Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01 Ran by Rick (08-05-2024 19:27:45) Running from C:\Users\Rick\Desktop Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) (2020-10-09 19:27:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-256949468-1460428694-2583359438-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-256949468-1460428694-2583359438-503 - Limited - Disabled) Guest (S-1-5-21-256949468-1460428694-2583359438-501 - Limited - Disabled) Rick (S-1-5-21-256949468-1460428694-2583359438-1001 - Administrator - Enabled) => C:\Users\Rick WDAGUtilityAccount (S-1-5-21-256949468-1460428694-2583359438-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 (Disabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0} FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ability Office 8 (HKLM-x32\...\{54DD2B4A-4F4D-4BBC-AC5B-6164A230B844}) (Version: 8.0.4 - Ability Software International) Adobe Flash Player 11 ActiveX (HKLM-x32\...\{01CC2860-A3CD-4D57-98A5-B202CA6B04ED}) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_3) (Version: 21.0.3 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\{4487064C-F31E-4499-A1EF-9B8E809A0358}) (Version: 12.3.5.205 - Adobe, Inc) Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft) AnyToISO (HKLM-x32\...\AnyToISO_is1) (Version: 3.9.6 - CrystalIDEA Software) AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: 7.2.0 - AOMEI International Network Limited.) Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.) Ashampoo Burning Studio 2021 (HKLM-x32\...\{91B33C97-87D2-CBDB-6C78-9844D71F4195}_is1) (Version: 1.22.5 - Ashampoo GmbH & Co. KG) Ashampoo Burning Studio 23 (HKLM-x32\...\{91B33C97-2A56-F111-077E-E591CE9D7DE7}_is1) (Version: 23.0.6 - Ashampoo GmbH & Co. KG) Ashampoo MyAutoplay Menu 1.0.3 (HKLM-x32\...\Ashampoo MyAutoplay Menu_is1) (Version: 1.0.3 - ashampoo GmbH & Co. KG) Ashampoo Photo Card 2 (HKLM-x32\...\{BB339C1F-9669-833A-7A3A-D142D43B14E5}_is1) (Version: 2.0.4 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander 16 (HKLM-x32\...\{0A11EA01-E1E7-DD6F-5734-C2CB5A7F2294}_is1) (Version: 16.3.3 - Ashampoo GmbH & Co. KG) Ashampoo Photo Optimizer 9 (HKLM\...\{91B33C97-A7B5-2D2D-BC10-085C65109B0D}_is1) (Version: 9.4.7 - Ashampoo GmbH & Co. KG) Ashampoo Photo Recovery 2 (HKLM\...\{BB339C1F-657A-6D2A-BD02-EF21B6F35991}_is1) (Version: 2.0.2 - Ashampoo GmbH & Co. KG) Ashampoo Slideshow Studio 2019 (HKLM-x32\...\{91B33C97-4A4D-A9FD-B59A-1256B60F3665}_is1) (Version: 1.4.0 - Ashampoo GmbH & Co. KG) Ashampoo Slideshow Studio HD 4 (HKLM-x32\...\{91B33C97-69A7-95EF-82EA-AAEAA76D338D}_is1) (Version: 4.0.9 - Ashampoo GmbH & Co. KG) Ashampoo Taskbar Customizer (HKLM-x32\...\{4209F371-CC1B-EA14-6D40-A3D423694EFA}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) Ashampoo ZIP 2017 (HKLM-x32\...\{0A11EA01-225E-5505-198C-322DAFAFFA81}_is1) (Version: 2.0.42 - Ashampoo GmbH & Co. KG) Atomic Alarm Clock 6.3 beta (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company) Avanquest Message (HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.14.0 - Avanquest Software) AVS Image Converter 5.5.1 (HKLM-x32\...\AVS Image Converter_is1) (Version: 5.5.1.319 - Online Media Technologies Ltd.) Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.) BLACK WHITE projects 5 (64-Bit) (HKLM\...\SILVER_PROJECTS_5_3_28B15F1D_is1) (Version: 5.52 - Franzis Verlag GmbH) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 124.1.65.126 - Brave Software Inc) Canon Easy-PhotoPrint Editor (HKLM-x32\...\Canon Easy-PhotoPrint Editor) (Version: 1.8.0 - Canon Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.10.2.51 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.0.69 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.) Canon TS9500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS9500_series) (Version: 1.03 - Canon Inc.) Canon TS9500 series On-screen Manual (HKLM-x32\...\Canon TS9500 series On-screen Manual) (Version: 1.2.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 6.23 - Piriform) CODIJY Colorizer Pro (HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\{fb04c211-1a0c-4974-98d6-f784600e16e2}) (Version: 4.2.0 - CODIJY) CODIJY Pro version 3.7.6 (HKLM\...\{26339FAF-FA88-4C47-9E68-D4D3E8C512D9}_is1) (Version: 3.7.6 - CODIJY) Color Calibrator (HKLM-x32\...\{07E4556E-673D-4C68-9AD9-2713520E5651}) (Version: 1.0.3.0 - Acer Incorporated) CutOut 8 (HKLM\...\CutOut 8_is1) (Version: 8 - Franzis.de) CutOut 9 professional (11022020) (HKLM\...\CutOut 9 professional_is1) (Version: 9 - Franzis.de) Design & Print (HKLM-x32\...\Design & Print 5.0.0) (Version: 5.0.0 - Avery Products Corp.) Disk Index (HKLM-x32\...\{5AE0C8EF-DED5-11D7-9A3D-00104BB83147}) (Version: 0.0.0 - Suncross) Dolphin Pod 0.3 (HKLM-x32\...\Dolphin Pod_is1) (Version: - ) Duplicate Photo Cleaner 7 (HKLM\...\{DF4FE8F9-110F-4F20-8F4B-204AAA1A64A5}_is1) (Version: 7.12.0.31 - Webminds, Inc.) DVD-Cloner V12.50 Build 1406 (HKLM-x32\...