Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-04-2020 Ran by nealfamily (25-04-2020 15:24:29) Running from C:\Users\nealfamily\Desktop\FRST Microsoft Windows 10 Home Version 1909 18363.778 (X86) (2020-04-15 15:55:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2559438547-1515831249-1651957702-500 - Administrator - Enabled) => C:\Users\Administrator channeal (S-1-5-21-2559438547-1515831249-1651957702-1000 - Administrator - Enabled) => C:\Users\channeal DefaultAccount (S-1-5-21-2559438547-1515831249-1651957702-503 - Limited - Disabled) Guest (S-1-5-21-2559438547-1515831249-1651957702-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2559438547-1515831249-1651957702-1002 - Limited - Enabled) nealfamily (S-1-5-21-2559438547-1515831249-1651957702-1004 - Administrator - Enabled) => C:\Users\nealfamily UpdatusUser (S-1-5-21-2559438547-1515831249-1651957702-1003 - Limited - Enabled) => C:\Users\TEMP WDAGUtilityAccount (S-1-5-21-2559438547-1515831249-1651957702-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe) Apple Application Support (32-bit) (HKLM\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{622FD6CC-2678-4164-A6D5-01521E492BDB}) (Version: 13.5.0.20 - Apple Inc.) Apple Software Update (HKLM\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) BlackBox ISO Burner v2.0 (HKLM\...\BlackBox ISO Burner v2.0) (Version: - ) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform) Creative ALchemy (HKLM\...\ALchemy) (Version: 1.45 - Creative Technology Limited) Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited) Creative Console Launcher (HKLM\...\Console Launcher) (Version: 2.61 - Creative Technology Limited) Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited) Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited) Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited) Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited) Dell C1765 Color MFP (HKLM\...\{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.) Hidden Dell C1765 Color MFP (HKLM\...\InstallShield_{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.) Dropbox (HKLM\...\Dropbox) (Version: 95.4.441 - Dropbox, Inc.) Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden Facebook Gameroom 1.22.7235.32722 (HKLM\...\{2867E3AE-18BA-4BCF-8268-F797A401ED86}) (Version: 1.22.7235.32722 - Facebook) Fotor 2.0.3 (HKLM\...\Fotor) (Version: 2.0.3 - Everimaging Co., Ltd.) Ghostery (HKLM\...\Ghostery) (Version: - Ghostery Inc) Google Chrome (HKLM\...\Google Chrome) (Version: 81.0.4044.122 - Google LLC) Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden Greeting Card Factory Deluxe 8.0 (HKLM\...\{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}) (Version: 8.0.2.1 - Nova Development) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iTunes (HKLM\...\{330052B8-4A6E-482E-906C-3AB6A83A6260}) (Version: 12.10.5.12 - Apple Inc.) Macrium Reflect Free Edition (HKLM\...\{94572F25-AB01-4EF7-A1FB-60A35C984F4F}) (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.) Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes) Media Go (HKLM\...\{60CDD65B-61AD-4BE4-BEA8-BB2D15534D4B}) (Version: 3.2.191 - Sony) Media Go Video Playback Engine 2.20.109.05220 (HKLM\...\{B48AA269-C017-875E-AE23-CE1DCEE07626}) (Version: 2.20.109.05220 - Sony) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2559438547-1515831249-1651957702-1004\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Mozilla Firefox 75.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 75.0 (x86 en-GB)) (Version: 75.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0.0.7398 - Mozilla) Mozilla Thunderbird 68.7.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 68.7.0 (x86 en-GB)) (Version: 68.7.0 - Mozilla) NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - ) Nuance PaperPort 14 (HKLM\...\{08BCE67B-6305-4D8A-B749-F381E7E3DDA2}) (Version: 14.5.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.) NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) OpenAL (HKLM\...\OpenAL) (Version: - ) Opera Stable 67.0.3575.137 (HKLM\...\Opera 67.0.3575.137) (Version: 67.0.3575.137 - Opera Software) PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.) PCWinISOBurn (HKLM\...\{FB41FAC0-C8B4-4E24-B657-141E55862F78}) (Version: 1.3.0.0 - ) PDF Candy Desktop version 2.87 (HKLM\...\{9A8B6868-AA65-45DB-B055-18CCC462E6F5}_is1) (Version: 2.87 - Icecream Apps) Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.) Scansoft PDF Professional (HKLM\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1038 - SUPERAntiSpyware.com) Switch Sound File Converter (HKLM\...\Switch) (Version: 5.12 - NCH Software) TomTom Sports Connect (HKLM\...\TomTom Sports Connect) (Version: 3.3.9.0 - TomTom International B.V.) Touro Cloud Backup (HKLM\...\Touro Cloud Backup) (Version: 4.0.0 - Touro Cloud Backup) TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation) Xperia Companion (HKLM\...\{234b8fcc-726f-4746-b00f-f987f4290cb9}) (Version: 2.2.5.0 - Sony) Xperia Companion (HKLM\...\{36B6CE92-327C-485C-A0D3-4460BE30AB7A}) (Version: 2.2.5.0 - Sony) Hidden Xperia Companion Service (HKLM\...