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2018-01-30] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-30] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-12-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Arwen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-07-17 15:50 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2016-07-12 16:33 - 2013-12-05 23:05 - 000179712 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMBMDE.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:59846E5E [446]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\evolvondemand.net -> hxxps://transcom.evolvondemand.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\vanillasoft.net -> hxxps://vanillasoft.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2019-01-20 04:01 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arwen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\blue_chameleon.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

 

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "ReminderApp_EEAC3053-7055-4143-B8A0-306758055099"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "HP Officejet 4620 series (NET)"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "eyeBeam SIP Client"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "MobileAppSync"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A05F996A-DFF2-4DBB-BB7B-6213C42CCB38}] => (Allow) LPort=9444
FirewallRules: [{FB20C203-237D-4AAA-8145-14677711D0F2}] => (Allow) LPort=9244
FirewallRules: [{DFA7C63E-6E6F-4733-AA36-61E968113BBB}] => (Allow) LPort=3702
FirewallRules: [{FD99183D-808A-4608-8C89-AB567A2962D9}] => (Allow) LPort=9247
FirewallRules: [{EE0FA760-C9FE-4FB1-96E3-B8FDCC0CD2BA}] => (Allow) LPort=9246
FirewallRules: [{88685F0B-6B08-44F8-BC31-D7871A661965}] => (Allow) LPort=9245
FirewallRules: [{20E7F0C6-043C-4966-A82C-F02D75B34E9F}] => (Allow) LPort=9422
FirewallRules: [UDP Query User{C7A6B246-6029-45FB-9C56-91DF3EA9606D}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Allow) C:\program files (x86)\microsoft silverlight\sllauncher.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5547B77C-F52E-4D7D-8BBA-BC0DA696B906}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Allow) C:\program files (x86)\microsoft silverlight\sllauncher.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B57F6A28-6920-4F77-A75A-FCB3FB40A696}C:\users\arwen\documents\wpf\dynamic\1.2.3\softphone.exe] => (Block) C:\users\arwen\documents\wpf\dynamic\1.2.3\softphone.exe No File
FirewallRules: [TCP Query User{2A9CD1BA-9AAB-496C-B494-1A7BEEB32C99}C:\users\arwen\documents\wpf\dynamic\1.2.3\softphone.exe] => (Block) C:\users\arwen\documents\wpf\dynamic\1.2.3\softphone.exe No File
FirewallRules: [UDP Query User{3AAD7360-9D41-4F80-A214-7693FEBF5197}C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe] => (Allow) C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe (Chase Data Corporation -> ChaseData) [File not signed]
FirewallRules: [TCP Query User{A29AFC7B-3E25-4483-A5FA-0E78546E91FF}C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe] => (Allow) C:\users\arwen\documents\wpf\dynamic\1.2.1\softphone.exe (Chase Data Corporation -> ChaseData) [File not signed]
FirewallRules: [{9DCB8878-D257-4603-842F-3FBEDF56723D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3AC79786-79B8-4A5D-9E78-7302C16ED780}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{A37F0A12-6BDF-4469-A8D2-755EBA9B8FC5}C:\users\arwen\kodi\kodi.exe] => (Allow) C:\users\arwen\kodi\kodi.exe No File
FirewallRules: [TCP Query User{E0BB190D-654A-49BD-A81C-5933829A0D70}C:\users\arwen\kodi\kodi.exe] => (Allow) C:\users\arwen\kodi\kodi.exe No File
FirewallRules: [{87F7ACBE-C5B0-4702-AC7D-DFEA5BB85994}] => (Allow) C:\Users\Arwen\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{35C62B24-008C-47F3-8842-CD26973164D8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{BD31835B-F3F4-44B4-9E61-9321DD1C0B1A}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe No File
FirewallRules: [TCP Query User{F30DBDEB-139B-4448-A1FD-462F3C70FDF1}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe No File
FirewallRules: [UDP Query User{2669B789-2724-4AEE-955C-47B057D19522}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe No File
FirewallRules: [TCP Query User{835DE832-FED2-47EE-9F44-1CC3F943C203}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe No File
