Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2023 Ran by William (17-09-2023 16:26:06) Running from C:\Users\William\Downloads Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2020-11-26 05:33:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1711854232-1882592926-4052355929-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1711854232-1882592926-4052355929-503 - Limited - Disabled) Guest (S-1-5-21-1711854232-1882592926-4052355929-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1711854232-1882592926-4052355929-1003 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-1711854232-1882592926-4052355929-504 - Limited - Disabled) William (S-1-5-21-1711854232-1882592926-4052355929-1001 - Administrator - Enabled) => C:\Users\William ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) 7-Zip 23.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2301-000001000000}) (Version: 23.01.00.0 - Igor Pavlov) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20320 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 115.0.21984.172 - AVG Technologies) AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1582.3 - AVG Technologies) Hidden Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP) Cisco Webex Meetings (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\ActiveTouchMeetingClient) (Version: - Cisco Webex LLC) CyberLink LabelPrint 2.5 (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.0.2812 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink Power2Go 7 (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3328 - CyberLink Corp.) Hidden CyberLink YouCam 3.1 (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.) Docs (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\1e192546347597bfc2899c3fc38fdb56) (Version: 1.0 - Google\Chrome) Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 7.00 - NCH Software) DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 8.41 - NCH Software) Gmail (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\185f07d34fed1d86dcd1db716d7460af) (Version: 1.0 - Google\Chrome) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.97 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 80.0.1.0 - Google LLC) Google Drive (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\f3d9d4f8c49062e12d9ee659f6d3c1d1) (Version: 1.0 - Google\Chrome) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{96714280-14E6-4DF7-BACD-F797C0F17C3D}) (Version: 12.8.2.1000 - Intel Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{0e6a18a2-ea36-4041-9f69-0b2cc3f04f88}) (Version: 20.10.1 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{077F1F4E-3AFF-454E-9B6B-5967DD92FC0D}) (Version: 20.10.1.1209 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (HKLM\...\{B5E06417-A4AC-4225-B36E-7E34C91616E7}) (Version: 1.31.8.1 - Intel Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.62 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.62 - Microsoft Corporation) Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\OneDriveSetup.exe) (Version: 23.158.0730.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29325 (HKLM\...\{26AF0C35-55EC-4025-8D83-349E8FB1419F}) (Version: 14.28.29325 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29325 (HKLM\...\{7D0362D5-C699-4403-BC09-0C1DAD1D93AB}) (Version: 14.28.29325 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29325 (HKLM-x32\...\{B40FC85D-2B12-46E0-B950-E5B27E348793}) (Version: 14.28.29325 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29325 (HKLM-x32\...\{EE2E15BB-54C8-4DB0-B1F3-026E3C166991}) (Version: 14.28.29325 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 117.0.1 (x64 en-US)) (Version: 117.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) Nexus Root Toolkit (HKLM-x32\...\Nexus Root Toolkit) (Version: 2.1.9 - WugFresh) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden PDF-XChange Editor (HKLM\...\{9BD82FF0-5048-4EC8-B4D5-47E8FA90FF26}) (Version: 9.3.361.0 - Tracker Software Products (Canada) Ltd.) Hidden PDF-XChange Editor (HKLM-x32\...\{e080e406-b759-4337-a2dd-924db2f2e535}) (Version: 9.3.361.0 - Tracker Software Products (Canada) Ltd.) PDF-XChange PRO (HKLM\...\{D8E9A478-426F-46F2-9ED6-B1EA6237D407}) (Version: 9.4.364.0 - Tracker Software Products (Canada) Ltd.) Hidden PDF-XChange PRO (HKLM-x32\...\{cd0ba26f-1cfc-4130-a6cc-26c1df876fc1}) (Version: 9.4.364.0 - Tracker Software Products (Canada) Ltd.) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 11.06 - NCH Software) Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 10.63 - NCH Software) ProtonVPN (HKLM-x32\...\{452898A5-72C6-4C7A-91A7-AD9DE65E8187}) (Version: 1.27.2 - Proton Technologies AG) Hidden ProtonVPN (HKLM-x32\...\ProtonVPN 1.27.2) (Version: 1.27.2 - Proton Technologies AG) ProtonVPNTap (HKLM-x32\...\{5DA710E2-1B81-4675-BFC5-76BAF63AE1F6}) (Version: 1.1.3 - Proton Technologies AG) ProtonVPNTun (HKLM-x32\...