Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2021 Ran by Owner (11-04-2021 10:38:39) Running from C:\Users\Owner\Desktop Windows 10 Home Version 1607 14393.2189 (X64) (2016-11-08 02:21:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3443875969-4187526408-4230261024-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3443875969-4187526408-4230261024-503 - Limited - Disabled) Guest (S-1-5-21-3443875969-4187526408-4230261024-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3443875969-4187526408-4230261024-1006 - Limited - Enabled) Owner (S-1-5-21-3443875969-4187526408-4230261024-1001 - Administrator - Enabled) => C:\Users\Owner Patti - ipod (S-1-5-21-3443875969-4187526408-4230261024-1007 - Limited - Enabled) => C:\Users\Patti - ipod ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden Amazon Cloud Drive (HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon) Amazon Cloud Drive (HKU\S-1-5-21-3443875969-4187526408-4230261024-1007\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon) ANT Drivers Installer x64 (HKLM\...\{13411D72-7171-440B-978A-ECAA06920C4C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Ask Toolbar Updater (HKU\S-1-5-21-3443875969-4187526408-4230261024-1007\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.) Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.260.0.1032 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.) Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.00 - Canon Inc.) Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.) Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version: - ‭Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.) Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden Command & Conquer Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version: - ) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden Draft Dominator Version 1.0.10 (HKLM\...\Draft Dominator_is1) (Version: 1.0.10 - ) Driver Easy 5.6.15 (HKLM\...\DriverEasy_is1) (Version: 5.6.15 - Easeware) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) Elevated Installer (HKLM-x32\...\{4E108B93-9865-45BF-A565-865AE20AC7FC}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Hidden Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - ) Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden Garmin Express (HKLM-x32\...\{D646C2CC-7782-4B95-B1C8-D9503409A40A}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express (HKLM-x32\...\{ffecb7df-db17-4a27-9f6b-d61ba2d7bcff}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Garmin Training Center (HKLM-x32\...\{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}) (Version: 3.4.5 - Garmin Ltd or its subsidiaries) Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Earth Pro (HKLM-x32\...\{59F21DFB-6977-434B-9CB9-67783D6E7B6B}) (Version: 7.3.3.7786 - Google) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Heroes of Hellas 2 - Olympia (HKLM-x32\...\WT087372) (Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP) HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP) HP ENVY Photo 7100 series Basic Device Software (HKLM\...\{16D8C168-238A-4BEB-9A76-B82EEF4E0D51}) (Version: 44.4.2678.1977 - HP Inc.) HP ENVY Photo 7100 series Help (HKLM-x32\...\{044AF040-9AF7-4B0A-ABB5-302B9D6A8155}) (Version: 44.0.0 - HP) HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent) HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard) HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) Hulu Desktop (HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC) Hulu Desktop (HKU\S-1-5-21-3443875969-4187526408-4230261024-1007\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC) iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.) iTunes (HKLM\...\{79951B67-3DC8-45DF-A516-86F89DA95924}) (Version: 12.11.0.26 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jewel Quest Solitaire 2 (HKLM-x32\...\WT087379) (Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.) LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) LeapFrog Connect (HKLM-x32\...\{5B0F473D-7E18-477F-99DC-3745D5A711E9}) (Version: 7.0.6.19846 - LeapFrog) Hidden LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog) LeapFrog Tag Plugin (HKLM-x32\...\{6A04826B-5056-4B0F-BD5B-1F88DCFFD9B5}) (Version: 7.0.6.19846 - LeapFrog) Hidden LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Mozilla Firefox 87.0 (x64 en-US) (HKLM\...\Mozilla Firefox 87.0 (x64 en-US)) (Version: 87.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 83.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery P.I. - The London Caper (HKLM-x32\...\WT089299) (Version: 2.2.0.95 - WildTangent) Hidden NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.48 - Symantec Corporation) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.26 - PDF Complete, Inc) Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden Phone to PC 4.1.4.4 (HKLM-x32\...\{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1) (Version: - Macroplant, LLC) PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company) Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.) PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.) Product Improvement Study for HP ENVY Photo 7100 series (HKLM\...