\DVD-Cloner 2015_is1) (Version: 12.50.0.1406 - OpenCloner Inc.) EasyScan 1.3.0.19103100_EN (HKLM-x32\...\EasyScan) (Version: 1.3.0.19103100_EN - BK) Elements 9 Organizer (HKLM-x32\...\{433EACD8-4747-4A6A-826A-FFA9F39B0D40}) (Version: 9.0 - Adobe Systems Incorporated) Hidden Elements STI Installer (HKLM-x32\...\{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}) (Version: 1.0 - Adobe Systems Incorporated) Hidden Flip PDF (HKLM-x32\...\Flip PDF_is1) (Version: - FlipBuilder Solution) Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2024.2.0.25138 - Foxit Software Inc.) Free FreeCell Solitaire 2020 v5.0 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version: - TreeCardGames) Free Media Player (HKLM-x32\...\Free Media Player) (Version: 2.17.4.3289 - Macgo Inc.) Google Chrome (HKLM\...\{6D2214C9-DA2A-3EC3-81D1-94EE25B705AF}) (Version: 124.0.6367.119 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 90.0.3.0 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden greenstreet PhotoFX2 (HKLM-x32\...\greenstreet PhotoFX2) (Version: - ) HostsMan 4.8.106 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.8.106.0 - abelhadigital.com) Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson) liteCam HD (HKLM-x32\...\{4926737D-839C-430F-805F-28C7EF86A432}) (Version: 4.95.0000 - RSUPPORT) Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.60.495862 - Logitech) Logitech Options (HKLM\...\LogiOptions) (Version: 10.10.58 - Logitech) Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech) Luminar Neo (HKLM\...\Luminar Neo) (Version: 1.14.1.12230 - Skylum) Mahjong Champ (HKLM-x32\...\MahjongChamp) (Version: - ) Media Player 10 (HKLM\...\Media Player 10) (Version: 3.0.8 - MediaPlayer10) Microsoft Edge (HKLM-x32\...\{B1883E54-733D-3CD2-8D3A-EDC3BED71898}) (Version: 124.0.2478.80 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.80 - Microsoft Corporation) Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2010 (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\OneDriveSetup.exe) (Version: 24.076.0414.0005 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden Movavi Photo Noir (HKLM-x32\...\Movavi Photo Noir) (Version: 1.0.1 - Movavi) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 125.0.3 (x64 en-US)) (Version: 125.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 125.0.3 - Mozilla) MyFlipbook 3.0.0 (HKLM-x32\...\{F36526EE-CA9E-4CAC-8D40-C195056A6A25}}_is1) (Version: 3.0.0 - MyFlipbook) NATURE projects (64-Bit) (HKLM\...\NATURE_PROJECTS_1_2_FBC6441D_is1) (Version: 1.18 - Franzis Verlag GmbH) Nero 12 Full Repack (HKLM\...\NMMS12) (Version: - ) neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden Norton 360 (HKLM-x32\...\NGC) (Version: 22.24.3.2 - NortonLifeLock Inc) Npcap OEM (HKLM-x32\...\NpcapInst) (Version: 1.60 - Nmap Project) NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation) NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation) NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden Open DVD Ripper 3.90 Build 518 (HKLM-x32\...\Open DVD Ripper 3_is1) (Version: 3.90.0.518 - OpenCloner Inc.) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden PhotoGlory 1.25 (HKLM-x32\...\{4A49904F-72DF-41D5-9B60-FBCF9F86F8EC}_is1) (Version: 1.25 - AMS Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PSD Viewer (HKLM-x32\...\{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1) (Version: - IdeaMK) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Remo ONE 1.0.0 (HKLM\...\{8DB422C2-D359-49B1-A685-B71DA7358D5C}_is1) (Version: 1.0.0.5 - Remo Software) Remo Repair Word (HKLM-x32\...\{D3A5E63A-5648-48D8-9283-149D9BFE44E9}_is1) (Version: 2.0.0.31 - Remo Software) RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT) RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.04.0000 - RSUPPORT) Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.4.38 - Serif (Europe) Ltd) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Stellar Repair for PowerPoint (HKLM-x32\...\Stellar Repair for PowerPoint_is1) (Version: 4.0.0.0 - Stellar Information Technology Pvt Ltd.) SuperNova Player (HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\TacticsTechnologySuperNova) (Version: - ) TechSmith Screen Capture Codec (HKLM-x32\...\{84FE50F5-B0F3-4D18-8BE8-A4DEEE0C37AD}) (Version: 4.1.1.0 - TechSmith Corporation) Hidden Toolkit (HKLM-x32\...\Toolkit) (Version: 1.28.0.25 - Seagate) Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC) Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC) Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC) Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.1.0 - Topaz Labs, LLC) Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC) Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.3.0 - Topaz Labs, LLC) Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs) Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC) Topaz Glow 2 (HKLM\...