\{C953D354-0C14-4CB5-AB42-0A9E40F55857}) (Version: 0.13.0 - Proton Technologies AG) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Sheets (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\1cbfa97b8ed4e40711a475bc7eefb93c) (Version: 1.0 - Google\Chrome) Slides (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\e888aec75da0f529fc5ff3aa5bbc78fc) (Version: 1.0 - Google\Chrome) Snagit 13 (HKLM-x32\...\{2D2045B7-AF91-409C-87F6-99E263CDC13F}) (Version: 13.0.3 - TechSmith Corporation) Hidden Snagit 13 (HKLM-x32\...\{5acd453a-fa98-417a-b893-31468cbdd0e5}) (Version: 13.0.3.7115 - TechSmith Corporation) Snagit 2020 (HKLM\...\{38DFC83A-CA30-4106-A48A-E54196B8E358}) (Version: 20.1.4 - TechSmith Corporation) Hidden Snagit 2020 (HKLM-x32\...\{2a7bec94-c903-4082-83dd-b42c7a165ae7}) (Version: 20.1.4.6413 - TechSmith Corporation) StudioTax 2016 (HKLM-x32\...\{5836A7F5-E154-4BC5-8EAE-1E30B777C65D}) (Version: 12.0.8.0 - BHOK IT Consulting) StudioTax 2017 (HKLM-x32\...\{5AA5E802-71E0-4CC8-AE2D-078EF5889E87}) (Version: 13.0.3.2 - BHOK IT Consulting) StudioTax 2018 (HKLM-x32\...\{C69653C3-7C21-4147-8E26-4EB19FDE7B29}) (Version: 14.0.2.0 - BHOK IT Consulting) StudioTax 2019 (HKLM-x32\...\{53E5269B-F4DE-4737-B62E-7064D06E49CB}) (Version: 15.0.2.0 - BHOK IT Consulting) StudioTax 2020 (HKLM\...\{D9739833-42AE-4D17-AA8A-CC82A34D29A0}) (Version: 16.0.5.0 - BHOK IT Consulting Inc.) StudioTax 2021 (HKLM\...\{740E6098-694F-47BF-A833-72632163A46F}) (Version: 17.0.1.0 - BHOK IT Consulting Inc.) StudioTax 2022 (HKLM\...\{D71700D9-0E13-4BDC-ADBD-559844BEC7B0}) (Version: 18.0.2.0 - BHOK IT Consulting Inc.) True Color (HKLM\...\{B7FB6426-C506-4F83-806A-F65B263FF03B}) (Version: 2.0.0.1 - Entertainment Experience LLC) Hidden True Color (HKLM-x32\...\{f8476c72-fe9e-4c04-a537-40a60257e57d}) (Version: 2.0.0.1 - Entertainment Experience) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden UsbDk Runtime Libraries (HKLM\...\{6D4A6ED0-CF41-4615-A4B3-BDA018C3C1CD}) (Version: 1.0.22 - Red Hat, Inc.) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation) Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech) Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\F99E6C5A14B5EBAB27FDFE2637878DF8208069E7) (Version: 05/12/2014 2.10.00 - Ross-Tech) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) WPS Office (11.2.0.11537) (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\Kingsoft Office) (Version: 11.2.0.11537 - Kingsoft Corp.) YouTube (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\c81779a9358e06cec6049b23238c14f0) (Version: 1.0 - Google\Chrome) Zoom (HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\ZoomUMX) (Version: 5.13.3 (11494) - Zoom Video Communications, Inc.) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-15] (Microsoft Corporation) Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2022-09-10] (Flipboard) Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad] MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2022-09-10] (Microsoft Corporation) [MS Ad] MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2022-09-10] (Microsoft Corporation) [MS Ad] MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2022-09-10] (Microsoft Corporation) [MS Ad] Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-09-11] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-09-11] (Microsoft Corporation) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-31] (Microsoft Studios) [MS Ad] Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-13] (Twitter Inc.) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2334.2.0_x64__cv1g1gvanyjgm [2023-08-31] (WhatsApp Inc.) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1711854232-1882592926-4052355929-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\William\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-1711854232-1882592926-4052355929-1001_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\William\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-1711854232-1882592926-4052355929-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (Proton Technologies AG -> ) ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-17] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-17] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-17] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-17] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-17] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2021-12-30] () [File not signed] ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google) ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation -> TechSmith Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-17] (Google LLC -> Google, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-04-06] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation -> TechSmith Corporation) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-17] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2021-12-30] () [File not signed] ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-04-06] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers1_S-1-5-21-1711854232-1882592926-4052355929-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\William\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\kwpsmenushellext64.dll [2023-07-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ContextMenuHandlers4_S-1-5-21-1711854232-1882592926-4052355929-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\William\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\kwpsmenushellext64.dll [2023-07-30] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\William\Contacts\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat () ==================== Loaded Modules (Whitelisted) ============= 2018-03-19 14:44 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2018-03-19 14:44 - 2017-11-07 20:55 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2019-02-24 16:07 - 2017-08-18 12:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2018-03-19 14:44 - 2017-08-18 12:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2018-03-19 14:44 - 2017-11-07 21:04 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll 2019-02-24 16:07 - 2017-11-07 20:55 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll 2021-12-30 22:42 - 2021-12-30 22:42 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 001874432 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\cairo.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000790528 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\fontconfig.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 001041920 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\harfbuzz-vs14.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000060928 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\iconv.dll 2018-12-11 15:09 - 2018-12-11 15:09 - 000790016 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libhpdf.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000257536 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libpng16.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 001294336 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libxml2.dll 2019-07-01 16:23 - 2019-07-01 16:23 - 016857600 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\opencv_core410.dll 2019-07-01 16:23 - 2019-07-01 16:23 - 046091264 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\opencv_imgproc410.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000086528 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\zlib1.dll 2018-03-19 14:44 - 2005-04-22 00:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll 2013-12-24 16:02 - 2013-12-24 16:02 - 000466944 _____ () [File not signed] C:\WINDOWS\system32\DPPPlugin.dll 2022-07-20 09:13 - 2022-05-10 14:39 - 000385024 _____ (Apowersoft) [File not signed] [File is in use] C:\Users\William\AppData\Roaming\LightPDF\LightPDF Editor\WXPdfAddIn_X64.dll 2018-03-19 14:44 - 2013-06-12 20:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2018-03-19 14:44 - 2010-09-29 18:07 - 000180224 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll 2018-03-19 14:44 - 2011-02-28 12:32 - 000208896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2018-03-19 14:44 - 2013-10-10 22:55 - 002040320 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2018-03-19 14:44 - 2013-03-08 02:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000088576 _____ (Free Software Foundation) [File not signed] C:\Program Files\TechSmith\Snagit 2020\intl.dll 2016-01-08 13:28 - 2016-01-08 13:28 - 000356352 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Program Files\TechSmith\Snagit 2020\libhunspell.dll 2023-06-20 13:00 - 2023-06-20 13:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2013-08-31 00:18 - 2013-08-31 00:18 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll 2013-08-31 00:18 - 2013-08-31 00:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 000649552 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\lfCmpX.DLL 2020-01-29 10:16 - 2020-01-29 10:16 - 000175952 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\lfFaxX.DLL 2020-01-29 10:16 - 2020-01-29 10:16 - 000284496 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\lfPngX.DLL 2020-01-29 10:16 - 2020-01-29 10:16 - 000289616 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\lfTifX.DLL 2020-01-29 10:16 - 2020-01-29 10:16 - 000470352 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltdisx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 000441680 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltefxx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 000588112 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltfilx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 000374608 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltimgclrx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 001983312 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltimgcorx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 000319312 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltimgefxx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 000439120 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltimgutlx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 001515344 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltkrnx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 000091472 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltthunkutlx.dll 2020-01-29 10:16 - 2020-01-29 10:16 - 000341840 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Lttwnx.dll 2020-04-09 21:02 - 2020-04-09 21:02 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2020-04-09 21:02 - 2020-04-09 21:02 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000291840 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pango-1.0.