Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021 Ran by mike (27-08-2021 20:26:19) Running from C:\Users\mikem\Desktop Windows 10 Pro Version 21H1 19043.1165 (X64) (2020-12-18 17:56:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) admin (S-1-5-21-3200273941-2670340362-4195434088-1003 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-3200273941-2670340362-4195434088-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3200273941-2670340362-4195434088-503 - Limited - Disabled) Guest (S-1-5-21-3200273941-2670340362-4195434088-501 - Limited - Disabled) Kerstin (S-1-5-21-3200273941-2670340362-4195434088-1013 - Limited - Enabled) mikem (S-1-5-21-3200273941-2670340362-4195434088-1000 - Administrator - Enabled) mpmm (S-1-5-21-3200273941-2670340362-4195434088-1005 - Administrator - Enabled) => C:\Users\mpmm mpmm_a21rhkv (S-1-5-21-3200273941-2670340362-4195434088-1014 - Administrator - Enabled) => C:\Users\mpmm_a21rhkv WDAGUtilityAccount (S-1-5-21-3200273941-2670340362-4195434088-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis True Image for Western Digital (HKLM-x32\...\{1E085CBE-D1B4-48E2-BCDE-7DB45886E7B1}) (Version: 24.0.34190 - Acronis) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) AO Tennis 2 (HKLM-x32\...\{DDCF1227-1C1A-4931-B467-E62E3078A091}) (Version: 1.0.0.31 - Bigben Interactive) Apple Application Support (32-bit) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Bode Miller Alpine Skiing (HKLM-x32\...\{94FC1D16-0D5D-4FA6-A3D8-61B503F67A7A}) (Version: 1.0.0.0 - Masque Publishing) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden Brother IPPoverUSB Driver (HKLM-x32\...\{36DAA671-6347-495C-B816-6FB782430D8A}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden Brother Printer Driver (HKLM-x32\...\{6D33FF09-043C-45A6-A3E5-5DDBF686AC4E}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden Cisco Webex Meetings (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ActiveTouchMeetingClient) (Version: 40.10.3 - Cisco Webex LLC) Client Connector for Windows Server Essentials (HKLM\...\{563CB0AF-E0B5-42B1-AB42-8E6964349900}) (Version: 6.2.9805.10 - Microsoft Corporation) Convertilla 0.7 (HKLM-x32\...\Convertilla_is1) (Version: 0.7.1.37 - Convertilla) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Direct Key (HKLM-x32\...\{71A234EA-4CBA-46E7-B81D-4C2AF8BCD6E2}) (Version: 1.6.3 - Dell) Dell OS Recovery Tool (HKLM-x32\...\{1d0f6ac3-7e12-43a6-9e10-42f0104b36fb}) (Version: 2.3.6056 - Dell Inc.) Dell OS Recovery Tool (HKLM-x32\...\{683CBC26-004C-41FA-ADBC-81C3FDD2E0F2}) (Version: 2.3.6056.0 - Dell) Hidden Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Electrum (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Electrum) (Version: 4.1.4 - Electrum Technologies GmbH) ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - ) FIFA 18 (HKLM-x32\...\{213CC10A-B8CB-4EBA-B277-6B08B7C22A65}) (Version: 1.0.57.57320 - Electronic Arts) FIFA 20 (HKLM-x32\...\{9EC414D8-8C49-4310-BCC7-C72AB0776F4C}) (Version: 1.0.66.8249 - Electronic Arts) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 50.0.11.0 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden Icecream Screen Recorder version 6.21 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 6.21 - Icecream Apps) iCloud Outlook (HKLM\...\{696A65CA-2720-4D0D-A255-78123E9AC856}) (Version: 11.2.0.18 - Apple Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel(R) Corporation) Hidden Intel(R) Computing Improvement Program (HKLM\...\{85B6BF0F-EF1B-4F0F-892D-E68BD798950C}) (Version: 2.4.04669 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.6.60 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{3fa11c9d-9f7f-4020-bcef-dbf9c9fe309f}) (Version: 20.7.26.7 - Intel) Intel® Driver & Support Assistant (HKLM-x32\...\{41112465-3c4f-42bb-9a61-39f7f509f8f8}) (Version: 20.4.17.5 - Intel) Intel® Driver & Support Assistant (HKLM-x32\...\{6f8c45f4-0319-451f-a65b-8efccc93e4db}) (Version: 20.8.30.5 - Intel) iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.) Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version: - Electronic Arts) Madden NFL 20 (HKLM-x32\...\{1f42e79a-26a2-4462-9254-fdc0b56f1443}) (Version: 1.0.53.61468 - Electronic Arts) Madden NFL 21 (HKLM-x32\...\{01022C15-AD1D-4808-8137-16CB9ADB6530}) (Version: 1.0.56.40921 - Electronic Arts) Madden NFL 22 (HKLM-x32\...\{02CDEE4B-868F-429E-80F8-48C204727DF4}) (Version: 1.0.59.14349 - Electronic Arts) Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.78 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.78 - Microsoft Corporation) Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft Power Query for Excel (HKLM-x32\...\{188A72BC-39E4-4FFE-923A-31C5A7647350}) (Version: 2.50.4859.281 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation) Microsoft Virtual Machine Converter (HKLM\...