Slowness /Unusual beeping / Self-starts when put to sleep

Hi there

Computer has been intermittently slow in general operation, browsing at times has been quite slow, unusual beeping sounds have also been heard, and sometimes when the computer has ben put into sleep mode and the lid placed down, the computer will start up of its own accord to login screen even with lid fully closed.

Is a Lenovo X1 Carbon 6^th Gen.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021Ran by Shamus (ATTENTION: The user is not administrator) on LAPTOP-N0NM7SOC (LENOVO 20KHS00900) (13-11-2021 20:00:02)Running from D:\Installers\FRSTLoaded Profiles: Fred & ShamusPlatform: Microsoft Windows 10 Pro Version 21H1 19043.1348 (X64) Language: English (United Kingdom)Default browser: FFBoot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe <3>(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe(ENTER S.R.L. -> Enter Srl) C:\Users\Shamus\Desktop\BakSyncImgTrnsf\Iperius.exe(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.exe(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_bddd75c806b28a5c\igfxEM.exe(Kenneth Skovhede -> Duplicati Team) C:\Program Files\Duplicati 2\Duplicati.GUI.TrayIcon.exe <2>(Key for TBT Legacy Driver -> Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\Thunderbolt.exe(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tposd.exe(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.Amd64.exe(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <2>(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.x86.exe(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe(nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exeFailed to access process -> ABService.exeFailed to access process -> aesm_service.exeFailed to access process -> AgentService.exeFailed to access process -> ApsInsSvc.exeFailed to access process -> aswEngSrv.exeFailed to access process -> aswidsagent.exeFailed to access process -> AVGSvc.exeFailed to access process -> avgToolsSvc.exeFailed to access process -> conhost.exeFailed to access process -> conhost.exeFailed to access process -> csrss.exeFailed to access process -> csrss.exeFailed to access process -> DAX3API.exeFailed to access process -> dllhost.exeFailed to access process -> dragon_updater.exeFailed to access process -> DriverUpdSvc.exeFailed to access process -> dwm.exeFailed to access process -> EFRService.exeFailed to access process -> esif_uf.exeFailed to access process -> EvtEng.exeFailed to access process -> FNPLicensingService64.exeFailed to access process -> fontdrvhost.exeFailed to access process -> fontdrvhost.exeFailed to access process -> GoogleCrashHandler.exeFailed to access process -> GoogleCrashHandler64.exeFailed to access process -> ibmpmsvc.exeFailed to access process -> icedragon_updater.exeFailed to access process -> ICM-Service-NET.exeFailed to access process -> igfxCUIService.exeFailed to access process -> IntelAudioService.exeFailed to access process -> IntelCpHDCPSvc.exeFailed to access process -> IntelCpHeciSvc.exeFailed to access process -> jhi_service.exeFailed to access process -> Lenovo.Modern.ImController.exeFailed to access process -> Lenovo.Vantage.AddinHost.Amd64.exeFailed to access process -> Lenovo.Vantage.AddinHost.exeFailed to access process -> LenovoVantageService.exeFailed to access process -> LITSSvc.exeFailed to access process -> LMS.exeFailed to access process -> lsass.exeFailed to access process -> nordvpn-service.exeFailed to access process -> OfficeClickToRun.exeFailed to access process -> OneApp.IGCC.WinService.exeFailed to access process -> openvpn-nordvpn.exeFailed to access process -> RAVBg64.exeFailed to access process -> RemediationService.exeFailed to access process -> RtkAudioService64.exeFailed to access process -> SBACipollaSrvHost.exeFailed to access process -> SchedulerService.exeFailed to access process -> SearchFilterHost.exeFailed to access process -> SearchIndexer.exeFailed to access process -> SecurityHealthService.exeFailed to access process -> services.exeFailed to access process -> SgrmBroker.exeFailed to access process -> shtctky.exeFailed to access process -> SmartStandby.exeFailed to access process -> smss.exeFailed to access process -> spoolsv.exeFailed to access process -> sqlwriter.exeFailed to access process -> ss_conn_service.exeFailed to access process -> ss_conn_service2.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> SynTPEnhService.exeFailed to access process -> tbtsvc.exeFailed to access process -> TESvc.exeFailed to access process -> tphkload.exeFailed to access process -> unsecapp.exeFailed to access process -> vmcompute.exeFailed to access process -> vsmon.exeFailed to access process -> wininit.exeFailed to access process -> winlogon.exeFailed to access process -> wlanext.exeFailed to access process -> WmiPrvSE.exeFailed to access process -> WmiPrvSE.exeFailed to access process -> WmiPrvSE.exeFailed to access process -> wsc_proxy.exeFailed to access process -> WUDFHost.exeFailed to access process -> WUDFHost.exeFailed to access process -> WUDFHost.exeFailed to access process -> WUDFHost.exeFailed to access process -> ZAARUpdateService.exeFailed to access process -> ZeroConfigService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [168376 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe [4003640 2021-10-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4231392 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)HKLM-x32\...\Run: [MTSM] => "C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe" --auto (No File)HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326152 2021-06-27] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Shamus\AppData\Local\Microsoft\Teams\Update.exe [2455256 2021-10-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe (No File)HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\Run: [Iperius Backup] => C:\Users\Shamus\Desktop\BakSyncImgTrnsf\Iperius.exe [81925440 2021-05-19] (ENTER S.R.L. -> Enter Srl)HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\IDE\devenv.exe [758176 2020-10-15] (Microsoft Corporation -> Microsoft Corporation)HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [221696 2021-03-14] (Bullzip) [File not signed]HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2202368 2019-11-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-04] (Google LLC -> Google LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati 2.lnk [2021-08-28]ShortcutTarget: Duplicati 2.lnk -> C:\Program Files\Duplicati 2\Duplicati.GUI.TrayIcon.exe (Kenneth Skovhede -> Duplicati Team)HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTIONHKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 103.86.96.100 103.86.99.100Tcpip\..\Interfaces\{07b2374e-4e7e-4036-8511-8835df10ff5b}: [DhcpNameServer] 103.86.96.100 103.86.99.100Tcpip\..