\Topaz Glow 2) (Version: 2.0.0 - Topaz Labs, LLC) Topaz Impression 2 (HKLM-x32\...\Topaz Impression 2) (Version: 2.0.5 - Topaz Labs, LLC) Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC) Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC) Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.2.0 - Topaz Labs, LLC) Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation) UPSmart2000R 1.9( Build 110621 ) (HKLM-x32\...\UPSmart2000R_is1) (Version: 1.9 - ) VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Webshots Desktop (HKLM-x32\...\Webshots Desktop_is1) (Version: - AGCM) Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) WinX YouTube Downloader (HKLM-x32\...\WinX YouTube Downloader) (Version: 5.4 - Digiarty, Inc.) Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare) Wondershare NativePush(Build 1.0.1.0) (HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Wondershare NativePush_is1) (Version: - Wondershare Software) X-Rite Device Services Manager (HKLM-x32\...\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}) (Version: 2.4.1 - X-Rite) Y8 Browser 1.0.10 (HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games) Packages: ========= (a9t9) Free OCR Software -> C:\Program Files\WindowsApps\47971A9T9AutonomousTechno.a9t9FreeOCRSoftware_1.2.0.3_x64__b5ssw9yxzk0ey [2023-11-29] (A9T9 (Autonomous Technology)) AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-07] (Microsoft Corporation) Checkers ! -> C:\Program Files\WindowsApps\TreeCardGames.Checkers_1.0.0.0_x64__n666hb6ddc5jp [2024-02-17] (TreeCardGames) EML Opener -> C:\Program Files\WindowsApps\BallardAppCraftery.CraftyEMLViewer_1.1.0.30_neutral__epyrqhfctk40t [2021-09-13] (Ballard App Craftery) Image Converter -> C:\Program Files\WindowsApps\24532JohnnyWestlake.ImageConverter_2.5.2.0_x64__29jfh87drcwce [2023-12-29] (Johnny Westlake) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-08-03] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-08-03] (Microsoft Corporation) [MS Ad] Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-30] (Microsoft Corporation) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation) Norton Password Manager -> C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_7.2.1.0_neutral__v68kp9n051hdp [2021-06-03] (NortonLifeLock Inc.) Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp [2021-03-12] (NortonLifeLock Inc.) Office Lens -> C:\Program Files\WindowsApps\Microsoft.OfficeLens_16.0.32001.0_x86__8wekyb3d8bbwe [2020-12-13] (Microsoft Corporation) One Photo Viewer -> C:\Program Files\WindowsApps\48914EllipticPhenomena.OnePhotoViewer_1.18.1.0_neutral__8w313s78tpvfc [2024-03-11] (Elliptic Phenomena) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-03] (Microsoft Corporation) Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-03-23] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-256949468-1460428694-2583359438-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) CustomCLSID: HKU\S-1-5-21-256949468-1460428694-2583359438-1001_Classes\CLSID\{2B72BD98-421B-4411-BED3-46F583C97B8E}\InprocServer32 -> C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe (Webminds, Inc. -> Webminds, Inc.) CustomCLSID: HKU\S-1-5-21-256949468-1460428694-2583359438-1001_Classes\CLSID\{37906838-DE43-4833-8569-53BBD2D4F9F4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-256949468-1460428694-2583359438-1001_Classes\CLSID\{fa5312d1-0b58-428a-bd93-3b87ef89945d}\localserver32 -> C:\Program Files\Skylum\Luminar Neo\Luminar Neo.exe (Skylum Software USA, Inc. -> Skylum) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-25] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-25] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-25] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-25] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.3.2\buShell.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.3.2\buShell.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.3.2\buShell.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.3.2\buShell.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.3.2\buShell.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.3.2\buShell.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers1-x32: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP 2017\ASZSHLEXT.DLL [2017-02-13] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH) ContextMenuHandlers1: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP 2017\aszshlext64.dll [2017-02-13] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH) ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.3.2\buShell.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-25] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google) ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson) ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.3.2\NavShExt.