\{332C1E78-1D2F-4A64-B718-68095DC6254B}) (Version: 3.1.0.0 - Microsoft Corporation) Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{85317F07-8719-36EF-B19E-B196F383D0F3}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.2 (x64 en-US)) (Version: 91.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla) Neon 2.2.1 (only current user) (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\211a501f-25dd-501b-8c98-509ac17aedfa) (Version: 2.2.1 - Ethan Fast) NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation) NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation) NVIDIA Graphics Driver 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC) PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden PuTTY release 0.73 (64-bit) (HKLM\...\{44F7642C-AB7E-4468-B028-E8D08A0CBB0E}) (Version: 0.73.0.0 - Simon Tatham) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden STAR WARS Jedi - Fallen Order™ (HKLM-x32\...\{D00A89F1-2D8C-4589-B1D1-73A6544E3B1F}) (Version: 1.0.9.0 - Electronic Arts, Inc.) STAR WARS Jedi: Fallen Order™ Deluxe Upgrade (HKLM-x32\...\{D00A89F1-2D8C-4589-B1D1-73A6544E3B1F}_SWJFODeluxe) (Version: 1.0.0.0 - Electronic Arts, Inc.) StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft) UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden Virtualdub FFMpeg Input Plugin (HKLM-x32\...\{F26A7CD7-C187-45DB-A790-C1C103A03C2F}_is1) (Version: 1.9.0.4 - Karl Pritchett) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) WD Backup (HKLM-x32\...\{2d518703-86c4-46c8-99c1-f3789dd3ecd0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc.) WD Backup (HKLM-x32\...\{5491B486-8812-4202-AB8C-865AB636ACF0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc) Hidden WD Desktop App 2.1.0.322 (HKLM-x32\...\{9478cae3-730b-4ffe-b22b-ae8b7787f5d5}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden WD Desktop App 2.1.0.322 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.336 - Western Digital Technologies, Inc.) WD Drive Utilities (HKLM-x32\...\{3CF15262-0E5C-4BFE-AA93-D611E8F18D71}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden WD Drive Utilities (HKLM-x32\...\{f7fe19a0-12b9-4318-95fd-0579f21114f0}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{4EA8640B-DEB6-478F-BDAC-F4BCBEEFAFAB}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden WD SmartWare (HKLM\...\{798354C0-D5F2-4A43-ADEE-3DA9B1725ECC}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{5be946d0-7ba1-41b6-808a-0e7f2b7cb4a8}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA) WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH) x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - ) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Packages: ========= Dropbox for S mode -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.4.0_x64__xbfy0k16fey96 [2020-08-03] (Dropbox Inc.) HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_1.0.41531.0_x64__8wekyb3d8bbwe [2021-06-30] (Microsoft Corporation) iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-08-19] (Apple Inc.) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-24] (NVIDIA Corp.) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-16] (Microsoft Corporation) Xbox Accessories -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_300.2107.16004.0_x64__8wekyb3d8bbwe [2021-08-13] (Microsoft Corporation) Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-08-21] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-413578968-4127535815-2662069183-1116_Classes\CLSID\{6E880369-27C7-43B7-BF91-C9F9E18A2870} -> [iCloud Drive] => C:\Users\mikem\iCloudDrive [2020-07-23 04:29] SSODL: WDFSMountNotificator-wdfsconnect2017 - {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed] SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed] ShellServiceObjects: Virtual Storage Mount Notification -> {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed] ShellServiceObjects-x32: Virtual Storage Mount Notification -> {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed] ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) ContextMenuHandlers1: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-25] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.) ContextMenuHandlers4: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-25] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed] ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-09-29] () [File not signed] HKLM\...