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000578560 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangocairo-1.0.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000605184 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangoft2-1.0.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000064512 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangowin32-1.0.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 001338368 _____ (The GLib developer community) [File not signed] C:\Program Files\TechSmith\Snagit 2020\glib-2.0.dll 2018-08-14 14:49 - 2018-08-14 14:49 - 000284160 _____ (The GLib developer community) [File not signed] C:\Program Files\TechSmith\Snagit 2020\gobject-2.0.dll 2022-10-16 13:13 - 2017-09-14 02:46 - 001012224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\platforms\qwindows.dll 2022-10-16 13:13 - 2022-06-29 22:45 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Core.dll 2022-10-16 13:13 - 2022-06-29 22:45 - 005032960 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Gui.dll 2022-10-16 13:13 - 2022-06-29 22:45 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Network.dll 2022-10-16 13:13 - 2022-06-29 22:45 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Widgets.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKU\S-1-5-21-1711854232-1882592926-4052355929-1001 -> DefaultScope {A6277F2C-FCD5-43EE-911D-5FD7B54EBB5F} URL = SearchScopes: HKU\S-1-5-21-1711854232-1882592926-4052355929-1001 -> {A6277F2C-FCD5-43EE-911D-5FD7B54EBB5F} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-08] (Microsoft Corporation -> Microsoft Corporation) BHO: PDF-XChange IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-08] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: PDF-XChange IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x86.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) Toolbar: HKLM - PDF-XChange IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) Toolbar: HKLM-x32 - PDF-XChange IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x86.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2023-09-17 15:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\ HKCU\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\WINDOWS\System32\OpenSSH\;C:\Users\William\AppData\Local\Microsoft\WindowsApps HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\William\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg DNS Servers: 192.168.2.1 - 207.164.234.129 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "Snagit 13.lnk" HKLM\...\StartupApproved\StartupFolder: => "WSAppHelper.lnk" HKLM\...\StartupApproved\StartupFolder: => "WSAndroidAppHelper.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "TrueColor UI" HKLM\...\StartupApproved\Run32: => "CLMLServer" HKLM\...\StartupApproved\Run32: => "YouCam Mirage" HKLM\...\StartupApproved\Run32: => "YouCam Tray" HKLM\...\StartupApproved\Run32: => "PDFHook" HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller" HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\StartupApproved\StartupFolder: => "RT-Updater.lnk" HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\StartupApproved\Run: => "GoogleDriveFS" HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_EE213862BE90D094A66B18E1372843D4" HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\StartupApproved\Run: => "Tone" HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\StartupApproved\Run: => "ISUSPM" HKU\S-1-5-21-1711854232-1882592926-4052355929-1001\...\StartupApproved\Run: => "ProtonVPN" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{756A12DC-84BF-47FC-89FE-B51B69C93668}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{2C68A291-AAA4-4964-8C81-36E616B64F1F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{B8F70562-21DE-4F7B-B740-37513EBEA2ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{919BD8AB-F894-4BD2-A4CA-7148007CE71F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{C816C29B-8E42-42B1-AD56-6C47E1A47B19}] => (Allow) LPort=8299 FirewallRules: [UDP Query User{5D0A1821-89D4-4499-B02B-239BA125CCB4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{06588CD9-28A6-4C4C-9DA9-FF698EE3897B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{82FC8D66-EA0A-4D1A-9370-ABAF13988C64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8E9F455B-0473-4764-A558-9C1DC144B4E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BB5CB00E-FF29-472E-96D3-0B6C9BC50449}] => (Allow) LPort=54925 