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2020-12-10] (Online Media Technologies Ltd. -> Online Media Technologies Ltd.) [File not signed] ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.3.2\NavShExt.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-25] (Google LLC -> Google, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-25] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6-x32: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP 2017\ASZSHLEXT.DLL [2017-02-13] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH) ContextMenuHandlers6: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP 2017\aszshlext64.dll [2017-02-13] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH) ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.3.2\buShell.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.3.2\NavShExt.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.rscc] => C:\WINDOWS\system32\rscc.dll [917264 2018-08-09] (Rsupport Co., Ltd. -> RSUPPORT) HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-14] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-14] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-14] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.rscc] => C:\Windows\SysWOW64\rscc.dll [716048 2018-08-09] (Rsupport Co., Ltd. -> RSUPPORT) HKLM\...\Drivers32: [vidc.n264] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT) [File not signed] HKLM\...\Drivers32: [vidc.mp4v] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT) [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2020-02-06 09:42 - 2016-08-09 11:57 - 001886720 _____ () [File not signed] C:\Program Files\Atomic Alarm Clock\Clock.dll 2023-06-23 22:22 - 2023-06-23 22:22 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll 2023-06-23 22:22 - 2023-06-23 22:22 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll 2020-10-09 22:43 - 2020-10-09 22:43 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.DLL 2020-10-09 22:56 - 2020-10-09 22:56 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll 2021-01-28 11:15 - 2018-03-24 09:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll 2021-01-28 11:15 - 2018-03-24 09:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll 2022-12-22 21:13 - 2020-12-10 14:44 - 000151344 _____ (Online Media Technologies Ltd. -> Online Media Technologies Ltd.) [File not signed] C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll 2020-02-15 16:51 - 2014-12-04 00:34 - 000120320 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMIGE.DLL 2023-06-23 22:22 - 2023-06-23 22:22 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll 2022-12-12 15:38 - 2018-06-27 09:58 - 001748480 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Ashampoo\Ashampoo Taskbar Customizer\ash_libcurl.dll 2023-06-23 22:22 - 2023-06-23 22:22 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll 2023-06-23 22:22 - 2023-06-23 22:22 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll 2020-02-06 09:42 - 2013-02-19 17:16 - 000223744 _____ (Un4seen Developments) [File not signed] C:\Program Files\Atomic Alarm Clock\bass.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:Duplicate$Photo$Cleaner [129] AlternateDataStreams: C:\Users\All Users:Duplicate$Photo$Cleaner [129] AlternateDataStreams: C:\ProgramData\Application Data:Duplicate$Photo$Cleaner [129] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-256949468-1460428694-2583359438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=oem&geo=AU&ver=22.20.2.57&locale=en_AU&guid=C96FA24E-749E-4BFC-82ED-2893B2D3E880&doi=2020-04-05&o=APN11915&omnisearch=yes&cmpgn=mar20&vendorConfigured=iac SearchScopes: HKU\S-1-5-21-256949468-1460428694-2583359438-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1300&geo=AU&ver=22.21.6.53&locale=AU_en&guid=C96FA24E-749E-4BFC-82ED-2893B2D3E880&doi=2016-09-01&o=APN11913&vendorConfigured=iac&cmpgn=jul21&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-256949468-1460428694-2583359438-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1300&geo=AU&ver=22.21.6.53&locale=AU_en&guid=C96FA24E-749E-4BFC-82ED-2893B2D3E880&doi=2016-09-01&o=APN11913&vendorConfigured=iac&cmpgn=jul21&gct=kwd&qsrc=2869 BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.24.3.2\coIEPlg.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.24.3.2\coIEPlg.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.24.3.2\coIEPlg.