\{F10CFC4B-5353-43C0-9953-ABC58D0F9FDE}) (Version: 44.4.2678.1977 - HP Inc.) Projections Dominator Version 10.0e (HKLM-x32\...\Projections Dominator_is1) (Version: - ) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3219 - CyberLink Corp.) Hidden ROBLOX Player for Patti - ipod (HKU\S-1-5-21-3443875969-4187526408-4230261024-1007\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio for Owner (HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Streamlabs OBS 0.27.0 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.27.0 - General Workings, Inc.) TrueForms Online 4.6.0.30 (HKLM-x32\...\{4E83538E-C11F-4C69-B764-B5162686047C}) (Version: 4.6.01.30 - ) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 7.0.6.19846 - LeapFrog) VB Runtime (HKLM-x32\...\VB Runtime) (Version: - ) Virtual Families (HKLM-x32\...\WT087414) (Version: 2.2.0.95 - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - Sakar) WD Drive Utilities (HKLM-x32\...\{29136751-F57C-415E-A460-22DEC3B589FE}) (Version: 1.3.0.16 - Western Digital Technologies, Inc.) Hidden WD Drive Utilities (HKLM-x32\...\{c77bad57-f913-4ac3-9061-6dfd6c0aa40a}) (Version: 1.3.0.16 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version: - ) Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin) Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) Wizard101 (HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) Zinio Reader 4 (HKLM-x32\...\{465210C4-595A-BD80-44E8-E0457D9D8432}) (Version: 4.0.3184 - Zinio LLC) Hidden Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC) Zoom (HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.) Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden Packages: ========= Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.123.200.0_x86__kgqvnymyfvs32 [2018-09-21] (king.com) HP Explore -> C:\Program Files\WindowsApps\AD2F1837.HPWelcome_0.1.50.0_x64__v10z8vjag6ke6 [2015-11-29] (Hewlett-Packard Company) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10730.20115.0_x64__8wekyb3d8bbwe [2018-09-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-09-21] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.25.11802.0_x64__8wekyb3d8bbwe [2018-07-07] (Microsoft Corporation) [MS Ad] Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation) Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-15] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.8172.0_x86__8wekyb3d8bbwe [2018-08-25] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe [2018-08-23] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.25.11802.0_x64__8wekyb3d8bbwe [2018-07-04] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-08-14] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c [2018-07-17] (Skype) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-29] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2013-08-14] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2013-08-14] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-03] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-03] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2013-08-14] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [57344 2008-12-17] () [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2017-04-18 05:45 - 2017-04-18 05:45 - 000808960 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll 2017-04-18 05:45 - 2017-04-18 05:45 - 001227264 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll 2019-09-18 16:28 - 2019-09-18 16:28 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll 2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll 2017-04-09 23:49 - 2017-04-09 23:49 - 067109376 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll 2017-04-09 23:49 - 2017-04-09 23:49 - 000079360 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll 2017-04-09 23:49 - 2017-04-09 23:49 - 002246144 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll 2015-03-14 12:59 - 2013-10-30 19:06 - 000380928 _____ () [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2016-07-16 06:42 - 2016-07-16 06:42 - 001529344 _____ () [File not signed] C:\WINDOWS\system32\DBGHELP.DLL 2019-09-18 16:28 - 2019-09-18 16:28 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll 2015-03-14 12:59 - 2011-06-21 16:04 - 000229376 _____ (Broadcom Corporation) [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\wps_api.dll 2019-09-18 16:30 - 2019-09-18 16:30 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll 2019-09-18 16:28 - 2019-09-18 16:28 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll 2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll 2019-09-18 16:28 - 2019-09-18 16:28 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll 2010-05-19 13:44 - 2010-05-19 13:44 - 000033792 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll 2010-05-19 13:44 - 2010-05-19 13:44 - 000110592 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll 2013-08-14 08:00 - 2013-08-14 08:00 - 001006080 ____R (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files (x86)\Western Digital\WD SmartWare\System.Data.SQLite.dll 2019-09-18 16:29 - 2019-09-18 16:29 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL 2017-04-09 23:49 - 2017-04-09 23:49 - 000434176 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll 2013-08-14 08:01 - 2013-08-14 08:01 - 000078336 ____R (Western Digital Technologies, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Western Digital\WD SmartWare\WDSQLite.