Tweet
Hi Everybody.
I run a hp laptop windows 10 operating system 64 bit.
When i first open up the laptop, it takes approx 5 mins to load up my desktop, and when i try to use my ‘scan and cut’, craft and card making programs, it can take upwards of 5 to 10 minutes to get the various windows open. Once they are open, the programs run fine. Browsing the internet can also take a similar amount of time to load the pages. Again, once opened ( E,G, You Tube, Facebook/Messenger) the programs run fine.
Please find below, requested logs.
Kindest Regards
Andy Brown.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021
Ran by paula (administrator) on ANDYS-POSH-LAPT (HP HP Notebook) (11-08-2021 17:23:46)
Running from C:\Users\paula\Desktop
Loaded Profiles: Andy & paula
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. → Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2>
(Adobe Inc. → Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(CyberLink Corp. → ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. → CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\Youcam6_webcam_camera_vide o.exe
(CyberLink Corp. → CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe <2>
(Dropbox, Inc → Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <8>
(Google LLC → Google) C:\Users\paula\AppData\Local\Google\Chrome\User Data\SwReporter\92.267.200\software_reporter_tool. exe <4>
(Hewlett Packard → HP Inc.) C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Intel(R) Software → Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software → Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes Inc → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation → ColorPickerUI) C:\Program Files\PowerToys\modules\ColorPicker\ColorPickerUI. exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerLauncher.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(Microsoft Corporation → Microsoft Corporation) C:\Users\paula\AppData\Local\Microsoft\OneDrive\On eDrive.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\A M_Delta_Patch_1.345.316.0.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(Piriform Software Ltd → Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp → ) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp → Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe <2>
Failed to access process → VpnUpdate.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corp → Realtek Semiconductor Corporation)
HKLM...\Run: [DeliveryAndStatusCheck] => C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [301832 2015-11-10] (Hewlett-Packard → HP)
HKLM-x32...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company → Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd → Piriform Software Ltd)
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\Run: [Chromium] => “c:\users\andy\appdata\local\chromium\application\ chrome.exe” --auto-launch-at-startup --profile-directory=“Default” --restore-last-session
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd → Piriform Software Ltd)
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5550304 2021-07-24] (Adobe Inc. → Adobe Systems Incorporated)
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-04-14] (Support.com Inc → SUPERAntiSpyware)
HKLM...\Print\Monitors\HP 5B12 Status Monitor: C:\WINDOWS\system32\hpinksts5B12LM.dll [331664 2012-06-13] (Hewlett Packard → Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Inst aller\chrmstp.exe [2021-08-04] (Google LLC → Google LLC)
HKLM\Software...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] → C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv. dll [2015-10-29] (CyberLink Corp. → CyberLink)
HKLM\Software...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] → C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv. dll [2015-10-29] (CyberLink Corp. → CyberLink)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-08-23]
ShortcutTarget: Avast SecureLine VPN.lnk → C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. → AVAST Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BB39B60-4970-44DB-B93F-173A88988289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1133912 2020-06-19] (HP Inc. → HP Inc.)
Task: {1136EAFA-4088-4EFF-97EE-DC64C96ABE9C} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
Task: {1205D3FC-4CAE-4F24-AF6F-B97C5FCB9B95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {141D30E2-9251-42B5-B1B4-34203121ED56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {14606026-4832-4572-9109-517574CC511E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [324952 2020-06-19] (HP Inc. → HP Inc.)
Task: {14FFABDC-6B3C-4C99-BB54-1AA5B13ED95F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {1E5AFF2D-F0B3-447D-AA4F-03B5066D100B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-25] (Google LLC → Google LLC)
Task: {1F15D911-B0CF-4DBB-918F-D2D2FAA0167C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506136 2020-07-01] (HP Inc. → HP Inc.)
Task: {255DB6AA-6124-48B4-964F-25918F24CDC0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1133912 2020-06-19] (HP Inc. → HP Inc.)
Task: {282E9A36-E1F1-4D8F-A4BD-E919EAE6B6E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. → Adobe Inc.)
Task: {3E4D6ED5-AAEA-4600-9595-9CFD32DC029C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-08-07] (Microsoft Corporation → Microsoft Corporation)
Task: {40F42DC3-9178-44ED-B9A0-52555E12DEF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN92R8C146 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1133912 2020-06-19] (HP Inc. → HP Inc.)
Task: {4431BF57-C0CC-4B4D-860D-3BCB9FB7FF69} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.ex e [198696 2016-11-07] (HP Inc. → HP Inc.)
Task: {4E32DCA9-C781-4A4C-854A-6C4FA379C32E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation → Microsoft Corporation)
Task: {58DEAC3B-20F1-4476-920E-576DDBC7F80A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-08-07] (Microsoft Corporation → Microsoft Corporation)
Task: {58F23195-DCA3-495E-A60B-C1EEC36899F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [662872 2020-04-30] (HP Inc. → HP Inc.)
Task: {647EC324-2E14-4896-A828-3016DE95880D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-25] (Google LLC → Google LLC)
Task: {6877C125-D0BA-4271-8D60-75ECCE973435} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc → )
Task: {7466D452-C684-47A1-9948-6EE412C45FB1} - System32\Tasks\PowerToys\Autorun for paula => C:\Program Files\PowerToys\PowerToys.exe [1241992 2021-02-04] (Microsoft Corporation → Microsoft Corporation)
Task: {790DE880-DB6E-4ACB-86C1-AEA14B8E3A94} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [3438680 2018-01-29] (AVAST Software a.s. → AVAST Software)
Task: {7A66AE34-C28C-4BB2-A6B1-EC5F972315B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {7EBB06A7-2219-4592-8287-FE4EF205FDB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-06-22] (HP Inc. → HP Inc.)
Task: {85C25B84-38DF-4B0F-8E8C-054282766C41} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd → Piriform)
Task: {89CF6EC1-292C-469A-B279-3BF614EAC63C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-29] (Dropbox, Inc → Dropbox, Inc.)
Task: {8D08467B-957B-4F08-AC64-7A6235BF9375} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-10-29] (CyberLink Corp. → CyberLink Corp.)