FirewallRules: [{537DE16A-DE03-4780-8EE2-65CE35CB3509}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{E76076D8-B77B-4717-8927-F0FCC8D3ACBA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{E5BDA255-2693-4BA1-A18C-DDDCFC6447C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{475845B5-8E58-4B86-9021-F02FE930CAFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BE4847A3-39DA-4D16-9341-FC190F8C5255}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{9A233B96-B59A-4837-AAF0-6F73C8FCFFE3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{75A7B777-C639-4F54-B838-0616DF7E3EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{897FCBF3-3082-48C3-9C78-0351D95DF122}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{F43B2C4C-F5EA-4363-9415-ECF9FAFFC407}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [TCP Query User{AF65212D-E559-4D49-819C-46656D5E5574}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe No File
FirewallRules: [UDP Query User{34DCC5C5-F507-4750-A702-89C5C976901A}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe No File
FirewallRules: [TCP Query User{6FB881D4-3548-4915-9B65-EFCF834D023F}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe No File
FirewallRules: [UDP Query User{D20A30A3-E10B-455C-964E-F3168399D131}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe No File
FirewallRules: [TCP Query User{D10F29B3-A1D4-4199-A79A-1D8F9E6A3498}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [UDP Query User{E920F795-8C2E-47C2-8BC7-AD34E45AB82E}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{7FC20502-F09E-4883-B32D-33DB7A6F7BB1}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe (APL, INC.) [File not signed]
FirewallRules: [UDP Query User{FDB83730-E44D-42BA-B0BE-7325D05CFF85}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{47220578-96A8-48BC-8FA9-81CD8483B8B9}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [UDP Query User{2A1AB145-840C-4E4B-A732-E6AEA182B799}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe (APL, INC.) [File not signed]
FirewallRules: [TCP Query User{EE9B6915-CE09-48C0-B34A-B48F9C88A47D}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe No File
FirewallRules: [UDP Query User{B8A52E80-E47F-4A31-8652-BBD0C01845C3}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe No File
FirewallRules: [{C70516C4-682D-4C00-AEBA-9516CDE43654}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{1CBD6BF6-C91F-4AD7-B790-05962F10B60D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{89291383-A2BC-4BA5-827A-07C7D77C1058}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe No File
FirewallRules: [{48A033F5-76D1-48E1-A766-66C38E6AB5EE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe No File
FirewallRules: [{A715A783-E8A3-41C6-A5D1-91D53A40F5F6}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe No File
FirewallRules: [{AD505DC0-F9C7-4705-A44A-AE403692F7A1}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe No File
FirewallRules: [{2DE15FEF-6E01-428D-A182-546B170AAE15}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File
FirewallRules: [{5E8A3DB7-6CD0-49AA-BEA6-1C2C78F8BD92}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File
FirewallRules: [{A815C66B-2F5A-4DC6-8E6A-8422AAD9968A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A256DE0D-91C4-4813-8D37-4094F0093856}] => (Allow) LPort=2869
FirewallRules: [{BC33BA8B-43DA-4101-A7EF-C845A5EE9C1B}] => (Allow) LPort=1900
FirewallRules: [{FA9129FF-73AD-4F17-A3E4-08C387470DC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1F94449-8AEC-4E3A-8DE8-DBCDD44097B6}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{060EE5CE-E754-4068-A9F0-DB0B1E52745D}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6A0B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{A96936A1-718D-4199-9428-17A856DD2034}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6A0B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{48C0F54D-90C5-4C58-A35A-F89CE471DCAB}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS01AB\HPDiagnosticCoreUI.exe No File
FirewallRules: [{E2EF637B-0A93-4615-B67B-075AF757B145}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS01AB\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D30358D4-C296-44E2-B7C4-AF6483584874}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS34AE\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C4AC9F0E-858B-4AA0-BB14-05790415AD7A}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS34AE\HPDiagnosticCoreUI.exe No File
FirewallRules: [{3EAA0162-F9A5-42C5-81B5-2183153AF1C3}] => (Allow) C:\Users\Arwen\AppData\Roaming\Zoom\bin\Zoom.exe No File
FirewallRules: [{2EA059D6-344A-459C-837D-6FF78927AE5C}] => (Allow) C:\Users\Arwen\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{CDF90023-4E0C-4594-BF52-6183EDB3B776}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