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Owner\Desktop\Background.jpeg:3or4kl4x13tuuug3Byamue2s4b [101] AlternateDataStreams: C:\Users\Owner\Desktop\Background.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Owner\Desktop\bookmark.jpeg:3or4kl4x13tuuug3Byamue2s4b [101] AlternateDataStreams: C:\Users\Owner\Desktop\bookmark.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-3443875969-4187526408-4230261024-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-3443875969-4187526408-4230261024-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3443875969-4187526408-4230261024-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-3443875969-4187526408-4230261024-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-3443875969-4187526408-4230261024-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = SearchScopes: HKU\S-1-5-21-3443875969-4187526408-4230261024-1007 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = SearchScopes: HKU\S-1-5-21-3443875969-4187526408-4230261024-1007 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-3443875969-4187526408-4230261024-1007 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard Company -> Hewlett-Packard) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-30] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-30] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard Company -> Hewlett-Packard) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKU\S-1-5-21-3443875969-4187526408-4230261024-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3443875969-4187526408-4230261024-1007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) [File not signed] Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) [File not signed] Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) [File not signed] Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) [File not signed] Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) [File not signed] Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) [File not signed] Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) [File not signed] Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\trueformsonline.com -> hxxps://*.trueformsonline.com IE trusted site: HKU\S-1-5-21-3443875969-4187526408-4230261024-1007\...\trueformsonline.com -> hxxps://*.trueformsonline.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2021-04-07 23:44 - 000000900 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\ HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Pictures\2002\engagement0002.jpg HKU\S-1-5-21-3443875969-4187526408-4230261024-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\HP1.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. Network Binding: ============= Wireless Network Connection 9: General NDIS Protocol Driver -> SCM_NDISPROT (enabled) Ethernet: General NDIS Protocol Driver -> SCM_NDISPROT (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: lfsvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKLM\...\StartupApproved\StartupFolder: => "NETGEAR WNA3100 Genie.lnk" HKLM\...\StartupApproved\Run: => "hpsysdrv" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "SmartMenu" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "BCSSync" HKLM\...\StartupApproved\Run32: => "Monitor" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker" HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper" HKLM\...\StartupApproved\Run32: => "WD Quick View" HKLM\...\StartupApproved\Run32: => "PDF Complete" HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\StartupApproved\StartupFolder: => "Amazon Cloud Drive.lnk" HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\StartupApproved\Run: => "ApplePhotoStreams" HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3443875969-4187526408-4230261024-1001\...\StartupApproved\Run: => "HP ENVY Photo 7100 (NET)" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B4DF72F3-5590-4008-8739-A44F708AD232}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.) FirewallRules: [{0626ACD3-CCF1-4782-A691-FE95594BD8E8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE (CyberLink -> CyberLink Corp.) FirewallRules: [{0C238BF7-1DCC-4154-97A0-D0A81A650576}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe => No File FirewallRules: [{587A5354-D749-4823-9706-C57C0791126F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe => No File FirewallRules: [{A0BCBCF0-CD32-4D3E-A6D5-20BF2EBBCB01}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe => No File FirewallRules: [{720617CC-D77C-4B41-AD76-A8CE8E033785}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe => No File FirewallRules: [{E2909334-CBCF-4D0D-A1C1-ED3514CA4C64}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe => No File FirewallRules: [{6D29A3FD-A531-4E63-B811-BF50B5069EA0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.) FirewallRules: [{625D9C9A-ED9C-41C4-A591-BB8D744EDC57}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe (CyberLink -> CyberLink Corp.) [File not signed] FirewallRules: [{1C6FDCC6-0F71-4FC9-9C82-18F075986BDC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.) FirewallRules: [{3EF3CA3C-0269-47D7-A470-C0DA7D2DE668}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio) FirewallRules: [{A0068D8C-5C20-4982-B6B9-34B4C0114B0E}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio) FirewallRules: [{6B060443-B890-4A3E-8E82-09F95F8ED06C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe (Sonic Solutions -> Sonic Solutions) FirewallRules: [{C59F2E55-0D9A-453C-9D53-1654D7885C41}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe (Sonic Solutions -> Sonic Solutions) FirewallRules: [{5586CA28-56BB-4A2C-B2A8-7D3060E5EF37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8BF31365-AF52-4B5A-A72E-29F107788884}] => (Allow) LPort=2869 FirewallRules: [{8266FFFD-EF0D-499F-A68A-320443004595}] => (Allow) LPort=1900 FirewallRules: [{518FC00D-1AFE-4AD4-AEC9-7D2153039F27}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1F40F471-06AB-4425-B546-8BFF8C172B0C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1C8D6713-8744-4CFB-8816-915FCB0DE5A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F7819B7E-B9B5-422C-BAEB-F8653351F757}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C2D72D81-FCB7-44DE-97D1-6938D89C6B8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{68376BB8-1826-4031-A0C2-C9B54E6F52A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2FDFA8B2-679D-46A7-A42D-0412567CA3CD}] => (Allow) LPort=135 FirewallRules: [{42D34EE4-C5C7-430E-AC11-C131E02B15B0}] => (Allow) LPort=5000 FirewallRules: [{A867FC96-E6F7-4BFB-9DE6-4B5396A340A4}] => (Allow) LPort=5001 FirewallRules: [{96F6D1EC-60FD-48F8-BB1E-D55095454C35}] => (Allow) LPort=5002 FirewallRules: [{24DAB93A-24BF-4FE5-83C6-B4AC208A892F}] => (Allow) LPort=5003 FirewallRules: [{8467AFD2-A339-4A82-A216-BC76B2B7642E}] => (Allow) LPort=5004 FirewallRules: [{498C1400-F7B9-4AAB-9F35-57933266FA77}] => (Allow) LPort=5005 FirewallRules: [{437CAF38-2664-4C69-80D5-A49A3E0AA1BF}] => (Allow) LPort=5006 FirewallRules: [{934FB2C8-DA0C-4DB0-90AE-F27484A4D54D}] => (Allow) LPort=5007 FirewallRules: [{12D44E38-49BE-4CCB-B100-E1088E89B1BD}] => (Allow) LPort=5008 FirewallRules: [{BDBA25B9-23BB-4E19-B676-87361BE5C127}] => (Allow) LPort=5009 FirewallRules: [{A4BE37F0-8E7B-4C63-B194-C7D555BD7D78}] => (Allow) LPort=5010 FirewallRules: [{FDEEDAB8-6598-4FFB-9F50-F9C32C4FFC26}] => (Allow) LPort=5011 FirewallRules: [{38E59710-754F-49FF-8ACC-E54800AF3EB1}] => (Allow) LPort=5012 FirewallRules: [{5B480884-45D7-4694-8A5F-CA729FD735EC}] => (Allow) LPort=5013 FirewallRules: [{62CE3B46-776E-4E18-9B3D-8EE41353B303}] => (Allow) LPort=5014 FirewallRules: [{F4B8958C-FCE0-42B8-949B-14B2619985F1}] => (Allow) LPort=5015 FirewallRules: [{7DC38462-EDCE-4D18-802D-F6F3F870A038}] => (Allow) LPort=5016 FirewallRules: [{A5CE3081-8F81-4626-B6DC-E59A3264F9EB}] => (Allow) LPort=5017 FirewallRules: [{72895865-8013-440D-8BE2-965C73C714A0}] => (Allow) LPort=5018 FirewallRules: [{1198AB59-13DC-4173-9545-AB875DD035A0}] => (Allow) LPort=5019 FirewallRules: [{9399C3B1-F63D-47FF-B10B-2E9E91391238}] => (Allow) LPort=5020 FirewallRules: [{29204CF6-142A-4AB0-9FBC-7E422E17C3A5}] => (Allow) C:\Windows\System32\lxcccoms.exe => No File FirewallRules: [{FFEB4D01-FDA5-4A6E-8696-C77539B34594}] => (Allow) C:\Windows\System32\lxcccoms.exe => No File FirewallRules: [{52367A7D-343C-4B94-BF7D-034A0AC89F16}] => (Allow) C:\Windows\System32\lxcccoms.exe => No File FirewallRules: [{D962CB47-521E-425D-96B2-C1610E3C3688}] => (Allow) C:\Windows\System32\lxcccoms.exe => No File FirewallRules: [{001E801A-1863-4593-8292-0B76BDA0E7EF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe (CyberLink -> CyberLink Corp.) [File not signed] FirewallRules: [{C0076BA1-05D7-4B7C-A86C-8CC7F296A1F1}] => (Allow) LPort=135 FirewallRules: [{0AD84F29-2EF1-433B-8B3E-B2AE248BBC39}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) FirewallRules: [{868AF01F-0330-490D-A077-4C6CBEBEAD27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{BFBE3918-42C1-451B-8B7E-48AEBEBCBEFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0C947578-EECB-4A5D-BB67-A4E77AA45E4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2571DCBF-4DEB-48F4-ADC8-64F7509439D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CD40DA95-EAC1-4889-B7BE-10DB9DF9A7B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{96F91A11-E4C4-4A2E-AE6C-863210E0139D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{51ED24FC-9D69-44D4-9803-C7337FC254C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{EB899504-D5BB-436F-9D01-D407AA3EF2FA}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS2C1E\HP.EasyStart.exe (HP Inc. -> HP) FirewallRules: [{6C7299EC-0344-40DF-AAD3-67F75C2B41A6}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS427B\HP.EasyStart.exe (HP Inc. -> HP) FirewallRules: [{2B2F0E99-C75C-4686-BD60-FD0CF68749F0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{9112996F-06CF-4D33-A630-D3599E675CBF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe (Hewlett-Packard Company -> Hewlett-Packard Company) FirewallRules: [{C22F5811-BBEF-4AED-83D3-4059A59231BA}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS2572\HP.EasyStart.exe (HP Inc. -> HP) FirewallRules: [{8C165DCB-5AAF-45B8-B9A9-2F663B0F410A}] => (Allow) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.) FirewallRules: [{0FA06624-9C3B-4E9D-83F5-32BA5D64A277}] => (Allow) LPort=5357 FirewallRules: [{6BD468DC-B8CE-4416-9A39-F993FF893006}] => (Allow) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.) FirewallRules: [{96FCFA23-A2E6-4365-8869-7970A119D601}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{04BD5AA1-E5F2-4BEE-9B2A-BF8858C32E18}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1EAEF616-D90C-4F5D-BD25-82C40CB61B74}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E1DF026A-0642-463C-8F1E-73CF9E0AE578}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [{037F41ED-E16F-42D1-9C11-81647138B2D0}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{EE3F16F9-7E00-4803-A595-992C8D0BBA46}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{A7E9DEF0-1B7A-4142-8DB0-7C2A63BB92D6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File FirewallRules: [{7B0FEA72-2780-43CE-8DE6-365206637848}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware) ==================== Restore Points ========================= 10-04-2021 23:34:36 Windows Modules Installer 11-04-2021 00:03:58 Windows Backup ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/11/2021 10:26:25 AM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: SANDP) Description: Certificate Services Client failed to invoke the Providers in response to event 512. Error code 2147942593. Error: (04/11/2021 10:26:25 AM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: SANDP) Description: Certificate Services Client failed to load Provider pautoenr.dll. Error code 193. Error: (04/11/2021 10:26:04 AM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT AUTHORITY) Description: Certificate Services Client failed to invoke the Providers in response to event 256. Error code 2147942593. Error: (04/11/2021 10:26:04 AM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT AUTHORITY) Description: Certificate Services Client failed to load Provider pautoenr.dll. Error code 193. Error: (04/11/2021 10:25:54 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname SandP.local already in use; will try SandP-2.local instead Error: (04/11/2021 10:25:54 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 SandP.local. Addr 192.168.1.75 Error: (04/11/2021 10:25:54 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.75:5353 16 SandP.local. AAAA 2600:6C40:4100:285F:F48C:7EEA:F030:3595 Error: (04/11/2021 10:17:29 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. System errors: ============= Error: (04/11/2021 10:26:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/11/2021 10:26:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetPipeActivator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/11/2021 10:26:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect. Error: (04/11/2021 10:25:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (04/11/2021 10:24:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Feature update to Windows 10, version 20H2. Error: (04/11/2021 10:16:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/11/2021 10:15:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (04/11/2021 10:15:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDBackup service. Windows Defender: ================ Date: 2021-04-01 09:32:32.852 Description: Windows Defender scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-02-27 18:40:54.667 Description: Windows Defender scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-01-16 17:53:32.428 Description: Windows Defender scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-04-10 00:39:10.325 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2021-04-10 00:36:06.212 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.335.464.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2021-04-10 00:25:38.323 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2021-04-09 01:37:08.869 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.335.464.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18000.5 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2021-04-09 01:26:47.600 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. ==================== Memory info =========================== BIOS: American Megatrends Inc. 6.04 09/07/2010 Motherboard: FOXCONN 2AB1 Processor: AMD Athlon(tm) II X4 640 Processor Percentage of memory in use: 57% Total physical RAM: 3839.28 MB Available physical RAM: 1640.83 MB Total Virtual: 5631.28 MB Available Virtual: 2775.23 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.73 GB) (Free:84.01 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:13.25 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:306.14 GB) NTFS \\?\Volume{df16199f-43d7-11e0-9da7-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{1b47052c-0000-0000-0000-c074e5000000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 1B47052C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=917.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=13.2 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D1C1DDFE) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================