Task: {8E7446E2-5730-4F14-B40E-C7DCB8A504FA} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology → IObit)
Task: {8F7D9C16-E89B-45F5-987E-1F961816A6E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd → Piriform Software Ltd)
Task: {988C37EA-BEBD-47DB-8266-A8AFB57ED353} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3031824 2020-07-07] (IObit Information Technology → IObit)
Task: {98BA9797-CD9A-4DB9-AA07-90A5D0128191} - System32\Tasks\HPCustParticipation HP DeskJet 2600 series => C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPCustPartic.exe [6653576 2018-04-17] (Hewlett Packard → HP Inc.)
Task: {AFC247E9-3845-4ADD-8B24-AA87F99293EB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-29] (Dropbox, Inc → Dropbox, Inc.)
Task: {BF6EE1F9-3EC3-42E9-9287-A0F80685AB04} - System32\Tasks\ASC_SkipUac_paula => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [8951568 2020-08-09] (IObit Information Technology → IObit)
Task: {DBB3BE51-AEB4-40C7-8362-4B13A1E36F6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19I1T1QT => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1133912 2020-06-19] (HP Inc. → HP Inc.)
Task: {DC62ECDC-11B8-41B5-B4C9-80FC73D16141} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506136 2020-07-01] (HP Inc. → HP Inc.)
Task: {E81EC004-E17B-4936-9C92-004C0604C7CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation → Microsoft Corporation)
Task: {F98DB1E9-47F4-44DD-A02F-3219CA915723} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1380232 2019-08-16] (AVAST Software s.r.o. → AVAST Software)
Task: {FF83BC76-B6D0-4785-90FE-09BAF5EEC81A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5866768 2020-07-17] (IObit Information Technology → IObit)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2021
Ran by paula (11-08-2021 17:33:11)
Running from C:\Users\paula\Desktop
Windows 10 Home Version 21H1 19043.1165 (X64) (2020-09-04 18:00:41)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1020228174-254853255-2842383887-500 - Administrator - Disabled)
Andy (S-1-5-21-1020228174-254853255-2842383887-1001 - Administrator - Enabled) => C:\Users\Andy
DefaultAccount (S-1-5-21-1020228174-254853255-2842383887-503 - Limited - Disabled)
Guest (S-1-5-21-1020228174-254853255-2842383887-501 - Limited - Disabled)
paula (S-1-5-21-1020228174-254853255-2842383887-1002 - Administrator - Enabled) => C:\Users\paula
WDAGUtilityAccount (S-1-5-21-1020228174-254853255-2842383887-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced SystemCare (HKLM-x32...\Advanced SystemCare_is1) (Version: 13.7.0 - IObit)
Avast SecureLine (HKLM...{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}is1) (Version: 1.0.239.2 - AVAST Software)
Bejeweled 3 (HKLM-x32...\WTA-03370242-92fd-4902-a56d-00d549d188f3) (Version: 2.2.0.95 - WildTangent) Hidden
Brother CanvasWorkspace (HKLM...{560F5904-8482-4BAC-BEB8-6AC2E21AB4A0}is1) (Version: 2.5.0 - Brother Industries, Ltd.)
Build-a-lot (HKLM-x32...\WTA-d341894c-70a6-4c9e-9b20-b8fb0b5dc7b4) (Version: 3.0.2.59 - WildTangent) Hidden
Building the Great Wall of China Collector’s Edition (HKLM-x32...\WTA-f6354ace-8be5-4784-be6c-e94912e1c393) (Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.83 - Piriform)
Cisco EAP-FAST Module (HKLM-x32...{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32...{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32...{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crazy Chicken Soccer (HKLM-x32...\WTA-df4a0939-fabc-4dd1-8417-fe5906905494) (Version: 2.2.0.110 - WildTangent) Hidden
Cricut Design Space (HKU\S-1-5-21-1020228174-254853255-2842383887-1001...{113DD42F-AE80-489B-8F15-FB8499306C48}) (Version: 5.8.15 - Cricut, Inc.)
CyberLink PhotoDirector (HKLM...{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32...\InstallShield{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32...{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM...{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32...\InstallShield{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32...{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
Delicious: Emily’s Wonder Wedding Premium Edition (HKLM-x32...\WTA-a8a245aa-7bd1-45d4-b5c0-d092343d4b72) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM...{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32...{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32...{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM...{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.13 (HKLM-x32...{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-2530-0000-AC13154E5A00}) (Version: 19.021.20058 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
HP DeskJet 2600 series Basic Device Software (HKLM...{FB71D010-BD89-4624-B681-355F72DE4E58}) (Version: 43.3.2478.18107 - HP Inc.)
HP DeskJet 2600 series Help (HKLM-x32...{9A36A9D9-787C-4E75-914B-CF133FA88FC9}) (Version: 44.0.0 - HP)
HP Documentation (HKLM...\HP_Documentation) (Version: - HP)
HP Dropbox Plugin (HKLM-x32...{C68BD3B6-3CC4-4871-94D1-3412A571001F}) (Version: 36.0.100.66344 - HP)
HP EmailSMTP Plugin (HKLM-x32...{763E42DC-F6DB-49E5-AAFD-CC3273F858CB}) (Version: 43.0.0.0 - HP)
HP ePrint SW (HKLM-x32...{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP FTP Plugin (HKLM-x32...{1E02EFE9-1EDB-4EE4-B02F-1B23C9AF3CD5}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32...{ADA6C223-3EEA-4CAF-822A-5380A7A40342}) (Version: 36.0.100.66344 - HP)
HP OneDrive Plugin (HKLM-x32...{16DB1A9B-1180-43E7-BE29-7201EE339206}) (Version: 36.0.0.0 - HP)
HP Photo Creations (HKLM-x32...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM...{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP SharePoint Plugin (HKLM-x32...{1F73FB9B-71BC-47F8-8AA6-DA9076E4E52B}) (Version: 43.0.0.0 - HP)
HP Support Solutions Framework (HKLM-x32...{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.17.27.5 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32...{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM...\HPWelcome) (Version: 1.0 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32...{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32...{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Jewel Match 3 (HKLM-x32...\WTA-61b31053-3bf0-4249-9df2-f473da9e6cf3) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes version 4.4.2.123 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM...\HomeStudentRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32...{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.11 (x64) (HKLM-x32...{e746e6a9-8254-4477-bbe0-a05900ec44e3}) (Version: 3.1.11.29516 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32...\Mobile Broadband HL Service) (Version: 22.001.29.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 74.0 (x64 en-GB) (HKLM...\Mozilla Firefox 74.0 (x64 en-GB)) (Version: 74.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32...{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM...{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32...{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32...\WTA-59807221-93be-4eff-81a2-d8e06bb7f9ec) (Version: 3.0.2.59 - WildTangent) Hidden
PowerToys (Preview) (HKLM...{FB5F92BF-39E2-4757-A744-55D2D28E9BEF}) (Version: 0.31.2 - Microsoft Corporation)
Product Improvement Study for HP DeskJet 2600 series (HKLM...{8D9801F9-62AA-4AD1-87A5-028CCE97DDDC}) (Version: 43.3.2478.18107 - HP Inc.)