\Drivers32: [vidc.x264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed] HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=celnaknmndcdcjcagffhbhciignkeokb ShortcutWithArgument: C:\Users\mikem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= 2009-07-13 20:20 - 2009-07-13 20:40 - 000267776 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNBLM4.DLL 2018-10-29 17:33 - 2009-07-13 20:40 - 000084992 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\CNBPP4.DLL 2018-05-23 11:02 - 2018-05-23 11:02 - 001006080 ____R (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files (x86)\Western Digital\WD SmartWare\System.Data.SQLite.dll 2021-08-04 10:25 - 2020-05-06 14:53 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll 2021-08-04 10:25 - 2020-05-06 14:54 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll 2021-08-04 10:25 - 2020-05-06 14:53 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2021-08-04 10:25 - 2020-05-06 14:54 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll 2021-08-04 10:25 - 2020-05-06 14:54 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll 2021-08-04 10:25 - 2020-05-06 14:54 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll 2021-08-04 10:25 - 2020-05-06 14:54 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2021-08-04 10:25 - 2020-05-06 14:54 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2021-08-04 10:25 - 2020-05-06 14:54 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll 2019-12-10 17:33 - 2019-09-23 22:51 - 000261632 _____ (www.startisback.com) [File not signed] C:\OldNewExplorer\OldNewExplorer64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => scrfile ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-3200273941-2670340362-4195434088-1005 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed] BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\OldNewExplorer\OldNewExplorer32.dll [2019-09-23] (www.startisback.com) [File not signed] (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.microsoft.com -> hxxp://download.microsoft.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\microsoft.com -> hxxp://ntservicepack.microsoft.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\update.microsoft.com -> hxxp://update.microsoft.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\update.microsoft.com -> hxxps://update.microsoft.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windows.com -> hxxp://wustat.windows.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.com -> hxxp://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.com -> hxxps://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ws.microsoft.com -> hxxp://ws.microsoft.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ws.microsoft.com -> hxxps://ws.microsoft.com IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\wustat.windows.com -> hxxp://wustat.windows.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2021-08-26 21:16 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts 2020-05-04 19:44 - 2021-08-27 20:20 - 000000495 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.19.48.1 MPMM1.mshome.net # 2026 8 4 27 1 20 25 512 10.125 unbuntu.mshome.net # 2020 5 2 12 4 14 44 897 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\RogueKiller;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Users\mikem\AppData\Roaming\npm;C:\adb;C:\android-studio;C:\platform-tools;C:\Program Files (x86)\NVIDIA Corporation\DDS Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ HKU\S-1-5-21-3200273941-2670340362-4195434088-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Control Panel\Desktop\\Wallpaper -> H:\H Seagate\Dell\Win7 Chrome 1920x1200.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: BDESVC => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: CertPropSvc => 3 MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2 MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2 MSCONFIG\Services: COMSysApp => 3 MSCONFIG\Services: CVPND => 2 MSCONFIG\Services: Dell Hardware Support => 3 MSCONFIG\Services: DellClientManagementService => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: PCPrintProvider => 3 MSCONFIG\Services: RtkAudioService => 2 MSCONFIG\Services: ss_conn_service => 3 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: WsAppService => 3 MSCONFIG\Services: WsAppService3 => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScpToolkit Tray Notifications.lnk => C:\Windows\pss\ScpToolkit Tray Notifications.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 7.0 => MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: Chromium => MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 MSCONFIG\startupreg: IgfxTray => MSCONFIG\startupreg: iTunesHelper => MSCONFIG\startupreg: Persistence => MSCONFIG\startupreg: Wargaming.net Game Center => HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "Onboard" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run32: => "WDDiscovery" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\StartupFolder: => "DS4Windows.lnk" HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\Run: => "GoogleDriveFS" HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\Run: => "CiscoMeetingDaemon" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 24-08-2021 05:42:52 Removed Windows Live ID Sign-in Assistant 26-08-2021 06:17:40 AdwCleaner_BeforeCleaning_26/08/2021_06:17:21 26-08-2021 19:42:57 AdwCleaner_BeforeCleaning_26/08/2021_19:42:56 26-08-2021 20:29:26 AdwCleaner_BeforeCleaning_26/08/2021_20:29:18 