\Interfaces\{193c4ec1-c6a3-4366-bede-8af92c1db548}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{1ac9620b-51d6-4807-b806-ce396875aa7d}: [DhcpNameServer] 150.204.1.3HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: =======Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]Edge DefaultProfile: DefaultEdge Profile: C:\Users\Shamus\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-13]Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Shamus\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-23]Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox:========FF DefaultProfile: o493t3bb.defaultFF DefaultProfile: 90w5t8pr.defaultFF ProfilePath: C:\Users\Shamus\AppData\Roaming\Mozilla\Firefox\Profiles\o493t3bb.default [2020-04-18]FF ProfilePath: C:\Users\Shamus\AppData\Roaming\Mozilla\Firefox\Profiles\si0tq5ix.default-release [2021-11-13]FF ProfilePath: C:\Users\Shamus\AppData\Roaming\Comodo\IceDragon\Profiles\90w5t8pr.default [2021-11-13]FF Homepage: Comodo\IceDragon\Profiles\90w5t8pr.default -> about:newtabFF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-24] (Oracle America, Inc. -> Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-24] (Oracle America, Inc. -> Oracle Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN) Chrome: =======CHR DefaultProfile: DefaultCHR Profile: C:\Users\Shamus\AppData\Local\Google\Chrome\User Data\Default [2021-11-13]CHR Notifications: Default -> hxxps://1.watch-video.net; hxxps://findmedia.bizCHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}CHR DefaultSearchKeyword: Default -> duckduckgo.comCHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtabCHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=listCHR Extension: (Malwarebytes Browser Guard) - C:\Users\Shamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-09]CHR Extension: (Chrome Web Store Payments) - C:\Users\Shamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-18]CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ApsInsSvc; C:\WINDOWS\System32\ApsInsSvc.exe [159432 2018-06-22] (Lenovo -> Lenovo.)R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [713656 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [460728 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8413296 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-05-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R2 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.7.0\ABService.exe [1080368 2021-10-29] (AOMEI International Network Limited -> AOMEI International Network Limited)R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [3274432 2021-04-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-04-19] (Check Point Software Technologies Ltd. -> )R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-04-19] (Check Point Software Technologies Ltd. -> )R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212448 2019-01-22] (Dolby Laboratories, Inc. -> )R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2259768 2021-09-22] (Comodo Security Solutions -> Comodo)R2 DriverUpdSvc; C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe [6581560 2021-10-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [2616792 2019-05-30] (Comodo Security Solutions, Inc. -> Comodo Inc.)R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)R2 LenovoSmartStandby; C:\WINDOWS\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_5c67d36ae277810f\SmartStandby.exe [327336 2019-12-11] (Lenovo -> Lenovo)R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)R2 LITSSVC; C:\WINDOWS\System32\LITSSvc.exe [997816 2021-09-01] (Lenovo -> Lenovo.)R3 lmhosts; C:\WINDOWS\System32\svchost.exe [57360 2021-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [904144 2021-09-02] (Lenovo -> Lenovo)S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-01] (Malwarebytes Inc -> Malwarebytes)R2 MTAgentService; C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe [783344 2021-01-28] (MiniTool Software Limited -> )R2 MTSchedulerService; C:\Program Files (x86)\MiniTool ShadowMaker\SchedulerService.exe [226800 2021-01-28] (MiniTool Software Limited -> )R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [57360 2021-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)R2 nsi; C:\WINDOWS\system32\svchost.exe [57360 2021-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18624 2021-03-29] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [137920 2021-04-09] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\TPHKLOAD.exe [465192 2021-03-30] (Lenovo -> Lenovo Group Limited)R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4575688 2021-06-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-29] (Microsoft Windows Publisher -> Microsoft Corporation)S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-29] (Microsoft Windows Publisher -> Microsoft Corporation)S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [1058504 2021-08-16] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-14] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [51936 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [129216 2021-06-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)S2 IDriveService; "C:\Program Files (x86)\IDriveWindows\id_service.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2019-05-14] (CHENGDU AOMEI Tech Co., Ltd. -> )R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [32176 2021-11-13] (AOMEI International Network Limited -> )R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35872 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [222264 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [372336 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [250456 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [99432 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [21960 2021-09-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41504 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [184800 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [539144 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107976 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83040 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [852352 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [557784 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [214496 2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317840 2021-11-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [476904 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [83248 2020-09-03] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [153040 2021-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [135984 2020-12-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [133416 2020-12-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\ISWKL.sys [56184 2021-01-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-11-13] (Malwarebytes Inc -> Malwarebytes)S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-13] (Malwarebytes Inc -> Malwarebytes)R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-06-08] (TEFINCOM S.A. -> )R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [42576 2021-06-13] (nordvpn s.a. -> TEFINCOM S.A.)R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-12-12] (Insecure.Com LLC -> Insecure.Com LLC.)S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-12-12] (Insecure.Com LLC -> Insecure.Com LLC.)R1 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38352 2021-09-02] (Lenovo -> Lenovo)R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20704 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2021-06-27] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-29] (Microsoft Windows -> Microsoft Corporation)S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-29] (Microsoft Windows -> Microsoft Corporation)S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-10-10] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)U3 iswSvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-13 19:59 - 2021-11-13 20:00 - 000000000 ____D C:\FRST2021-11-13 17:32 - 2021-11-13 17:32 - 000001994 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk2021-11-13 17:32 - 2021-11-09 21:54 - 000336824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe2021-11-13 