Ranch Rush 2 - Premium Edition (HKLM-x32...\WTA-e94e2903-53e3-4614-87ac-8d0a3ca25f69) (Version: 2.2.0.97 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32...{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32...{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32...{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32...\WTA-ef090462-032a-474b-a2dd-d9b2601add76) (Version: 3.0.2.126 - WildTangent) Hidden
Sky Go 21.6.2.0 (HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\com.bskyb.skygoplayer_is1) (Version: 21.6.2.0 - Sky)
Smart Defrag 6 (HKLM-x32...\Smart Defrag_is1) (Version: 6.6.0 - IObit)
SUPERAntiSpyware (HKLM...{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1208 - SUPERAntiSpyware.com)
Sure Cuts A Lot 5.045 (HKLM...\Sure Cuts A Lot 5_is1) (Version: - Craft Edge)
swMSM (HKLM-x32...{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Trinklit Supreme (HKLM-x32...\WTA-bbaf0805-8093-4d17-b26b-6dd6e1101fdc) (Version: 2.2.0.98 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM...{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32...{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32...\WTA-8e158062-2729-4bd3-b475-ac90825a4e48) (Version: 3.0.2.59 - WildTangent) Hidden
Wedding Dash (HKLM-x32...\WTA-b946f3d7-6478-4c12-8ccf-06b3158d75ba) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32...{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Youda Jewel Shop (HKLM-x32...\WTA-ee03e766-031b-43d9-83f8-693620bd30d1) (Version: 3.0.2.51 - WildTangent) Hidden
Zoom (HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Amazon → C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815. 0_x64__343d40qqvtj1t [2020-09-23] (Amazon.com)
HP LOUNGE → C:\Program Files\WindowsApps\UniversalMusicMobile.HPLOUNGE_2. 1.1.0_x64__3ms5eyejfeart [2020-09-23] (Universal Music Mobile)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1. 234.0_x64__v10z8vjag6ke6 [2021-08-10] (HP Inc.)
Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-10] (Microsoft Studios) [MS Ad]
Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64_ _mcm4njqhnhss8 [2020-09-23] (Netflix, Inc.)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-09-23] (Microsoft Corporation)
Reader Notification Client → C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r [2020-09-23] (Adobe Systems Incorporated)
Simple Solitaire → C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleS olitaire_7.2.9.0_x64__kx24dqmazqk8j [2021-08-10] (Random Salad Games LLC)
Snapfish → C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopowered bySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2020-09-23] (Snapfish)
TripAdvisor Hotels Flights Restaurants → C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotels FlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2020-09-23] (TripAdvisor LLC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1020228174-254853255-2842383887-1002_Classes\CLSID{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command → C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated → Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ContextMenuHandlers1: [Advanced SystemCare] → [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => → No File
ContextMenuHandlers1: [SmartDefragExtension] → [CC]{189F1E63-33A7-404B-B2F6-8C76A452CC54} => → No File
ContextMenuHandlers2: [Advanced SystemCare] → [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => → No File
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-11] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerRenameExt .dll [2021-02-04] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [Advanced SystemCare] → [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => → No File
ContextMenuHandlers5: [igfxDTCM] → {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-02-25] (Microsoft Windows Hardware Compatibility Publisher → Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-11] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] → [CC]{189F1E63-33A7-404B-B2F6-8C76A452CC54} => → No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-09-16 00:31 - 2020-09-16 00:31 - 000355840 _____ () [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\Mono.Cecil.dll
2016-11-11 15:13 - 2011-08-24 03:39 - 000081920 _____ () [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan_ctypes.pyd
2016-11-11 15:13 - 2011-08-24 03:39 - 000053248 _____ () [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan_socket.pyd
2016-11-11 15:13 - 2011-08-24 03:39 - 000655360 _____ () [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan_ssl.pyd
2021-02-04 17:25 - 2021-02-04 17:25 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\ColorPicker\ManagedTelemet ry.dll
2021-02-04 17:25 - 2021-02-04 17:25 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\ManagedTelemetry. dll
2016-11-11 15:13 - 2015-10-26 12:27 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\MSVCR71.dll
2020-09-04 18:34 - 2020-09-04 18:34 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL
2020-09-04 18:34 - 2020-09-04 18:34 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL
2021-02-04 17:25 - 2021-02-04 17:25 - 000016384 _____ (Microsoft.PowerToys.Run.Plugin.Calculator) [File not signed] C:\Program Files\PowerToys\modules\launcher\Plugins\Calculato r\Microsoft.PowerToys.Run.Plugin.Calculator.dll
2020-09-23 19:01 - 2020-09-23 19:01 - 000895488 _____ (ModernWpf) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\ColorPicker\ModernWpf.dll
2020-09-23 19:01 - 2020-09-23 19:01 - 000895488 _____ (ModernWpf) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\ModernWpf.dll
2020-08-22 11:31 - 2020-08-22 11:31 - 000817152 _____ (NLog) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\NLog.dll
2020-08-27 21:03 - 2020-08-27 21:03 - 000046080 _____ (NLog) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\NLog.Extensions.L ogging.dll
2016-11-11 15:13 - 2011-08-24 03:39 - 002113536 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan\python25.dll
2020-10-12 23:38 - 2020-10-12 23:38 - 000052224 _____ (Tatham Oddie & friends) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\ColorPicker\System.IO.Abst ractions.dll
2020-10-12 23:38 - 2020-10-12 23:38 - 000052224 _____ (Tatham Oddie & friends) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\System.IO.Abstrac tions.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1020228174-254853255-2842383887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1020228174-254853255-2842383887-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 → {952A6C9C-B7D1-487B-9CF2-8F55320493DF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1020228174-254853255-2842383887-1001 → {952A6C9C-B7D1-487B-9CF2-8F55320493DF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Evernote extension → {92EF2EAD-A7CE-4424-B0DB-499CF856608E} → C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION → Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper → {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} → C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2017-10-27] (HP Inc. → HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation → Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPo werShell\v1.0;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH;C:\Pr ogram Files\dotnet