27-08-2021 05:10:20 Removed Avast Update Helper ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/27/2021 08:18:39 PM) (Source: MSMQ) (EventID: 2199) (User: ) Description: Message Queuing Service failed to listen on both IPv4 and IPv6 protocol. Messages will not be accepted from the network through TCP/IP protocols. Messages addressed to this machine using TCP/IP protocols will not arrive but will accumulate in sender's outgoing queues. Please fix the TCP/IP protocols issue and restart the computer. Error: (08/27/2021 08:18:39 PM) (Source: MSMQ) (EventID: 2170) (User: ) Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again. Error: (08/27/2021 08:18:39 PM) (Source: MSMQ) (EventID: 2170) (User: ) Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again. Error: (08/27/2021 08:07:54 PM) (Source: MsiInstaller) (EventID: 11316) (User: MCL) Description: Product: Dell SupportAssist -- Error 1316. The specified account already exists. Error: (08/27/2021 06:06:14 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname MPMM1.local already in use; will try MPMM1-2.local instead Error: (08/27/2021 06:06:14 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 MPMM1.local. Addr 192.168.1.90 Error: (08/27/2021 06:06:14 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.90:5353 16 MPMM1.local. AAAA 2600:1700:4050:DEA0:0000:0000:0000:0049 Error: (08/27/2021 05:46:00 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY) Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126). System errors: ============= Error: (08/27/2021 08:19:18 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain MCL due to the following: We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed in on this device with another credential, you can sign in with that credential. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (08/27/2021 08:17:18 PM) (Source: DCOM) (EventID: 10005) (User: MCL) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/27/2021 08:17:15 PM) (Source: DCOM) (EventID: 10005) (User: MCL) Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess Error: (08/27/2021 08:16:59 PM) (Source: DCOM) (EventID: 10005) (User: MCL) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/27/2021 08:15:57 PM) (Source: DCOM) (EventID: 10005) (User: MCL) Description: DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} Error: (08/27/2021 08:15:38 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (08/27/2021 08:15:08 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (08/27/2021 08:14:58 PM) (Source: DCOM) (EventID: 10005) (User: MCL) Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} Windows Defender: ================ Date: 2021-08-26 15:13:31 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-26 15:07:41 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-26 14:28:03 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-26 04:05:32 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-25 23:07:53 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-27 20:10:44 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2021-08-27 05:55:36 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2021-08-26 20:53:11 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.347.484.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18400.5 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2021-08-26 20:42:52 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =============== Date: 2021-08-27 14:42:19 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\OldNewExplorer\OldNewExplorer64.dll that did not meet the Microsoft signing level requirements. Date: 2021-08-27 02:19:12 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\OldNewExplorer\OldNewExplorer64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2021-08-26 21:27:54 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\OldNewExplorer\OldNewExplorer64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. A11 05/07/2019 Motherboard: Dell Inc. 088DT1 Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 23% Total physical RAM: 16334.93 MB Available physical RAM: 12420.16 MB Total Virtual: 32718.93 MB Available Virtual: 27265.97 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:911.69 GB) (Free:370.5 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:19.78 GB) (Free:8.65 GB) NTFS ==>[system with boot components (obtained from drive)] Drive h: (MPMM SDD Drive 1TB) (Fixed) (Total:931.51 GB) (Free:498.72 GB) NTFS Drive j: (MPMM SDD Drive 2TB) (Fixed) (Total:1862.98 GB) (Free:1860.8 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 90CAB908) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=19.8 GB) - (Type=27) Partition 3: (Not Active) - (Size=911.7 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 184C4081) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (Size: 1863 GB) (Disk ID: 7140C96E) Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================