16:58 - 2021-11-13 16:58 - 000000000 ___HD C:\$WinREAgent2021-11-13 13:46 - 2021-11-13 13:46 - 000032176 _____ C:\WINDOWS\system32\amwrtdrv.sys2021-11-13 13:46 - 2021-11-13 13:46 - 000000962 _____ C:\Users\Public\Desktop\AOMEI Backupper.lnk2021-11-13 13:46 - 2021-11-13 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper2021-11-13 13:46 - 2021-11-13 13:46 - 000000000 ____D C:\Program Files (x86)\AOMEI2021-11-13 13:46 - 2019-05-14 11:28 - 000051120 _____ C:\WINDOWS\system32\ambakdrv.sys2021-11-13 13:46 - 2016-12-21 22:52 - 000171952 _____ C:\WINDOWS\system32\ammntdrv.sys2021-11-13 13:32 - 2021-11-13 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec2021-11-13 13:32 - 2021-06-13 11:02 - 000042576 _____ (TEFINCOM S.A.) C:\WINDOWS\system32\Drivers\nordlwf.sys2021-11-13 13:32 - 2021-06-08 21:25 - 000105184 _____ C:\WINDOWS\system32\Drivers\NDivert.sys2021-11-13 13:31 - 2021-11-13 13:32 - 000000000 ____D C:\ProgramData\NordVPN2021-11-13 13:31 - 2021-11-13 13:32 - 000000000 ____D C:\Program Files\NordVPN2021-11-13 13:31 - 2021-11-13 13:31 - 000000000 ____D C:\Program Files\NordVPN network TUN2021-11-13 13:31 - 2021-11-13 13:31 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP2021-11-10 22:57 - 2021-11-13 15:58 - 000001024 ____H C:\SYSTAG.BIN2021-11-10 22:56 - 2021-11-13 18:25 - 000000432 _____ C:\WINDOWS\SysWOW64\winsevr.dat2021-11-10 22:56 - 2021-11-13 18:25 - 000000208 _____ C:\WINDOWS\SysWOW64\AbBakConfig.dat2021-11-10 22:56 - 2021-11-10 22:56 - 000000000 ____D C:\ProgramData\Aomei2021-11-10 15:45 - 2021-11-10 15:45 - 000151352 _____ C:\WINDOWS\system32\nmscrub.exe2021-11-10 15:45 - 2021-11-10 15:45 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim2021-11-10 15:44 - 2021-11-10 15:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe2021-11-10 15:44 - 2021-11-10 15:44 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe2021-11-10 15:44 - 2021-11-10 15:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe2021-11-10 08:56 - 2021-11-10 23:01 - 000000000 ____D C:\Program Files\Mozilla Firefox2021-11-09 21:54 - 2021-11-09 21:54 - 000214496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys2021-10-28 10:21 - 2021-10-28 10:21 - 000021633 _____ C:\Users\Shamus\Desktop\20211028_RACQ Bank transaction receipt.pdf2021-10-26 21:49 - 2021-10-26 21:49 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk2021-10-26 21:49 - 2021-10-26 21:49 - 000000000 ____D C:\Program Files\PCHealthCheck2021-10-26 21:25 - 2021-11-09 20:57 - 000000000 ____D C:\Users\Default\.dotnet2021-10-20 15:12 - 2021-11-13 17:41 - 000001186 _____ C:\WINDOWS\storelibdebug.txt2021-10-14 17:43 - 2021-10-14 17:43 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll2021-10-14 17:43 - 2021-10-14 17:43 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll2021-10-14 17:43 - 2021-10-14 17:43 - 000164176 _____ C:\WINDOWS\system32\cmdiag.exe2021-10-14 17:43 - 2021-10-14 17:43 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll2021-10-14 17:43 - 2021-10-14 17:43 - 000115200 _____ C:\WINDOWS\system32\cmimageworker.exe2021-10-14 17:43 - 2021-10-14 17:43 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll2021-10-14 17:42 - 2021-10-14 17:42 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll2021-10-14 17:42 - 2021-10-14 17:42 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll2021-10-14 17:42 - 2021-10-14 17:42 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys2021-10-14 16:28 - 2021-10-14 20:42 - 000000000 ____D C:\Users\Shamus\AppData\Roaming\vlc2021-10-14 16:27 - 2021-10-14 16:27 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk2021-10-14 16:27 - 2021-10-14 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2021-10-14 16:27 - 2021-10-14 16:27 - 000000000 ____D C:\Program Files (x86)\VideoLAN ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-13 19:32 - 2020-05-03 22:13 - 000000000 ____D C:\Users\Shamus\AppData\Local\D3DSCache2021-11-13 19:11 - 2020-01-11 17:29 - 000000000 ____D C:\Program Files (x86)\Google2021-11-13 19:09 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2021-11-13 18:34 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF2021-11-13 18:29 - 2021-03-12 17:49 - 000795742 _____ C:\WINDOWS\system32\PerfStringBackup.INI2021-11-13 18:25 - 2021-08-28 20:49 - 000000000 ____D C:\Users\Shamus\AppData\Local\Duplicati2021-11-13 18:24 - 2021-03-13 03:24 - 000000000 ____D C:\Intel2021-11-13 18:24 - 2021-03-12 17:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT2021-11-13 18:24 - 2020-12-29 08:13 - 000000000 ____D C:\ProgramData\AVG2021-11-13 18:24 - 2020-12-29 07:41 - 000533044 _____ C:\WINDOWS\ntbtlog.txt2021-11-13 18:24 - 2019-12-15 17:35 - 000000000 __SHD C:\Users\Shamus\IntelGraphicsProfiles2021-11-13 18:24 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\ServiceState2021-11-13 18:11 - 2021-06-06 14:24 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys2021-11-13 18:11 - 2020-12-14 19:07 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys2021-11-13 17:54 - 2019-12-15 17:38 - 000000000 ____D C:\Users\Shamus\AppData\Local\NordVPN2021-11-13 17:32 - 2020-12-29 08:16 - 000002006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk2021-11-13 17:32 - 2020-07-24 17:24 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk2021-11-13 17:32 - 2020-03-01 22:40 - 000000638 _____ C:\WINDOWS\Tasks\TrackerAutoUpdate.job2021-11-13 17:32 - 2020-01-11 17:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2021-11-13 17:32 - 2020-01-11 17:29 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk2021-11-13 17:32 - 2019-12-07 19:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP2021-11-13 17:32 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness2021-11-13 17:30 - 2019-12-15 17:37 - 000000000 ____D C:\Users\Shamus\AppData\LocalLow\Mozilla2021-11-13 17:15 - 2020-02-22 08:42 - 000000000 ____D C:\Program Files\pCloud Drive2021-11-13 17:15 - 2019-04-22 04:59 - 000000000 ____D C:\ProgramData\Package Cache2021-11-13 17:07 - 2019-09-28 20:38 - 000000000 ____D C:\ProgramData\Mozilla2021-11-13 17:02 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp2021-11-13 15:57 - 2019-12-15 18:08 - 000000000 ____D C:\ProgramData\AomeiBR2021-11-13 15:45 - 2021-03-12 17:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy2021-11-13 14:05 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps2021-11-13 13:22 - 2021-03-12 17:41 - 000000000 ____D C:\Users\Shamus2021-11-13 11:53 - 2021-03-12 17:41 - 000000000 ____D C:\Users\Fred2021-11-13 11:29 - 2021-01-02 11:18 - 000000000 ____D C:\Users\Shamus\AppData\Local\CrashDumps2021-11-13 11:24 - 2021-09-09 10:54 - 000000000 ____D C:\Users\Shamus\AppData\LocalLow\Comodo2021-11-10 23:01 - 2021-03-12 17:39 - 000651960 _____ C:\WINDOWS\system32\FNTCACHE.DAT2021-11-10 23:01 - 2019-09-28 20:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2021-11-10 23:00 - 2019-12-08 00:49 - 000000000 ___SD C:\WINDOWS\system32\AppV2021-11-10 23:00 - 2019-12-08 00:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection2021-11-10 23:00 - 2019-12-08 00:45 - 000000000 ____D C:\WINDOWS\en-GB2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\setup2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\Dism2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\ShellExperiences2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions2021-11-10 23:00 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr2021-11-10 23:00 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\servicing2021-11-10 22:50 - 2019-12-15 18:08 - 000001024 ____H C:\AMTAG.BIN2021-11-10 