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.24.3.2\coIEPlg.dll [2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 14:49 - 2020-11-21 20:11 - 000002295 ____N C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 adobeereg.com 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe-dns-4.adobe.com 127.0.0.1 adobe-dns-5.adobe.com 127.0.0.1 hh-software.com 127.0.0.1 www.hh-software.com 127.0.0.1 activate.adobe.de 127.0.0.1 practivate.adobe.de 127.0.0.1 ereg.adobe.d 127.0.0.1 activate.wip3.adobe.de 127.0.0.1 wip3.adobe.de 127.0.0.1 3dns-3.adobe.de ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\Documents\My Documents\My Documents\Icons\Daily\Salop\439900201_10229427376662016_449310704541377406_n.jpg DNS Servers: 10.0.0.138 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. Network Binding: ============= Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: FoxitReaderUpdateService => 2 MSCONFIG\Services: hasplms => 2 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: xrdd.exe => 2 HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk" HKLM\...\StartupApproved\StartupFolder: => "ColorMunki Smile Tray.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "UPSmart2000R" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\StartupFolder: => "Webshots.lnk" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_554F09F6EF2194379EF187460292DAF5" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "Avanquest Message" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "Toolkit" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "GoogleDriveFS" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "Skype for Desktop" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_EF09251048DD056187DB9D41D3C2F7EB" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{E5E7E937-E6B2-4E9B-8B56-A5EDF13FBE38}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [UDP Query User{3FD4B145-BE3D-4DED-88AB-6D75ECC3FBC8}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{40F31333-61F5-4E9D-9AA9-A093220FBEAC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{757AB5CB-B521-4494-AA40-53E2C5C73877}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{EF04CB2E-B0A9-48DC-820D-9173F6D4DC3F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{72EE1E55-DB2A-46A4-B706-C117E7EA01E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B8C0F99D-1A08-4780-9BDB-7A087A29FCFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{779CADDF-FF22-4139-A643-8AA564FDB32A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D425B2A7-3808-437E-928F-393B2D9EBD95}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{EF049C95-A7FF-431C-BC13-6B0454D1ED37}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.2.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited) FirewallRules: [{FBF70657-B340-4CAE-88D0-8A4153DFAEAB}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.2.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited) FirewallRules: [{C2867EA1-F6E4-4DCE-864E-8B6F9445D78D}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.) FirewallRules: [{63445FC1-D812-4E23-AF5E-2FA3AB1DE002}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{3AB43D67-B069-4EEF-844E-414AB3286AE2}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{90C2E914-CD47-4DF1-BE8C-28860016E3AC}] => (Allow) C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) FirewallRules: [{31C3D57E-8F14-435B-82CE-22438E6AB070}] => (Allow) C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) FirewallRules: [{0949AF14-0038-458B-A3FF-A77992FF8831}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B3D7D6EA-D1D2-4180-BEBC-CEC515A7648C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{30F06CB4-C090-4290-9DB1-2BF72B3A171D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{66629E57-AA13-46BE-B48B-E0424A814A30}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{EFB58CBF-49CC-4BD5-9698-CFE9121B852B}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{EDB364BC-3170-4BAE-AC1C-10D277E52E44}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{1BF0527E-6F74-427F-B1DD-E2C14BE419C4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 26-04-2024 15:33:30 Scheduled Checkpoint 05-05-2024 23:05:46 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/07/2024 07:05:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 10.0.19041.4239, time stamp: 0x4202072e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000002910fae Faulting process ID: 0x2094 Faulting application start time: 0x01daa03e8b8556df Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: unknown Report ID: 7919340d-c9ba-4904-b8c7-2718a1434664 Faulting package full name: Faulting package-relative application ID: Error: (05/07/2024 03:32:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MBAMService.exe, version: 3.2.0.1285, time stamp: 0x66059017 Faulting module name: mbae-api-na.dll_unloaded, version: 1.13.4.585, time stamp: 0x65a15425 Exception code: 0xc0000005 Fault offset: 0x0000000000038d72 Faulting process ID: 0x10c8 Faulting application start time: 0x01daa03e875fae84 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Faulting module path: mbae-api-na.dll Report ID: 39ffcc25-236e-498b-a419-59956e0d2dcf Faulting package full name: Faulting package-relative application ID: Error: (05/07/2024 03:32:12 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (05/06/2024 