\{C530A679-C5D7-48E5-8958-E09E4207AE8B}) (Version: 2.2.5.0 - Sony) Hidden Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) Packages: ========= Dell Document Hub -> C:\Program Files\WindowsApps\DellPrinter.DellDocumentHub_1.7.0.6_x86__nmdn7k89bxsn6 [2020-04-15] (DELL GLOBAL B.V. (SINGAPORE BRANCH)) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-17] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x86__8wekyb3d8bbwe [2020-04-16] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-04-17] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ShellIconOverlayIdentifiers: [04MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MemopalShell] -> {723F4F64-AB80-46AF-9FF3-09D8C46C0746} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MemopalShell] -> {723F4F64-AB80-46AF-9FF3-09D8C46C0746} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-01-31] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2009-10-20 11:13 - 2009-10-20 11:13 - 000147456 _____ ( () [File not signed]) [File is in use ] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll 2017-02-05 21:18 - 2009-03-26 14:46 - 000148480 _____ () [File not signed] C:\WINDOWS\SYSTEM32\APOMngr.DLL 2012-12-05 13:29 - 2012-12-05 13:29 - 004883456 _____ (BCGSoft Ltd) [File not signed] C:\Program Files\Nuance\PaperPort\BCGCBPRO1100u100.dll 2012-12-05 13:29 - 2012-12-05 13:29 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files\Nuance\PaperPort\blicectr.dll 2012-03-13 18:01 - 2012-03-13 18:01 - 000245760 _____ (Dell Inc.) [File not signed] C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1net.dll 2017-06-29 17:27 - 2008-05-22 22:57 - 000020992 _____ (MagicISO, Inc.) [File not signed] C:\Program Files\MagicISO\misosh.dll 2020-04-16 01:12 - 2020-04-16 01:12 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2019-04-23 16:33 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2559438547-1515831249-1651957702-1003\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-2559438547-1515831249-1651957702-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 194.168.4.100 - 194.168.8.100 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{32AD8136-A76E-4742-81DF-B5B56DC7A36B}] => (Allow) C:\Program Files\Opera\67.0.3575.137\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{CAC69192-359D-45D8-ADBA-4714DEA35A9E}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C62DBA68-C388-4160-9D0F-8E7653FDE448}] => (Allow) C:\Program Files\Opera\67.0.3575.115\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{16C884FA-23D5-4F23-B112-4F3F1ED1A68C}] => (Allow) C:\Users\channeal\AppData\Roaming\Zoom\bin\airhost.exe No File FirewallRules: [{1B2113AE-43BF-4D99-A547-E649F1293104}] => (Allow) C:\Users\channeal\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{BF833C06-5791-4FAF-9C2B-808753AA1991}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{3C7223FE-9464-44E3-817E-E86B056E83AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B063D5F6-1839-4747-837A-B9CD9DC17778}] => (Allow) C:\Program Files\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony) FirewallRules: [{25575CB8-A43B-4A19-8FBE-FC25853A715A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{F4C4B9E0-0637-4AF3-8EA9-AC62ED8DE935}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{B42ECC89-D8B9-40A2-B815-0BA854F073E0}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B4F5D869-8772-4EF7-B8BD-C312F222B969}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe No File FirewallRules: [{6F73EBE6-8D3C-4502-93B9-455C0DF00EC2}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe No File FirewallRules: [{1A778C12-1689-4794-8D78-6C94C9AD3BCF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C0A7752C-5BE3-4370-A1D4-8B76C80905A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{53B2E896-6F70-44A9-B389-03EDCE450C61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8623E712-26D6-4B66-A9BD-BCE472267DEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{6A316F54-A462-497C-854E-320040254714}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D525697B-91DE-41E7-92B4-3EE5B593C858}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{D60DB21C-7A64-45EB-AD7A-0AC8955E00CE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 23-04-2020 17:03:05 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/25/2020 03:10:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: NEAL1-DELL) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (04/25/2020 03:04:47 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] System errors: ============= Error: (04/25/2020 03:04:25 PM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (04/25/2020 03:04:24 PM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (04/25/2020 03:04:24 PM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (04/25/2020 03:04:23 PM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. ==================== Memory info =========================== BIOS: Dell Inc. DELL - 7 01/08/2007 Motherboard: Dell Inc. 0FJ030 Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz Percentage of memory in use: 67% Total physical RAM: 3582.16 MB Available physical RAM: 1153.94 MB Total Virtual: 7166.16 MB Available Virtual: 4477.35 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.57 GB) (Free:72.07 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Cloned Files) (Fixed) (Total:65.76 GB) (Free:33.6 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (Data) (Fixed) (Total:400 GB) (Free:267.08 GB) NTFS Drive k: (TOURO Mobile) (Fixed) (Total:931.51 GB) (Free:758.59 GB) NTFS \\?\Volume{3758cd02-0000-0000-0000-402425000000}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: 3758CD02) Partition 1: (Active) - (Size=148.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=453 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 092D3660) Partition 1: (Active) - (Size=65.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=400 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B873C38B) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================