FirewallRules: [{D24E1EB9-F9E5-4FCE-BB6E-70D3DA2428DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{17D12B6E-2F20-41AF-99D1-5DDD4EDF54C0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1A3F212F-C367-4A90-AB82-2C3AD1C9B058}] => (Allow) C:\Users\William\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{C615E174-677A-49E2-8C69-6F244B153DBD}] => (Allow) C:\Users\William\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{9C4E4499-5637-479A-8803-50A0EE296A92}] => (Allow) C:\Users\William\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{2D0EA50D-5ED9-47E1-9BE6-9F6283659BBE}] => (Allow) LPort=8298 FirewallRules: [TCP Query User{3849C3A7-E60C-48FB-99A1-48CAD21CD275}C:\users\william\appdata\roaming\tone\tone.exe] => (Block) C:\users\william\appdata\roaming\tone\tone.exe => No File FirewallRules: [UDP Query User{BD5991F2-DEAC-4756-AA0B-820D2D58B512}C:\users\william\appdata\roaming\tone\tone.exe] => (Block) C:\users\william\appdata\roaming\tone\tone.exe => No File FirewallRules: [TCP Query User{F2DD0299-728F-4795-9F11-B1D5B8FE2A07}C:\users\william\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\william\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [UDP Query User{908C7EF1-ECF9-4898-832E-0D19FA3A2727}C:\users\william\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\william\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{2DBA9A6C-BD97-4F71-9F92-FAE1D7FC73EA}] => (Allow) C:\Program Files (x86)\LightPDF\LightPDF Editor\{app}\ServiceModule\Apowersoft.CoreServices.exe => No File FirewallRules: [{1E76F949-7042-4935-A6A6-0849F88D2417}] => (Allow) C:\Program Files (x86)\LightPDF\LightPDF Editor\{app}\ServiceModule\Apowersoft.CoreServices.exe => No File FirewallRules: [{C08898D1-9E44-4C99-97B6-624E6D4CFA24}] => (Allow) C:\Program Files (x86)\iMobie\DroidKit\xldownload\download\MiniThunderPlatform.exe => No File FirewallRules: [{BEF2E8F3-6041-4256-8884-56B016A73C8D}] => (Allow) C:\Program Files (x86)\iMobie\DroidKit\xldownload\download\MiniThunderPlatform.exe => No File FirewallRules: [TCP Query User{968D1ABF-07B4-4A15-9F14-A90C37D2F7E4}C:\xiaomi\xiaomitool2\bin\javaw.exe] => (Allow) C:\xiaomi\xiaomitool2\bin\javaw.exe => No File FirewallRules: [UDP Query User{2DA76F91-055C-433F-AE85-51146C0B8846}C:\xiaomi\xiaomitool2\bin\javaw.exe] => (Allow) C:\xiaomi\xiaomitool2\bin\javaw.exe => No File FirewallRules: [TCP Query User{DD12EA5C-8683-4913-9E86-CC6D00BC871F}C:\ww\xiaomi\xiaomitool2\bin\javaw.exe] => (Allow) C:\ww\xiaomi\xiaomitool2\bin\javaw.exe FirewallRules: [UDP Query User{D4A13AB3-C624-4311-B09A-4DAB9CCDFB7B}C:\ww\xiaomi\xiaomitool2\bin\javaw.exe] => (Allow) C:\ww\xiaomi\xiaomitool2\bin\javaw.exe FirewallRules: [{D65173CC-9F92-43CB-A5D1-A9A1EE462C39}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CC578BCE-E259-4545-B4BD-9AA6DAE3524D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C94B5361-8FD2-46DB-BBA2-F9DEB3FEA94F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C95CFA87-44AD-41EB-A241-0F1E9915474E}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, LLC -> AVG Technologies) FirewallRules: [{E111CD02-ECB6-49D0-881F-9DBACC6CB909}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{4B867AD2-86DD-4927-BA90-759AB9ADD887}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{60D526FC-EF3B-404E-ACEF-76456B498C9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{04B81578-0CA7-4A9E-BB7F-D06924AD5ECB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{54074208-8E25-434E-BC58-D3CAE7B414C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CD12C13E-FD39-4FA3-877B-CD3D2483665A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Restore Points ========================= 31-08-2023 10:37:41 Windows Modules Installer 31-08-2023 11:04:04 Windows Modules Installer 17-09-2023 12:32:39 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (09/17/2023 03:29:59 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY) Description: Product: Office 16 Click-to-Run Extensibility Component -- Error 1704. An installation for Adobe Acrobat (64-bit) is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error: (09/17/2023 03:12:16 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (09/17/2023 02:13:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: StoreExperienceHost.exe, version: 0.0.0.0, time stamp: 0x64de7f76 Faulting module name: KERNELBASE.dll, version: 10.0.19041.3155, time stamp: 0xbf300201 Exception code: 0xc0000409 Fault offset: 0x000000000012d8b2 Faulting process id: 0x1ee4 Faulting application start time: 0x01d9e992aa4abeb3 Faulting application path: C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22307.1401.6.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 9c389934-b6f5-4590-88cf-e871d128f0d1 Faulting package full name: Microsoft.StorePurchaseApp_22307.1401.6.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (09/17/2023 01:21:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SecHealthUI.exe version 10.0.19041.