22:50 - 2019-12-15 18:07 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant2021-11-10 21:54 - 2020-12-29 08:15 - 000317840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys2021-11-10 15:54 - 2019-09-28 20:38 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk2021-11-10 15:37 - 2019-09-28 18:25 - 000000000 ____D C:\WINDOWS\system32\MRT2021-11-10 15:33 - 2019-09-28 18:25 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2021-11-10 09:31 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports2021-11-09 21:54 - 2020-12-29 08:15 - 000852352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000557784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000539144 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000372336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000250456 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000222264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000184800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000107976 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000099432 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000083040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000041504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys2021-11-09 21:54 - 2020-12-29 08:15 - 000035872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys2021-11-09 20:58 - 2020-10-14 21:50 - 000000000 ____D C:\Program Files (x86)\dotnet2021-11-09 20:56 - 2020-10-14 21:50 - 000000000 ____D C:\Program Files\dotnet2021-11-09 20:55 - 2020-07-24 16:10 - 000000000 ____D C:\Users\Shamus\AppData\Roaming\slobs-client2021-11-08 22:12 - 2020-04-18 14:03 - 000000000 ____D C:\WINDOWS\TempInst2021-11-06 07:48 - 2021-03-12 17:41 - 000002393 _____ C:\Users\Shamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2021-11-01 17:36 - 2021-02-22 10:08 - 000000000 ____D C:\Program Files\Microsoft Office2021-10-31 19:35 - 2019-12-15 17:39 - 000000000 ____D C:\Users\Shamus\AppData\Local\PlaceholderTileLogoFolder2021-10-31 18:03 - 2019-12-15 17:35 - 000000000 ____D C:\Users\Shamus\AppData\Local\Packages2021-10-28 10:06 - 2021-03-27 02:10 - 2614019996 ____N C:\WINDOWS\MEMORY.DMP2021-10-28 10:06 - 2021-03-27 02:10 - 000000000 ____D C:\WINDOWS\Minidump2021-10-24 14:32 - 2021-03-12 17:39 - 000008192 ___SH C:\DumpStack.log.tmp2021-10-24 10:46 - 2020-03-01 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2021-10-24 10:46 - 2020-03-01 10:15 - 000000000 ____D C:\Program Files (x86)\Java2021-10-24 10:45 - 2020-03-01 10:15 - 000164696 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll2021-10-14 17:48 - 2019-12-07 19:14 - 000000000 ___SD C:\WINDOWS\system32\UNP2021-10-14 17:48 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe2021-10-14 17:48 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns2021-10-14 17:48 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\DiagTrack2021-10-14 17:31 - 2021-03-27 07:30 - 000005080 _____ C:\WINDOWS\system32\InstallUtil.InstallLog2021-10-14 17:21 - 2021-08-26 08:30 - 000000000 ____D C:\Users\Shamus\Desktop\BakSyncImgTrnsf2021-10-14 16:22 - 2020-03-31 10:25 - 000000000 ____D C:\Program Files\VideoLAN2021-10-14 14:37 - 2020-04-19 14:54 - 000000000 ____D C:\Program Files\Streamlabs OBS ==================== Files in the root of some directories ======== 2021-04-12 18:56 - 2021-04-12 18:56 - 000000422 _____ () C:\Users\Shamus\AppData\Local\LMIR1013A001.tmp.bat2021-04-12 18:56 - 2021-04-12 18:56 - 000000347 _____ () C:\Users\Shamus\AppData\Local\LMIR1013A001.tmp_r.bat2021-02-14 08:22 - 2021-03-15 10:06 - 000000128 _____ () C:\Users\Shamus\AppData\Local\PUTTY.RND2021-08-01 18:23 - 2021-08-01 18:23 - 000000218 _____ () C:\Users\Shamus\AppData\Local\recently-used.xbel2021-02-27 13:00 - 2021-02-27 13:00 - 000000000 _____ () C:\Users\Shamus\AppData\Local\zenmap.exe.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.Access is denied. ==================== End of FRST.txt ========================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021Ran by Shamus (13-11-2021 20:02:06)Running from D:\Installers\FRSTMicrosoft Windows 10 Pro Version 21H1 19043.1348 (X64) (2021-03-12 07:47:51)Boot Mode: Normal============================================================================== Accounts: =============================(If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1251561051-1078964320-4203531199-500 - Administrator - Disabled)DefaultAccount (S-1-5-21-1251561051-1078964320-4203531199-503 - Limited - Disabled)Fred (S-1-5-21-1251561051-1078964320-4203531199-1001 - Administrator - Enabled) => C:\Users\FredGuest (S-1-5-21-1251561051-1078964320-4203531199-501 - Limited - Disabled)Shamus (S-1-5-21-1251561051-1078964320-4203531199-1002 - Limited - Enabled) => C:\Users\ShamusWDAGUtilityAccount (S-1-5-21-1251561051-1078964320-4203531199-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ZoneAlarm Free Firewall Firewall (Disabled) {8D637332-9C08-995E-98D7-8237936B0E9F}FW: ZoneAlarm Free Firewall Firewall (Enabled) {841A2C1E-F526-E32F-8E57-7FBF8B0698E4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.7.6 - Angry IP Scanner)AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:- AOMEI International Network Limited.)AOMEI Partition Assistant Standard Edition 8.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:- AOMEI Technology Co., Ltd.)Application Verifier x64 External Package (HKLM\...\{10CA1677-8F02-3131-F25C-780BAB52E468}) (Version: 10.1.18362.1 - Microsoft) HiddenAudacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.9.3209 - AVG Technologies)AVG Driver Updater (HKLM\...\AVG Driver Updater) (Version: 21.3.1814.4694 - AVG)balenaEtcher 1.5.115 (HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.115 - Balena Inc.)Bluefish 2.2.12rc2 (HKLM-x32\...\Bluefish) (Version: 2.2.12rc2 - The Bluefish Developers)Bullzip PDF Printer 12.2.0.2905 (HKLM\...\Bullzip PDF Printer_is1) (Version: 12.2.0.2905 - Bullzip)Check Point SBA (HKLM\...\{405209A1-63AA-4AB5-A6A9-4F088BA951A3}) (Version: 86.6.8560 - Check Point Software Technologies Ltd.) HiddenCisco Packet Tracer 7.1 64Bit (HKLM\...\Cisco Packet Tracer 7.1 64Bit_is1) (Version: 7.1.0.0222 - Cisco Systems, Inc.)ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) HiddenComodo Dragon (HKLM-x32\...\Comodo Dragon) (Version:92.0.4515.159 - Comodo)Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 65.0.2.15 - COMODO)DB Browser for SQLite (HKLM\...\{5211034D-495B-4A5E-9B8D-8961BBB2B9E2}) (Version: 3.12.2 - DB Browser for SQLite Team)Dia (remove only) (HKLM-x32\...\Dia) (Version:- )DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) HiddenDolby Atmos Windows API SDK (HKLM\...\{F4D219B3-8286-4FD5-A160-DFE90AD21695}) (Version: 1.1.9.33 - Dolby Laboratories, Inc.) HiddenDolby Atmos Windows APP (HKLM\...\{D539F055-FFE0-422D-8D57-0D9427E6ABA9}) (Version: 1.1.8.23 - Dolby Laboratories, Inc.) Hiddendraw.io 14.6.13 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 14.6.13 - JGraph)Duplicati 2 (HKLM\...\{D2A5D819-4FA0-493B-8D37-9531C659D95A}) (Version: 2.0.6.3 - Duplicati Team)Entity Framework 6.2.0 Toolsfor Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) HiddenFlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.47.0.4619 - Blueberry Software (UK) Ltd.)Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.8.2 - Open source)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)icecap_collection_neutral (HKLM-x32\...\{EEF3770F-1EEF-4AA4-94E7-4B1DEBEED8B6}) (Version: 16.7.30310 - Microsoft Corporation) Hiddenicecap_collection_x64 (HKLM\...