HKU\S-1-5-21-1020228174-254853255-2842383887-1001\Control Panel\Desktop\Wallpaper → C:\Users\Andy\Desktop\IMG-20161225-WA0007.jpg
HKU\S-1-5-21-1020228174-254853255-2842383887-1002\Control Panel\Desktop\Wallpaper → C:\Users\paula\Desktop\DCIM\100DICAM\DSCI0022.JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM...\StartupApproved\StartupFolder: => “Avast SecureLine VPN.lnk”
HKLM...\StartupApproved\Run: => “RTHDVCPL”
HKLM...\StartupApproved\Run: => “DeliveryAndStatusCheck”
HKLM...\StartupApproved\Run: => “WinZip UN”
HKLM...\StartupApproved\Run32: => “HPMessageService”
HKLM...\StartupApproved\Run32: => “PowerDVD14Agent”
HKLM...\StartupApproved\Run32: => “WinZip PreLoader”
HKLM...\StartupApproved\Run32: => “SecurityHealth”
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\StartupApproved\Run: => “GoogleChromeAutoLaunch_A69DCE493FB9444452A92359AA 0F4A85”
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\StartupApproved\Run: => “Chromium”
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\StartupApproved\Run: => “CCleaner Smart Cleaning”
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\StartupApproved\Run: => “CCleaner Smart Cleaning”
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\StartupApproved\Run: => “SUPERAntiSpyware”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{41489E05-ADAE-4406-9241-710B7C6B02C7}] => (Allow) C:\Users\paula\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{1BA0DE9F-E16F-47C2-916A-28EB6CCD6469}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{9B866E7D-81D4-448E-A03F-474D7E0C0F6E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{21FD26D9-B04F-4926-B259-9B16F6BF0CEF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company → Hewlett-Packard Development Company, L.P.)
FirewallRules: [{F7A7A6A8-DE50-4D5B-931E-D907A8DCEEA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. → CyberLink Corp.)
FirewallRules: [{A8D8511B-090C-4200-9596-87EBBB835240}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPD VD14.exe (CyberLink Corp. → CyberLink)
FirewallRules: [{7D8460B2-1AB4-4753-8F90-B45EBCD1E1F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. → CyberLink Corp.)
FirewallRules: [{6A9F18CD-0B5F-47C9-B640-59F3D09F7C82}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. → CyberLink Corp.)
FirewallRules: [{599300C6-9E66-49D5-B628-E3039749D57A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. → CyberLink Corp.)
FirewallRules: [{8FEB901F-8013-4877-A078-25E823EFCD81}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd → Piriform)
FirewallRules: [{BC73D79F-4D9F-46B6-95AF-AEE88D1DC4F5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd → Piriform)
FirewallRules: [{1531F537-6417-456A-AFAB-A276F5208C60}] => (Allow) C:\Users\Andy\AppData\Local\Chromium\Application\c hrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{215EC8A5-00CF-4E99-B4BE-4B63746EFC6E}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\bin\DigitalWizards.exe (Hewlett Packard → HP Inc.)
FirewallRules: [{47376E0D-7F9F-4D04-B932-C6763CB9E5A3}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\DeviceSetup.exe (Hewlett Packard → HP Inc.)
FirewallRules: [{23AAC3C3-F67F-4C7C-A157-D0499651F83A}] => (Allow) LPort=5357
FirewallRules: [{F31E1E5B-95E7-483A-9E25-D7C01D1AA936}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard → HP Inc.)
FirewallRules: [{1763A87E-8AFB-4168-A445-4A3979A84F2F}] => (Allow) C:\Users\paula\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{6A998B62-4F91-41BA-AEF9-D2818DB4F68E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{9BD64FE4-4319-402B-8434-9310EE080DEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{C109A9FE-AFF8-4711-8FC8-5A3D8A216374}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{99B962F5-B762-4F50-A318-759C6B99972D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{47EE42D7-781A-4D60-BE7C-E85AC925BEFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
==================== Restore Points =========================
10-08-2021 23:49:34 Windows Modules Installer
11-08-2021 00:04:20 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (08/11/2021 04:48:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Faulting module name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Exception code: 0xc0000409
Fault offset: 0x000dcbdd
Faulting process ID: 0x1730
Faulting application start time: 0x01d78ec7bbd768c1
Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe
Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe
Report ID: 5d24a630-7d55-4895-aa66-4f0a9a14db7a
Faulting package full name:
Faulting package-relative application ID:
Error: (08/11/2021 04:34:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialise the VSS backup “System Writer” object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (08/11/2021 08:47:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (08/11/2021 08:47:21 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (08/11/2021 05:15:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Faulting module name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Exception code: 0xc0000409
Fault offset: 0x000dcbdd
Faulting process ID: 0x66c
Faulting application start time: 0x01d78e67775c31d9
Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe
Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe
Report ID: 120c431c-a78b-4c67-866c-cbb6cfd927b8
Faulting package full name:
Faulting package-relative application ID:
Error: (08/11/2021 03:17:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Faulting module name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Exception code: 0xc0000409
Fault offset: 0x000dcbdd
Faulting process ID: 0x1414
Faulting application start time: 0x01d78e56fa3f8c85
Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe
Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe
Report ID: da2cadb4-b782-4738-b941-8412af2dbe43
Faulting package full name:
Faulting package-relative application ID:
Error: (08/11/2021 12:04:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service avgbIDSAgent since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (08/11/2021 12:04:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Tools since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
[HEADING=1]System errors:[/HEADING]
Error: (08/11/2021 04:50:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
Error: (08/11/2021 04:47:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service did not respond on starting.