10:26:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 10.0.19041.4239, time stamp: 0x4202072e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000000ab60fae Faulting process ID: 0x1e9c Faulting application start time: 0x01da9f70aedea1ba Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: unknown Report ID: 1c313bd7-ef37-4e6c-ab90-ac1807c92bf7 Faulting package full name: Faulting package-relative application ID: Error: (05/06/2024 03:33:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.19041.3636, time stamp: 0x122dc5a3 Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89 Exception code: 0xc0000409 Fault offset: 0x000000000007286e Faulting process ID: 0x27a4 Faulting application start time: 0x01da9f70b26b72e7 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report ID: fca3ce16-737c-49fa-9b91-6e2ed6abe840 Faulting package full name: Faulting package-relative application ID: Error: (05/06/2024 03:33:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.19041.3636, time stamp: 0x122dc5a3 Faulting module name: ntdll.dll, version: 10.0.19041.4239, time stamp: 0xad5435e9 Exception code: 0xc0000005 Fault offset: 0x000000000002f23f Faulting process ID: 0x27a4 Faulting application start time: 0x01da9f70b26b72e7 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report ID: 91e2ac63-5330-4f09-90a3-6660dfc84963 Faulting package full name: Faulting package-relative application ID: Error: (05/05/2024 09:50:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.4239, time stamp: 0x4202072e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000018c50fae Faulting process ID: 0x2f70 Faulting application start time: 0x01da9ee22b64291a Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: unknown Report ID: 3fbcc047-4ddb-44f1-88cd-34300f34d577 Faulting package full name: Faulting package-relative application ID: Error: (05/05/2024 09:48:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 10.0.19041.4239, time stamp: 0x4202072e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000000a740fae Faulting process ID: 0xc78 Faulting application start time: 0x01da9ecae36f317c Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: unknown Report ID: fbe26875-28e4-4ed8-80b7-9f314bfa72ab Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (05/08/2024 06:40:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Logitech Solar Keyboard Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (05/08/2024 06:40:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Logitech Solar Keyboard Service service terminated with the following service-specific error: The operation completed successfully. Error: (05/08/2024 06:20:05 PM) (Source: nvlddmkm) (EventID: 13) (User: ) Description: Event-ID 13 Error: (05/08/2024 06:20:05 PM) (Source: nvlddmkm) (EventID: 13) (User: ) Description: Event-ID 13 Error: (05/08/2024 06:19:42 PM) (Source: nvlddmkm) (EventID: 13) (User: ) Description: Event-ID 13 Error: (05/08/2024 06:19:42 PM) (Source: nvlddmkm) (EventID: 13) (User: ) Description: Event-ID 13 Error: (05/08/2024 05:05:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Logitech Solar Keyboard Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (05/08/2024 05:05:32 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Logitech Solar Keyboard Service service terminated with the following service-specific error: The operation completed successfully. Windows Defender: ================Event[0]: Date: 2023-11-16 13:57:50 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.373.1699.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19500.2 Error code: 0x80240017 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2023-11-16 04:16:29 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.373.1699.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19500.2 Error code: 0x8007045b Error description: A system shutdown is in progress. CodeIntegrity: =============== Date: 2024-05-08 19:26:10 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.24.3.2\symamsi.dll that did not meet the Windows signing level requirements. Date: 2024-05-08 19:22:00 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2024-05-08 19:10:58 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. P11-A2 11/08/2013 Motherboard: Acer Aspire TC-605 Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentage of memory in use: 49% Total physical RAM: 8125.09 MB Available physical RAM: 4122.27 MB Total Virtual: 16317.09 MB Available Virtual: 12030.97 MB ==================== Drives ================================ Drive c: (HAL) (Fixed) (Total:465.13 GB) (Free:287.1 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS \\?\Volume{a3f7c702-f21c-4636-87e0-44f4905caf39}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS \\?\Volume{3bd667c0-2ea5-4a4b-bb62-dd2d5717835a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================