\{1E36C98F-0653-495C-B28E-433A6740ADB0}) (Version: 16.7.30310 - Microsoft Corporation) Hiddenicecap_collectionresources (HKLM-x32\...\{60C5BEEB-0865-45D8-AB7F-7F2E916EBEE4}) (Version: 16.7.30310 - Microsoft Corporation) Hiddenicecap_collectionresourcesx64 (HKLM-x32\...\{7525DBB9-50C3-4924-BA87-CD21910F3DA3}) (Version: 16.7.30309 - Microsoft Corporation) HiddenIntel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2112.15.0.2221 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6860 - Intel Corporation) HiddenIntel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.62.321.1 - Intel Corporation) HiddenIntel® Trusted Connect Services Client (HKLM-x32\...\{c3964069-17c1-45dd-85a5-949576ceeaa3}) (Version: 1.62.321.1 - Intel Corporation) HiddenIntel® PROSet/Wireless Software (HKLM-x32\...\{7790daaa-ac74-4f57-9b73-847a68c6e460}) (Version: 21.40.1.0u - Intel Corporation)IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) HiddenJava 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)JetBrains PyCharm Community Edition 2019.2.3 (HKLM-x32\...\PyCharm Community Edition 2019.2.3) (Version: 192.6817.19 - JetBrains s.r.o.)Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) HiddenLenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)LibreOffice 7.0.4.2 (HKLM\...\{B3171B83-4945-43E0-A101-841638C05506}) (Version: 7.0.4.2 - The Document Foundation)Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)MEGAsync (HKLM-x32\...\MEGAsync) (Version:- Mega Limited)Microsoft .NET Core Runtime - 2.1.30 (x64) (HKLM-x32\...\{e6e5b73d-9aea-4a61-9110-4f93d1b9bc75}) (Version: 2.1.30.30411 - Microsoft Corporation)Microsoft .NET Core SDK 3.1.403 (x64) from Visual Studio (HKLM\...\{3863962D-2DDA-4188-996A-070F54EE5F3C}) (Version: 3.1.403.015556 - Microsoft Corporation)Microsoft .NET Core SDK 3.1.415 (x64) (HKLM-x32\...\{c85207f2-c520-4f87-8671-0d6cf09298ff}) (Version: 3.1.415.15859 - Microsoft Corporation)Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14527.20234 - Microsoft Corporation)Microsoft ASP.NET Core 2.1.30 - Shared Framework (HKLM-x32\...\{614a1747-bef3-44e7-86a8-799e4d2ab88d}) (Version: 2.1.30.60071 - Microsoft Corporation)Microsoft ASP.NET Core 3.1.21 - Shared Framework (x86) (HKLM-x32\...\{1c97c9ca-6ccd-4b0e-99e1-59d8fe266e9f}) (Version: 3.1.21.21523 - Microsoft Corporation)Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.44 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)Microsoft SQL Server 2016 LocalDB(HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)Microsoft Teams (HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\Teams) (Version: 1.4.00.26376 - Microsoft Corporation)Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910 (HKLM-x32\...\{53f1dc9d-ed94-4650-a079-129785ce7905}) (Version: 14.28.29910.0 - Microsoft Corporation)Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.56.2 - Microsoft Corporation)Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.7.3068.929 - Microsoft Corporation)Microsoft Web Deploy 4.0 (HKLM\...\{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 - Microsoft Corporation)Microsoft Windows Desktop Runtime - 3.1.21 (x86) (HKLM-x32\...\{d1c9f155-e14a-4486-b545-dde658719aac}) (Version: 3.1.21.30622 - Microsoft Corporation)MiniTool Partition Wizard Free 12.5 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.5 - MiniTool Software Limited)MiniTool ShadowMaker Free Edition (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 3.6 - MiniTool Software Limited)Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)MSI Development Tools (HKLM-x32\...\{DB4DB790-64DD-1902-4BF2-833B3B6DBCA1}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenNmap 7.91 (HKLM-x32\...\Nmap) (Version: 7.91 - Nmap Project)NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.40.5.0 - TEFINCOM S.A.)NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)Npcap (HKLM-x32\...\NpcapInst) (Version: 1.10 - Nmap Project)OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.0.2 - OBS Project)Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hiddenpaint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.10 - Tracker Software Products Ltd)Photo Pos Pro 3 (HKLM\...\Photo Pos Pro 3) (Version: 3.75 - PowerOfSoftware Ltd.)psqlODBC_x64 (HKLM\...\{3F8971B0-061B-4163-9D3F-EA94151B2FCF}) (Version: 09.06.0504 - PostgreSQL Global Development Group)PuTTY release 0.73 (64-bit) (HKLM\...\{44F7642C-AB7E-4468-B028-E8D08A0CBB0E}) (Version: 0.73.0.0 - Simon Tatham)Python 3.8.0 Core Interpreter (64-bit) (HKLM\...\{0AD20F5D-4228-48F6-9314-F42EBD9DCBC8}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.8.0 Development Libraries (64-bit) (HKLM\...\{700DB3F0-C5C0-4160-A513-C33B5B20F877}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.8.0 Documentation (64-bit) (HKLM\...\{7B7ED49A-2149-4035-BFB1-910BE25D799E}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.8.0 Executables (64-bit) (HKLM\...\{A8C1C406-A3AF-41CC-81BD-217FDF1668B2}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.8.0 pip Bootstrap (64-bit) (HKLM\...\{F31907FF-A97B-402E-A629-2BD98D30AC4F}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.8.0 Standard Library (64-bit) (HKLM\...\{682627D4-757B-42BE-B2D3-94AB0F3D08FF}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.8.0 Tcl/Tk Support (64-bit) (HKLM\...\{2DE0FB10-3895-4887-BD32-36CCFD3189CE}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.8.0 Test Suite (64-bit) (HKLM\...\{FFE5B55B-7ED0-4E24-85C3-AB9BCD6881EE}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.8.0 Utility Scripts (64-bit) (HKLM\...\{4420515A-062F-40AF-BFA6-04631B60ED22}) (Version: 3.8.150.0 - Python Software Foundation) HiddenPython 3.9.5 (64-bit) (HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\{f3d4ed4c-f434-41ef-8469-ffadd80c4ccf}) (Version: 3.9.5150.0 - Python Software Foundation)Python 3.9.5 Add to Path (64-bit) (HKLM\...\{6504EEE5-2172-4D34-A76D-0372356396B4}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Core Interpreter (64-bit debug) (HKLM\...\{8FFB26F7-4CCF-4741-8C9A-264BDD0F5C68}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Core Interpreter (64-bit symbols) (HKLM\...\{7AE79937-D0A7-4D36-9965-5E91E22E5FFA}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Core Interpreter (64-bit) (HKLM\...\{FBB6299D-CB58-4177-B6A0-63BFB1C8C3AE}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Development Libraries (64-bit debug) (HKLM\...\{09C8A86E-0205-4821-A084-0008EA107CCD}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Development Libraries (64-bit) (HKLM\...\{AEE58901-97A1-422A-B964-4FD9BF3327B8}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Documentation (64-bit) (HKLM\...\{4EFE695B-F377-4CB0-90E3-6AEEE22DEFEB}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Executables (64-bit debug) (HKLM\...\{E4B94548-B7BF-492D-839A-32851B0B5076}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Executables (64-bit symbols) (HKLM\...\{62B02C0C-B9B8-49E4-BC06-ABA02223D2BA}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Executables (64-bit) (HKLM\...\{843C07B6-040E-4E83-B244-5383247D70AB}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 pip Bootstrap (64-bit) (HKLM\...\{7559EB6B-36F9-4AE8-8970-532E4DC0ECA3}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Standard Library (64-bit debug) (HKLM\...\{DB9DF8C7-EDDB-4FB9-8E65-39BBE13FB31B}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Standard Library (64-bit symbols) (HKLM\...\{72FB8CF5-E7CB-4CD2-90B2-39ADC3483845}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Standard Library (64-bit) (HKLM\...