Error: (08/11/2021 04:45:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Storage Service service did not respond on starting.
Error: (08/11/2021 04:42:40 PM) (Source: DCOM) (EventID: 10010) (User: ANDYS-POSH-LAPT)
Description: The server {40ECCDBB-2202-4FDF-83ED-272187326B7A} did not register with DCOM within the required timeout.
Error: (08/11/2021 04:41:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service did not respond on starting.
Error: (08/11/2021 04:34:26 PM) (Source: DCOM) (EventID: 10005) (User: ANDYS-POSH-LAPT)
Description: DCOM got error “1084” attempting to start the service camsvc with arguments “Unavailable” in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Error: (08/11/2021 04:34:12 PM) (Source: DCOM) (EventID: 10005) (User: ANDYS-POSH-LAPT)
Description: DCOM got error “1084” attempting to start the service lfsvc with arguments “Unavailable” in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}
Error: (08/11/2021 04:33:54 PM) (Source: DCOM) (EventID: 10005) (User: ANDYS-POSH-LAPT)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
[HEADING=1]Windows Defender:[/HEADING]
Date: 2020-09-21 21:42:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-20 19:12:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-19 19:53:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-17 22:02:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-16 19:32:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-10 20:12:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-08-10 19:24:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-08-10 19:24:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-08-10 19:24:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-08-10 19:24:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2021-08-08 01:08:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-08-08 01:02:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-08 01:01:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.21 05/17/2016
Motherboard: HP 80C1
Processor: Intel(R) Pentium(R) CPU 3825U @ 1.90GHz
Percentage of memory in use: 92%
Total physical RAM: 4011.39 MB
Available physical RAM: 294.55 MB
Total Virtual: 6544.4 MB
Available Virtual: 1028.75 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:914.48 GB) (Free:769.05 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.06 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
\?\Volume{e2aeaa44-6276-430e-bc54-56281d82efda}\ () (Fixed) (Total:1.7 GB) (Free:0.84 GB) NTFS
\?\Volume{63d7ab20-ad76-4d07-aac0-6e5ddd51248a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
================================================== ========
Disk: 0 (Size: 931.5 GB) (Disk ID: 36BEF902)
Partition: GPT.
==================== End of Addition.txt =======================
I run a hp laptop windows 10 operating system 64 bit.
When i first open up the laptop, it takes approx 5 mins to load up my desktop, and when i try to use my ‘scan and cut’, craft and card making programs, it can take upwards of 5 to 10 minutes to get the various windows open. Once they are open, the programs run fine. Browsing the internet can also take a similar amount of time to load the pages. Again, once opened ( E,G, You Tube, Facebook/Messenger) the programs run fine.
Please find below, requested logs.
Kindest Regards
Andy Brown.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021
Ran by paula (administrator) on ANDYS-POSH-LAPT (HP HP Notebook) (11-08-2021 17:23:46)
Running from C:\Users\paula\Desktop
Loaded Profiles: Andy & paula
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. → Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2>
(Adobe Inc. → Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(CyberLink Corp. → ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. → CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\Youcam6_webcam_camera_vide o.exe
(CyberLink Corp. → CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe <2>
(Dropbox, Inc → Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <8>
(Google LLC → Google) C:\Users\paula\AppData\Local\Google\Chrome\User Data\SwReporter\92.267.200\software_reporter_tool. exe <4>
(Hewlett Packard → HP Inc.) C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Intel(R) Software → Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software → Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes Inc → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation → ColorPickerUI) C:\Program Files\PowerToys\modules\ColorPicker\ColorPickerUI. exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerLauncher.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(Microsoft Corporation → Microsoft Corporation) C:\Users\paula\AppData\Local\Microsoft\OneDrive\On eDrive.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\A M_Delta_Patch_1.345.316.0.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(Piriform Software Ltd → Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp → ) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp → Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe <2>
Failed to access process → VpnUpdate.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corp → Realtek Semiconductor Corporation)
HKLM...\Run: [DeliveryAndStatusCheck] => C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [301832 2015-11-10] (Hewlett-Packard → HP)
HKLM-x32...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company → Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd → Piriform Software Ltd)
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\Run: [Chromium] => “c:\users\andy\appdata\local\chromium\application\ chrome.exe” --auto-launch-at-startup --profile-directory=“Default” --restore-last-session
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd → Piriform Software Ltd)
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5550304 2021-07-24] (Adobe Inc. → Adobe Systems Incorporated)
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-04-14] (Support.com Inc → SUPERAntiSpyware)
HKLM...\Print\Monitors\HP 5B12 Status Monitor: C:\WINDOWS\system32\hpinksts5B12LM.dll [331664 2012-06-13] (Hewlett Packard → Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Inst aller\chrmstp.exe [2021-08-04] (Google LLC → Google LLC)
HKLM\Software...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] → C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv. dll [2015-10-29] (CyberLink Corp. → CyberLink)
HKLM\Software...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] → C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv. dll [2015-10-29] (CyberLink Corp. → CyberLink)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-08-23]
ShortcutTarget: Avast SecureLine VPN.lnk → C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. → AVAST Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BB39B60-4970-44DB-B93F-173A88988289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1133912 2020-06-19] (HP Inc. → HP Inc.)
Task: {1136EAFA-4088-4EFF-97EE-DC64C96ABE9C} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
Task: {1205D3FC-4CAE-4F24-AF6F-B97C5FCB9B95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {141D30E2-9251-42B5-B1B4-34203121ED56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {14606026-4832-4572-9109-517574CC511E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [324952 2020-06-19] (HP Inc. → HP Inc.)