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 37f8 Start Time: 01d9e98b26529c40 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe Report Id: 2950a2ef-d023-4c43-ae52-a5693e1eb84d Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy Faulting package-relative application ID: SecHealthUI Hang type: Cross-thread Error: (09/17/2023 01:16:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchApp.exe version 10.0.19041.3155 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1e50 Start Time: 01d9e98a2c0a5e9e Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Report Id: 74ebf92d-6cb4-4c59-8e4c-d94a442e632f Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (09/17/2023 01:04:05 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/17/2023 01:01:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 116.0.3.8627 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 30c0 Start Time: 01d9e9867b6d5c28 Termination Time: 4294967295 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 6e14a938-56d7-4408-ae2b-b8023f34a9b5 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (09/17/2023 01:01:51 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. System errors: ============= Error: (09/17/2023 03:26:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.23080.2006). Error: (09/17/2023 03:23:59 PM) (Source: DCOM) (EventID: 10005) (User: WISC) Description: DCOM got error "1053" attempting to start the service defragsvc with arguments "Unavailable" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34} Error: (09/17/2023 03:23:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Optimize drives service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/17/2023 03:23:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Optimize drives service to connect. Error: (09/17/2023 03:23:31 PM) (Source: DCOM) (EventID: 10010) (User: WISC) Description: The server 5319275A.WhatsAppDesktop_2.2334.2.0_x64__cv1g1gvanyjgm!App.AppXagyrmpyx1bhhy2gjpvcnfecxpg298mss.mca did not register with DCOM within the required timeout. Error: (09/17/2023 03:23:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Intel(R) Management and Security Application Local Management Service service hung on starting. Error: (09/17/2023 03:19:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (09/17/2023 03:18:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The ‪Microsoft Office Click-to-Run Service‬ service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Windows Defender: ================ Date: 2023-09-17 13:27:58 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2023-09-17 13:27:31 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2023-09-17 13:26:37 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2023-08-22 17:21:38 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-08-21 16:45:03 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2023-09-17 15:26:47 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.397.1128.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23080.2005 Error code: 0x80070643 Error description: Fatal error during installation. Date: 2023-09-17 14:38:07 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.395.1065.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23070.1005 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-09-17 14:38:07 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.395.1065.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23070.1005 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-09-17 14:38:07 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.395.1065.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23070.1005 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-09-17 14:35:47 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.395.1065.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23070.1005 Error code: 0x80070102 Error description: The wait operation timed out. CodeIntegrity: =============== Date: 2023-09-17 15:12:13 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\TotalAV\wscf.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: Dell Inc. A04 05/09/2014 Motherboard: Dell Inc. 0598GM Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Percentage of memory in use: 79% Total physical RAM: 8072.96 MB Available physical RAM: 1646.32 MB Total Virtual: 17288.96 MB Available Virtual: 8639.55 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:922.4 GB) (Free:586.95 GB) (Model: WDC WD10JPVX-75JC3T0) NTFS \\?\Volume{8846e931-8178-4278-861f-bbfdc53825e8}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.47 GB) NTFS \\?\Volume{74751997-bbd6-4edc-87ad-d35f4ea55dd3}\ () (Fixed) (Total:0.78 GB) (Free:0.3 GB) NTFS \\?\Volume{3638f2e5-d7de-433d-bbb3-2d427c882f85}\ (PBR Image) (Fixed) (Total:6.95 GB) (Free:0.75 GB) NTFS \\?\Volume{28b51dad-6858-47fc-91d3-a8f03ce1fcc9}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: B2F5EDD7) Partition: GPT. ==================== End of Addition.txt =======================