\{F4DC18F4-6323-4BE8-A322-38268831BC24}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Tcl/Tk Support (64-bit debug) (HKLM\...\{A52DECFA-2040-4C9B-840D-D836AE967A63}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Tcl/Tk Support (64-bit symbols) (HKLM\...\{9F0D0DF1-B4D0-4760-A174-0CFF5C09D758}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Tcl/Tk Support (64-bit) (HKLM\...\{351016A7-AED4-4824-8D2E-2F9ED497CF77}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Test Suite (64-bit debug) (HKLM\...\{3C884419-9FCB-4245-804D-C9D3EB88FD87}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Test Suite (64-bit symbols) (HKLM\...\{F47D09A3-9226-47D6-A1E4-FDE02FAF24D0}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Test Suite (64-bit) (HKLM\...\{605117B9-EE12-4498-A089-A63219191799}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython 3.9.5 Utility Scripts (64-bit) (HKLM\...\{420E50F6-A8E8-4098-A321-7DF6B3C3BA82}) (Version: 3.9.5150.0 - Python Software Foundation) HiddenPython Launcher (HKLM-x32\...\{B6EF11B6-0882-43B1-AA75-4D3BD32A144A}) (Version: 3.9.7427.0 - Python Software Foundation)Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8988.1 - Realtek Semiconductor Corp.) HiddenRecorder Devices for ShareX 0.12.10 (HKLM\...\Recorder Devices for ShareX_is1) (Version: 0.12.10 - )Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) HiddenSamsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)SDK ARM Additions (HKLM-x32\...\{73681F86-CD86-4208-572F-959B45430B04}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenSDK ARM Redistributables (HKLM-x32\...\{67EE3804-9642-62BA-EBF1-B1561FB4ECBE}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenSmart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.21063.7 - Samsung Electronics Co., Ltd.) HiddenSmart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.21063.7 - Samsung Electronics Co., Ltd.)SoftMaker FreeOffice 2018 (HKLM-x32\...\{02B0F09C-4865-4F32-BB8A-F22606E9E320}) (Version: 1.0.4865 - SoftMaker Software GmbH)Streamlabs OBS (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.21.1 - General Workings, Inc.)Tableau 2021.2 (20212.21.0605.1023) (HKLM\...\{21E98B83-AD03-4BE0-9DE5-DB96400A52D3}) (Version: 21.2.971 - Tableau Software) HiddenTableau 2021.2 (20212.21.0605.1023) (HKLM-x32\...\{9141e346-ca09-4832-9ccc-f7c2f8d50991}) (Version: 21.2.971 - Tableau Software)Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 - Microsoft Corporation)Thunderbolt™ Software (HKLM-x32\...\{1AA93FF8-C685-4E00-8682-7F2E5D8E8689}) (Version: 17.4.80.550 - Intel Corporation)TreeSize Free V4.5.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.5.2 - JAM Software)Universal CRT Extension SDK (HKLM-x32\...\{13952D7A-B7B3-F4F8-5F29-5CD18E8168B7}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenUniversal CRT Headers Libraries and Sources (HKLM-x32\...\{74CBC330-ED16-31B9-E8BE-0C6A8E67DE32}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenUniversal CRT Redistributable (HKLM-x32\...\{847D4DAF-0182-265B-324F-406462E8A90D}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenUniversal CRT Tools x64 (HKLM\...\{54FE4D23-11A2-F1C4-76E9-79C8FB40A4A1}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenUniversal CRT Tools x86 (HKLM-x32\...\{9F7B0D96-881D-8850-C303-43F3A08E6902}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenUniversal General MIDI DLS Extension SDK (HKLM-x32\...\{6F54BF87-2EE6-FA6D-431D-33A665992D49}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenUpdate for(KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)vcpp_crt.redist.clickonce (HKLM-x32\...\{187432B8-F7D6-4F73-9D40-8B39312D2EDF}) (Version: 14.27.29112 - Microsoft Corporation) HiddenVisual Studio Enterprise 2019 (HKLM-x32\...\ac38d0ed) (Version: 16.7.30611.23 - Microsoft Corporation)VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) HiddenVS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) HiddenVS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hiddenvs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_codecoveragemsi (HKLM-x32\...\{CCD2BE9E-EF63-480B-BB98-E24CB96A21E0}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_communitymsi (HKLM-x32\...\{CC46F5AE-F0CA-400C-A557-A95D742D4EE0}) (Version: 16.7.30310 - Microsoft Corporation) Hiddenvs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_filehandler_amd64 (HKLM-x32\...\{804E218D-A59D-48B9-AD2A-13BF6F1C9DA0}) (Version: 16.7.30309 - Microsoft Corporation) Hiddenvs_filehandler_x86 (HKLM-x32\...\{3A735826-F946-4348-8DE2-0B9FF750F77D}) (Version: 16.7.30309 - Microsoft Corporation) Hiddenvs_FileTracker_Singleton (HKLM-x32\...\{EF1AD9BC-8273-4B78-ACB6-A35DF4CE4447}) (Version: 16.7.30309 - Microsoft Corporation) Hiddenvs_Graphics_Singletonx64 (HKLM\...\{5F1382AE-D96A-4E32-989C-0A3C8C35CC23}) (Version: 16.7.30309 - Microsoft Corporation) Hiddenvs_Graphics_Singletonx86 (HKLM-x32\...\{87B66F22-97AC-4420-841B-2305F921B39F}) (Version: 16.7.30310 - Microsoft Corporation) Hiddenvs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hiddenvs_minshellmsi (HKLM-x32\...\{760FF3F5-A7F3-4079-92DD-9AEB0344D13E}) (Version: 16.7.30310 - Microsoft Corporation) Hiddenvs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_networkemulationmsi_x64 (HKLM-x32\...\{4A7C360D-F268-4712-8D92-EBE9936DBEC8}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{937CD512-3142-4F3E-93CD-5F86203ED24B}) (Version: 16.7.30309 - Microsoft Corporation) Hiddenvs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_vswebprotocolselectormsi (HKLM-x32\...\{178ED1EA-BAFA-489D-873D-F5FB72EA69B9}) (Version: 16.7.30309 - Microsoft Corporation) HiddenWinAppDeploy (HKLM-x32\...\{8E3AE0EF-D067-700C-BDB4-10D5552155DC}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWindows Driver Package - Lenovo Monitor(11/09/2018 6.10.0.0) (HKLM\...\B757445117C6A0C55D3FFFC6CF7A9C05A6A5D74E) (Version: 11/09/2018 6.10.0.0 - Lenovo)Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)Windows Software Development Kit - Windows 10.0.18362.1 (HKLM-x32\...\{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Version: 10.1.18362.1 - Microsoft Corporation)WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)WinRT Intellisense Desktop - en-us (HKLM-x32\...\{E67F1F03-FB4A-3D61-8999-E6A4C4B26F34}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{7EF010FF-7800-28BA-FF49-2D219EC7BA82}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWinRT Intellisense IoT - en-us (HKLM-x32\...\{36AE12FB-4349-6EAA-B6E4-5F4E06FA8AE8}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWinRT Intellisense IoT - Other Languages (HKLM-x32\...\{6B03A6A4-643C-57CE-CA6F-4E19BF47497A}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWinRT Intellisense Mobile - en-us (HKLM-x32\...\{918A448F-59E8-FBF5-B087-D3F07160C7E0}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWinRT Intellisense PPI - en-us (HKLM-x32\...\{66483041-F590-EC46-4AF0-EE39C62FB680}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWinRT Intellisense PPI - Other Languages (HKLM-x32\...\{9C61E6D2-C43E-6746-B519-6185558C4A24}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWinRT Intellisense UAP - en-us (HKLM-x32\...\{6B37CC5B-78DF-5050-2215-68479716A587}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWinRT Intellisense UAP - Other Languages (HKLM-x32\...\{250D5341-0879-4016-399C-BBCD87B80E95}) (Version: 10.1.18362.1 - Microsoft Corporation) HiddenWireshark 3.4.4 64-bit (HKLM-x32\...