Task: {14FFABDC-6B3C-4C99-BB54-1AA5B13ED95F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {1E5AFF2D-F0B3-447D-AA4F-03B5066D100B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-25] (Google LLC → Google LLC)
Task: {1F15D911-B0CF-4DBB-918F-D2D2FAA0167C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506136 2020-07-01] (HP Inc. → HP Inc.)
Task: {255DB6AA-6124-48B4-964F-25918F24CDC0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1133912 2020-06-19] (HP Inc. → HP Inc.)
Task: {282E9A36-E1F1-4D8F-A4BD-E919EAE6B6E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. → Adobe Inc.)
Task: {3E4D6ED5-AAEA-4600-9595-9CFD32DC029C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-08-07] (Microsoft Corporation → Microsoft Corporation)
Task: {40F42DC3-9178-44ED-B9A0-52555E12DEF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN92R8C146 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1133912 2020-06-19] (HP Inc. → HP Inc.)
Task: {4431BF57-C0CC-4B4D-860D-3BCB9FB7FF69} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.ex e [198696 2016-11-07] (HP Inc. → HP Inc.)
Task: {4E32DCA9-C781-4A4C-854A-6C4FA379C32E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation → Microsoft Corporation)
Task: {58DEAC3B-20F1-4476-920E-576DDBC7F80A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-08-07] (Microsoft Corporation → Microsoft Corporation)
Task: {58F23195-DCA3-495E-A60B-C1EEC36899F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [662872 2020-04-30] (HP Inc. → HP Inc.)
Task: {647EC324-2E14-4896-A828-3016DE95880D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-25] (Google LLC → Google LLC)
Task: {6877C125-D0BA-4271-8D60-75ECCE973435} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc → )
Task: {7466D452-C684-47A1-9948-6EE412C45FB1} - System32\Tasks\PowerToys\Autorun for paula => C:\Program Files\PowerToys\PowerToys.exe [1241992 2021-02-04] (Microsoft Corporation → Microsoft Corporation)
Task: {790DE880-DB6E-4ACB-86C1-AEA14B8E3A94} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [3438680 2018-01-29] (AVAST Software a.s. → AVAST Software)
Task: {7A66AE34-C28C-4BB2-A6B1-EC5F972315B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {7EBB06A7-2219-4592-8287-FE4EF205FDB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-06-22] (HP Inc. → HP Inc.)
Task: {85C25B84-38DF-4B0F-8E8C-054282766C41} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd → Piriform)
Task: {89CF6EC1-292C-469A-B279-3BF614EAC63C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-29] (Dropbox, Inc → Dropbox, Inc.)
Task: {8D08467B-957B-4F08-AC64-7A6235BF9375} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-10-29] (CyberLink Corp. → CyberLink Corp.)
Task: {8E7446E2-5730-4F14-B40E-C7DCB8A504FA} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology → IObit)
Task: {8F7D9C16-E89B-45F5-987E-1F961816A6E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd → Piriform Software Ltd)
Task: {988C37EA-BEBD-47DB-8266-A8AFB57ED353} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3031824 2020-07-07] (IObit Information Technology → IObit)
Task: {98BA9797-CD9A-4DB9-AA07-90A5D0128191} - System32\Tasks\HPCustParticipation HP DeskJet 2600 series => C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPCustPartic.exe [6653576 2018-04-17] (Hewlett Packard → HP Inc.)
Task: {AFC247E9-3845-4ADD-8B24-AA87F99293EB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-29] (Dropbox, Inc → Dropbox, Inc.)
Task: {BF6EE1F9-3EC3-42E9-9287-A0F80685AB04} - System32\Tasks\ASC_SkipUac_paula => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [8951568 2020-08-09] (IObit Information Technology → IObit)
Task: {DBB3BE51-AEB4-40C7-8362-4B13A1E36F6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19I1T1QT => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1133912 2020-06-19] (HP Inc. → HP Inc.)
Task: {DC62ECDC-11B8-41B5-B4C9-80FC73D16141} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506136 2020-07-01] (HP Inc. → HP Inc.)
Task: {E81EC004-E17B-4936-9C92-004C0604C7CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation → Microsoft Corporation)
Task: {F98DB1E9-47F4-44DD-A02F-3219CA915723} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1380232 2019-08-16] (AVAST Software s.r.o. → AVAST Software)
Task: {FF83BC76-B6D0-4785-90FE-09BAF5EEC81A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5866768 2020-07-17] (IObit Information Technology → IObit)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2021
Ran by paula (11-08-2021 17:33:11)
Running from C:\Users\paula\Desktop
Windows 10 Home Version 21H1 19043.1165 (X64) (2020-09-04 18:00:41)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1020228174-254853255-2842383887-500 - Administrator - Disabled)
Andy (S-1-5-21-1020228174-254853255-2842383887-1001 - Administrator - Enabled) => C:\Users\Andy
DefaultAccount (S-1-5-21-1020228174-254853255-2842383887-503 - Limited - Disabled)
Guest (S-1-5-21-1020228174-254853255-2842383887-501 - Limited - Disabled)
paula (S-1-5-21-1020228174-254853255-2842383887-1002 - Administrator - Enabled) => C:\Users\paula
WDAGUtilityAccount (S-1-5-21-1020228174-254853255-2842383887-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced SystemCare (HKLM-x32...\Advanced SystemCare_is1) (Version: 13.7.0 - IObit)
Avast SecureLine (HKLM...{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}is1) (Version: 1.0.239.2 - AVAST Software)
Bejeweled 3 (HKLM-x32...\WTA-03370242-92fd-4902-a56d-00d549d188f3) (Version: 2.2.0.95 - WildTangent) Hidden
Brother CanvasWorkspace (HKLM...{560F5904-8482-4BAC-BEB8-6AC2E21AB4A0}is1) (Version: 2.5.0 - Brother Industries, Ltd.)