23-07-2019 11:48:01 Removed Adobe Acrobat Reader DC.
31-07-2019 17:34:21 Scheduled Checkpoint
04-08-2019 18:45:51 Windows Update
12-08-2019 08:44:25 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2019 11:18:17 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/12/2019 11:18:17 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/10/2019 10:50:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x50376629
Faulting module name: EasySettingsBase.dll, version: 0.0.0.0, time stamp: 0x5039da3f
Exception code: 0xc000041d
Fault offset: 0x00001610
Faulting process id: 0xb0c
Faulting application start time: 0x01d54f8b7eb0eeff
Faulting application path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
Faulting module path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
Report Id: 14f02706-abbd-40cc-8905-d8e34f096f76
Faulting package full name:
Faulting package-relative application ID:

Error: (08/10/2019 10:49:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x50376629
Faulting module name: EasySettingsBase.dll, version: 0.0.0.0, time stamp: 0x5039da3f
Exception code: 0xc0000005
Fault offset: 0x00001610
Faulting process id: 0xb0c
Faulting application start time: 0x01d54f8b7eb0eeff
Faulting application path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
Faulting module path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
Report Id: 33e24d65-d8cd-4160-8ae4-385c1cef5a7a
Faulting package full name:
Faulting package-relative application ID:

Error: (08/10/2019 10:33:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/10/2019 10:33:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/10/2019 10:30:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/10/2019 10:30:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (08/12/2019 11:28:26 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (08/12/2019 11:24:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/12/2019 11:23:10 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (08/12/2019 11:20:57 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (08/12/2019 11:20:50 AM) (Source: DCOM) (EventID: 10016) (User: THEONE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user TheOne\Arwen SID (S-1-5-21-3548505277-2733688421-2640094488-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/12/2019 11:19:44 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.

Error: (08/12/2019 11:19:18 AM) (Source: DCOM) (EventID: 10001) (User: THEONE)
Description: Unable to start a DCOM Server: Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca

Error: (08/12/2019 11:19:17 AM) (Source: DCOM) (EventID: 10001) (User: THEONE)
Description: Unable to start a DCOM Server: Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca as Unavailable/Unavailable. The error:
"298"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca


CodeIntegrity:
===================================

Date: 2019-08-12 10:47:53.291
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-12 10:47:52.053
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-12 10:47:50.822
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-12 10:47:49.114
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-12 10:47:47.938
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-12 10:47:46.693
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-12 10:47:45.464
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-12 10:47:23.522
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P02ABE 08/24/2012
Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP350E7C-A01US
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 61%
Total physical RAM: 8083.5 MB
Available physical RAM: 3134.32 MB
Total Virtual: 15251.5 MB
Available Virtual: 9962.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.58 GB) (Free:728.56 GB) NTFS

\\?\Volume{b98955a8-b61a-418a-8b15-55d68631086a}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
\\?\Volume{1f808df2-4ce7-4b0b-8cd4-ad4f9b3c3067}\ () (Fixed) (Total:0.92 GB) (Free:0.42 GB) NTFS
\\?\Volume{c3ab75b8-3ab2-49ef-9c79-6f83d9e2e80b}\ (SAMSUNG_REC2) (Fixed) (Total:22.11 GB) (Free:0.99 GB) NTFS
\\?\Volume{354f307c-2e13-46a4-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.29 GB) FAT32
\\?\Volume{0802c3af-e7db-4cb4-8bb4-24a1348c0432}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A56C4F25)

Partition: GPT.

==================== End of Addition.txt ============================

 

FRST and FixList ..both on Desktop, but I get an error...No fixlist.txt found

 

Ah, so... will fix