\Wireshark) (Version: 3.4.4 - The Wireshark developer community, hxxps://www.wireshark.org)ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.004.7033 - Check Point Software) HiddenZoneAlarm Firewall (HKLM-x32\...\{4B4B7DC8-6DAE-4B62-BF30-4249180AF564}) (Version: 15.8.173.18805 - Check Point Software Technologies Ltd.) HiddenZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.8.173.18805 - Check Point)ZoneAlarm Security (HKLM-x32\...\{D8F82C55-1B8C-4C24-A7AC-DA70ED83EF4B}) (Version: 15.8.173.18805 - Check Point Software Technologies Ltd.) HiddenZoom (HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.) Packages:=========Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.68.2.0_x86__kgqvnymyfvs32 [0000-00-00] (king.com)Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.70.3.0_x86__kgqvnymyfvs32 [0000-00-00] (king.com)Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [0000-00-00] (INTEL CORP) [Startup Task]Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.15.0_x64__k1h2ywk1493x8 [0000-00-00] (LENOVO INC.)LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [0000-00-00] (LinkedIn)Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Studios) [MS Ad]MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>-> No FileContextMenuHandlers1: [ContextMenuExtension] -> {a0b73fac-351f-3948-9d8a-1dad9d870193} => C:\Program Files\pCloud Drive\ContextMenuHandler.DLL -> No FileContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>-> No FileContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]ContextMenuHandlers4: [ContextMenuExtension] -> {a0b73fac-351f-3948-9d8a-1dad9d870193} => C:\Program Files\pCloud Drive\ContextMenuHandler.DLL -> No FileContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No FileContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-09] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)ContextMenuHandlers1_S-1-5-21-1251561051-1078964320-4203531199-1002: [kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Shamus\AppData\Local\Kingsoft\WPS Office\11.2.0.10265\office6\kwpsmenushellext64.dll -> No FileContextMenuHandlers4_S-1-5-21-1251561051-1078964320-4203531199-1002: [kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Shamus\AppData\Local\Kingsoft\WPS Office\11.2.0.10265\office6\kwpsmenushellext64.dll -> No File ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-07-24 20:24 - 2021-07-24 20:24 - 042803200 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.dll2021-06-27 23:54 - 2021-06-27 23:54 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll2021-02-22 10:13 - 2021-02-22 10:13 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll2021-02-22 10:13 - 2021-02-22 10:13 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll2021-10-04 19:12 - 2021-10-04 19:12 - 003864576 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\fbb7efe1ef62c41c0bc661bac8028aa3\Newtonsoft.Json.ni.dll2021-04-19 23:12 - 2021-04-19 23:12 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\x86\SQLite.Interop.dll2021-06-17 11:28 - 2021-06-17 11:28 - 001491456 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Duplicati 2\SQLite\win64\SQLite.Interop.dll2021-06-17 11:28 - 2021-06-17 11:28 - 001625088 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Duplicati 2\x64\SQLite.Interop.dll2021-05-31 19:53 - 2020-11-03 05:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-1251561051-1078964320-4203531199-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankURLSearchHook: [S-1-5-21-1251561051-1078964320-4203531199-1001] ATTENTION => Default URLSearchHook is missingBHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)BHO: No Name -> {5CD51375-AE5F-455B-B5D0-9369EBDB2152}' -> No FileBHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)BHO-x32: No Name -> {5CD51375-AE5F-455B-B5D0-9369EBDB2152}' -> No FileBHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-10-24] (Oracle America, Inc. -> Oracle Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-24] (Oracle America, Inc. -> Oracle Corporation)Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 17:31 - 2018-09-15 17:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2019-12-24 14:00 - 2019-12-26 20:04 - 000000536 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics172.17.204.102 af20e454-4b17-4bc7-b75e-f783077ae876.mshome.net # 2019 12 2 31 4 1 10 583172.17.204.97 LAPTOP-N0NM7SOC.mshome.net # 2024 12 2 24 10 4 41 356 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Python39\Scripts\;C:\Program Files\Python39\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Python37-32\Scripts\;C:\Program Files (x86)\Python37-32\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\dotnet\;C:\Program Files\PuTTY\;c:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;c:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.7.0HKU\S-1-5-21-1251561051-1078964320-4203531199-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpgDNS Servers: 103.86.96.100 - 103.86.99.100HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )Windows Firewall is disabled. Network Binding:=============Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet 3: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled) WiFi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) WiFi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet 2: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "Duplicati 2.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7E84A220-81CD-40D5-945F-56A606FD6578}] => (Allow) C:\Users\Fred\AppData\Roaming\Zoom\bin\airhost.exe => No FileFirewallRules: [{E8981F94-AA8B-4349-831A-8B33A4AADB74}] => (Allow) C:\Users\Fred\AppData\Roaming\Zoom\bin\Zoom.exe => No FileFirewallRules: [{E0C43813-7D07-46C8-A56D-2795B2CDD767}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe => No FileFirewallRules: [{5C5D5509-19D5-41C8-AE95-224F7B8885CF}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe => No FileFirewallRules: [{22477DAC-32DA-4AE0-985C-FA8DF5EB27EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)FirewallRules: [{147E45B6-D136-4C10-84D4-DE39F7CF5F43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)FirewallRules: [{E76679C6-3390-4745-B116-885E2ED55542}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{4DA07676-DCA3-465D-9728-79A2A57791A3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{532202D2-C6C6-44CA-B511-0881BB9EEDEE}] => (Allow) C:\Program Files (x86)\Iperius Backup\Iperius.exe => No FileFirewallRules: [{C645EA47-8878-4CB8-9949-981A85D41183}] => (Allow) C:\Program Files (x86)\Iperius Backup\Iperius.exe => No FileFirewallRules: [{04A0B7B6-DF8F-423A-8D47-F3AA0CA15454}] => (Allow) C:\Program Files (x86)\Iperius Backup\IperiusService.exe => No FileFirewallRules: [{681C4158-F178-47A8-8B00-1971B767850E}] => (Allow) C:\Program Files (x86)\Iperius Backup\IperiusService.exe => No FileFirewallRules: [{F85EFC3C-BC70-4B42-838D-9E3F84B218ED}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{E16E20C2-96CE-431A-BACC-B627BB82F043}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{7311BA07-F889-41DC-B590-27590E2E5D1E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)FirewallRules: [{F76D068A-242D-4D9E-BD46-A5418C217C1D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)FirewallRules: [{72F5C25F-27E9-44A6-A90D-00D2B91D84A6}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )FirewallRules: [{546D3336-DC91-4BCE-8C90-F02769E73C15}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )FirewallRules: [{0E125C35-5EA4-484C-86C1-B248F6BC6D47}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)FirewallRules: [{04F279C7-328F-4E61-83D1-B6A0ACAFC6AD}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)FirewallRules: [{40A3E9C3-C97D-4506-89F1-1CE21EA887E0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)FirewallRules: [{E7D57720-E578-4C4C-AAC1-9ED1C72F0DEF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)FirewallRules: [{4405176D-CEFE-4E1F-94DC-937FF5A9F6A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{C1466CDF-F06D-48DF-AF94-C686C305726D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{AF436BDF-AD30-434F-A1AA-9045723CB1AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{9E159240-6BF5-4EFF-A5EC-0ECEF40786CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{AC79D1DF-565E-4C31-A714-2EE287C4FCDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{A6707D24-8F86-4019-ADBF-4BB43D833DB7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{4834F43F-095A-41E8-9090-DA8269F24BBD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{CA786A60-55A7-492B-849A-761D10331E31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{1E0768E6-7A3A-40A0-9D80-1B27C27E2110}] => (Allow) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{B95D5DDC-4585-40C2-97A2-0C678189BC84}] => (Allow) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{F8921088-D1E8-4724-9E71-9843B8D18165}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{1D3BD5D3-2EFC-4664-B3F9-5B3CD573C16F}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{81F3019E-2017-46E6-B192-2278B01AFE24}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{17FD733C-6FF8-4C1D-9925-8E29A00B2BCD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{F6A84055-D02B-4EFB-93CF-9085B9AE5F31}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{5EC333C5-28C9-4839-9DEE-94A2B7977D32}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)FirewallRules: [{09B3E099-4D71-4DFC-8858-F670ABBCE328}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{382C9E32-D8A1-4682-A3B6-9CFF56A012BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{43D69744-BF32-4DB4-A639-DABDB07894FF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{7D5353A0-CFF6-4E67-A0DF-5EDB923ED4F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{AAF8A6E1-03E5-4785-B373-343811F58913}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{BEC1E6E0-2DB8-4E2E-BDAA-E52AC86A6C57}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{8BF7E4FB-4924-41A3-9CDF-CFE25023D392}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{22587FBA-73FF-4C1E-B50B-6DE3E105A4ED}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.7.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)FirewallRules: [{1EA2DE69-04AA-4408-940D-33D164E90C26}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.7.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)FirewallRules: [{3F7EBAFA-3470-48F7-A7B3-D27AD64439FF}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)FirewallRules: [{5B86E92A-0023-4C80-86A1-7BD1620423E1}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:364.55 GB) (Free:42.83 GB) (12%)Check "VSS" service==================== Faulty Device Manager Devices ============ Name: Microsoft Hyper-V NT Kernel Integration VSPDescription: Microsoft Hyper-V NT Kernel Integration VSPClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vkrnlintvspProblem: : Windows cannot initialize the device driver for this hardware. (Code 37)Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.==================== Event log errors: ======================== Application errors:==================Error: (11/13/2021 06:34:08 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe, PID: 996, ProfSvc PID: 1284. Error: (11/13/2021 06:25:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-N0NM7SOC$ via https://STM-KeyId-1adb994ab58be57a0cc9b900e7851e1a43c08660.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps Method: GET(16ms)Stage: GetCACapsThe server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (11/13/2021 06:24:55 PM) (Source: SecurityCenter) (EventID: 18) (User: )Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore. Error: (11/13/2021 06:01:15 PM) (Source: VSS) (EventID: 13) (User: )Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (11/13/2021 05:56:09 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-N0NM7SOC$ via https://STM-KeyId-1adb994ab58be57a0cc9b900e7851e1a43c08660.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps Method: GET(47ms)Stage: GetCACapsThe server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (11/13/2021 05:56:04 PM) (Source: SecurityCenter) (EventID: 18) (User: )Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore. Error: (11/13/2021 05:51:09 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-N0NM7SOC$ via https://STM-KeyId-1adb994ab58be57a0cc9b900e7851e1a43c08660.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps Method: GET(32ms)Stage: GetCACapsThe server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (11/13/2021 05:51:04 PM) (Source: SecurityCenter) (EventID: 18) (User: )Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore.System errors:=============Error: (11/13/2021 06:26:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The IDriveService service failed to start due to the following error: The system cannot find the file specified. Error: (11/13/2021 06:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The CmService service depends on the HvHost service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/13/2021 06:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The HvHost service depends on the hvservice service which failed to start because of the following error: Element not found. Error: (11/13/2021 06:24:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The hvservice service failed to start due to the following error: Element not found. Error: (11/13/2021 06:24:28 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)Description: 03225747456 Error: (11/13/2021 06:24:28 PM) (Source: Microsoft-Windows-Hyper-V-Hypervisor) (EventID: 41) (User: NT AUTHORITY)Description: Hypervisor launch failed; Either VMX not present or not enabled in BIOS. Error: (11/13/2021 06:23:58 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-N0NM7SOC)Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (11/13/2021 06:23:57 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-N0NM7SOC)Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:{DD522ACC-F821-461A-A407-50B198B896DC}CodeIntegrity:===============Date: 2021-11-13 19:33:28Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-11-13 19:33:28Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Windows signing level requirements. Date: 2021-11-13 18:25:56Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2021-11-13 18:25:56Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Microsoft signing level requirements.==================== Memory info ===========================BIOS: LENOVO N23ET78W (1.53 ) 08/09/2021Motherboard: LENOVO 20KHS00900Processor: Intel® Core™ i7-8550U CPU @ 1.80GHzPercentage of memory in use: 52%Total physical RAM: 16233.89 MBAvailable physical RAM: 7723.93 MBTotal Virtual: 32617.89 MBAvailable Virtual: 23132.89 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:364.55 GB) (Free:42.83 GB) NTFSDrive d: (Data) (Fixed) (Total:588.07 GB) (Free:461.38 GB) NTFS \\?\Volume{4fef0408-7148-4ea0-b29f-95cf175d2709}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.38 GB) NTFS\\?\Volume{e951d793-d9f6-426a-9540-96c6d9fe3fb2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ==================== End of Addition.txt =======================