Build-a-lot (HKLM-x32...\WTA-d341894c-70a6-4c9e-9b20-b8fb0b5dc7b4) (Version: 3.0.2.59 - WildTangent) Hidden
Building the Great Wall of China Collector’s Edition (HKLM-x32...\WTA-f6354ace-8be5-4784-be6c-e94912e1c393) (Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.83 - Piriform)
Cisco EAP-FAST Module (HKLM-x32...{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32...{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32...{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crazy Chicken Soccer (HKLM-x32...\WTA-df4a0939-fabc-4dd1-8417-fe5906905494) (Version: 2.2.0.110 - WildTangent) Hidden
Cricut Design Space (HKU\S-1-5-21-1020228174-254853255-2842383887-1001...{113DD42F-AE80-489B-8F15-FB8499306C48}) (Version: 5.8.15 - Cricut, Inc.)
CyberLink PhotoDirector (HKLM...{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32...\InstallShield{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32...{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM...{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32...\InstallShield{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32...{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
Delicious: Emily’s Wonder Wedding Premium Edition (HKLM-x32...\WTA-a8a245aa-7bd1-45d4-b5c0-d092343d4b72) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM...{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32...{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32...{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM...{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.13 (HKLM-x32...{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-2530-0000-AC13154E5A00}) (Version: 19.021.20058 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
HP DeskJet 2600 series Basic Device Software (HKLM...{FB71D010-BD89-4624-B681-355F72DE4E58}) (Version: 43.3.2478.18107 - HP Inc.)
HP DeskJet 2600 series Help (HKLM-x32...{9A36A9D9-787C-4E75-914B-CF133FA88FC9}) (Version: 44.0.0 - HP)
HP Documentation (HKLM...\HP_Documentation) (Version: - HP)
HP Dropbox Plugin (HKLM-x32...{C68BD3B6-3CC4-4871-94D1-3412A571001F}) (Version: 36.0.100.66344 - HP)
HP EmailSMTP Plugin (HKLM-x32...{763E42DC-F6DB-49E5-AAFD-CC3273F858CB}) (Version: 43.0.0.0 - HP)
HP ePrint SW (HKLM-x32...{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP FTP Plugin (HKLM-x32...{1E02EFE9-1EDB-4EE4-B02F-1B23C9AF3CD5}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32...{ADA6C223-3EEA-4CAF-822A-5380A7A40342}) (Version: 36.0.100.66344 - HP)
HP OneDrive Plugin (HKLM-x32...{16DB1A9B-1180-43E7-BE29-7201EE339206}) (Version: 36.0.0.0 - HP)
HP Photo Creations (HKLM-x32...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM...{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP SharePoint Plugin (HKLM-x32...{1F73FB9B-71BC-47F8-8AA6-DA9076E4E52B}) (Version: 43.0.0.0 - HP)
HP Support Solutions Framework (HKLM-x32...{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.17.27.5 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32...{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM...\HPWelcome) (Version: 1.0 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32...{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32...{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Jewel Match 3 (HKLM-x32...\WTA-61b31053-3bf0-4249-9df2-f473da9e6cf3) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes version 4.4.2.123 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM...\HomeStudentRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32...{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.11 (x64) (HKLM-x32...{e746e6a9-8254-4477-bbe0-a05900ec44e3}) (Version: 3.1.11.29516 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32...\Mobile Broadband HL Service) (Version: 22.001.29.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 74.0 (x64 en-GB) (HKLM...\Mozilla Firefox 74.0 (x64 en-GB)) (Version: 74.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32...{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM...{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32...{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32...\WTA-59807221-93be-4eff-81a2-d8e06bb7f9ec) (Version: 3.0.2.59 - WildTangent) Hidden
PowerToys (Preview) (HKLM...{FB5F92BF-39E2-4757-A744-55D2D28E9BEF}) (Version: 0.31.2 - Microsoft Corporation)
Product Improvement Study for HP DeskJet 2600 series (HKLM...{8D9801F9-62AA-4AD1-87A5-028CCE97DDDC}) (Version: 43.3.2478.18107 - HP Inc.)
Ranch Rush 2 - Premium Edition (HKLM-x32...\WTA-e94e2903-53e3-4614-87ac-8d0a3ca25f69) (Version: 2.2.0.97 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32...{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32...{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32...{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32...\WTA-ef090462-032a-474b-a2dd-d9b2601add76) (Version: 3.0.2.126 - WildTangent) Hidden
Sky Go 21.6.2.0 (HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\com.bskyb.skygoplayer_is1) (Version: 21.6.2.0 - Sky)
Smart Defrag 6 (HKLM-x32...\Smart Defrag_is1) (Version: 6.6.0 - IObit)
SUPERAntiSpyware (HKLM...{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1208 - SUPERAntiSpyware.com)
Sure Cuts A Lot 5.045 (HKLM...\Sure Cuts A Lot 5_is1) (Version: - Craft Edge)
swMSM (HKLM-x32...{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Trinklit Supreme (HKLM-x32...\WTA-bbaf0805-8093-4d17-b26b-6dd6e1101fdc) (Version: 2.2.0.98 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM...{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32...{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32...\WTA-8e158062-2729-4bd3-b475-ac90825a4e48) (Version: 3.0.2.59 - WildTangent) Hidden
Wedding Dash (HKLM-x32...\WTA-b946f3d7-6478-4c12-8ccf-06b3158d75ba) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32...{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Youda Jewel Shop (HKLM-x32...\WTA-ee03e766-031b-43d9-83f8-693620bd30d1) (Version: 3.0.2.51 - WildTangent) Hidden
Zoom (HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Amazon → C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815. 0_x64__343d40qqvtj1t [2020-09-23] (Amazon.com)
HP LOUNGE → C:\Program Files\WindowsApps\UniversalMusicMobile.HPLOUNGE_2. 1.1.0_x64__3ms5eyejfeart [2020-09-23] (Universal Music Mobile)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1. 234.0_x64__v10z8vjag6ke6 [2021-08-10] (HP Inc.)
Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-10] (Microsoft Studios) [MS Ad]
Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64_ _mcm4njqhnhss8 [2020-09-23] (Netflix, Inc.)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-09-23] (Microsoft Corporation)
Reader Notification Client → C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r [2020-09-23] (Adobe Systems Incorporated)
Simple Solitaire → C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleS olitaire_7.2.9.0_x64__kx24dqmazqk8j [2021-08-10] (Random Salad Games LLC)
Snapfish → C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopowered bySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2020-09-23] (Snapfish)
TripAdvisor Hotels Flights Restaurants → C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotels FlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2020-09-23] (TripAdvisor LLC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1020228174-254853255-2842383887-1002_Classes\CLSID{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command → C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated → Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ContextMenuHandlers1: [Advanced SystemCare] → [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => → No File
ContextMenuHandlers1: [SmartDefragExtension] → [CC]{189F1E63-33A7-404B-B2F6-8C76A452CC54} => → No File
ContextMenuHandlers2: [Advanced SystemCare] → [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => → No File
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-11] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerRenameExt .dll [2021-02-04] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [Advanced SystemCare] → [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => → No File
ContextMenuHandlers5: [igfxDTCM] → {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-02-25] (Microsoft Windows Hardware Compatibility Publisher → Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-11] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] → [CC]{189F1E63-33A7-404B-B2F6-8C76A452CC54} => → No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-09-16 00:31 - 2020-09-16 00:31 - 000355840 _____ () [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\Mono.Cecil.dll
2016-11-11 15:13 - 2011-08-24 03:39 - 000081920 _____ () [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan_ctypes.pyd
2016-11-11 15:13 - 2011-08-24 03:39 - 000053248 _____ () [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan_socket.pyd
2016-11-11 15:13 - 2011-08-24 03:39 - 000655360 _____ () [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan_ssl.pyd
2021-02-04 17:25 - 2021-02-04 17:25 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\ColorPicker\ManagedTelemet ry.dll
2021-02-04 17:25 - 2021-02-04 17:25 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\ManagedTelemetry. dll
2016-11-11 15:13 - 2015-10-26 12:27 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\MSVCR71.dll
2020-09-04 18:34 - 2020-09-04 18:34 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL
2020-09-04 18:34 - 2020-09-04 18:34 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL
2021-02-04 17:25 - 2021-02-04 17:25 - 000016384 _____ (Microsoft.PowerToys.Run.Plugin.Calculator) [File not signed] C:\Program Files\PowerToys\modules\launcher\Plugins\Calculato r\Microsoft.PowerToys.Run.Plugin.Calculator.dll
2020-09-23 19:01 - 2020-09-23 19:01 - 000895488 _____ (ModernWpf) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\ColorPicker\ModernWpf.dll
2020-09-23 19:01 - 2020-09-23 19:01 - 000895488 _____ (ModernWpf) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\ModernWpf.dll
2020-08-22 11:31 - 2020-08-22 11:31 - 000817152 _____ (NLog) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\NLog.dll
2020-08-27 21:03 - 2020-08-27 21:03 - 000046080 _____ (NLog) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\NLog.Extensions.L ogging.dll
2016-11-11 15:13 - 2011-08-24 03:39 - 002113536 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan\python25.dll
2020-10-12 23:38 - 2020-10-12 23:38 - 000052224 _____ (Tatham Oddie & friends) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\ColorPicker\System.IO.Abst ractions.dll
2020-10-12 23:38 - 2020-10-12 23:38 - 000052224 _____ (Tatham Oddie & friends) [File not signed] [File is in use] C:\Program Files\PowerToys\modules\launcher\System.IO.Abstrac tions.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1020228174-254853255-2842383887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1020228174-254853255-2842383887-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 → {952A6C9C-B7D1-487B-9CF2-8F55320493DF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1020228174-254853255-2842383887-1001 → {952A6C9C-B7D1-487B-9CF2-8F55320493DF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Evernote extension → {92EF2EAD-A7CE-4424-B0DB-499CF856608E} → C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION → Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper → {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} → C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2017-10-27] (HP Inc. → HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation → Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPo werShell\v1.0;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH;C:\Pr ogram Files\dotnet
HKU\S-1-5-21-1020228174-254853255-2842383887-1001\Control Panel\Desktop\Wallpaper → C:\Users\Andy\Desktop\IMG-20161225-WA0007.jpg
HKU\S-1-5-21-1020228174-254853255-2842383887-1002\Control Panel\Desktop\Wallpaper → C:\Users\paula\Desktop\DCIM\100DICAM\DSCI0022.JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM...\StartupApproved\StartupFolder: => “Avast SecureLine VPN.lnk”
HKLM...\StartupApproved\Run: => “RTHDVCPL”
HKLM...\StartupApproved\Run: => “DeliveryAndStatusCheck”
HKLM...\StartupApproved\Run: => “WinZip UN”
HKLM...\StartupApproved\Run32: => “HPMessageService”
HKLM...\StartupApproved\Run32: => “PowerDVD14Agent”
HKLM...\StartupApproved\Run32: => “WinZip PreLoader”
HKLM...\StartupApproved\Run32: => “SecurityHealth”
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\StartupApproved\Run: => “GoogleChromeAutoLaunch_A69DCE493FB9444452A92359AA 0F4A85”
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\StartupApproved\Run: => “Chromium”
HKU\S-1-5-21-1020228174-254853255-2842383887-1001...\StartupApproved\Run: => “CCleaner Smart Cleaning”
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\StartupApproved\Run: => “CCleaner Smart Cleaning”
HKU\S-1-5-21-1020228174-254853255-2842383887-1002...\StartupApproved\Run: => “SUPERAntiSpyware”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{41489E05-ADAE-4406-9241-710B7C6B02C7}] => (Allow) C:\Users\paula\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{1BA0DE9F-E16F-47C2-916A-28EB6CCD6469}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{9B866E7D-81D4-448E-A03F-474D7E0C0F6E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{21FD26D9-B04F-4926-B259-9B16F6BF0CEF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company → Hewlett-Packard Development Company, L.P.)
FirewallRules: [{F7A7A6A8-DE50-4D5B-931E-D907A8DCEEA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. → CyberLink Corp.)
FirewallRules: [{A8D8511B-090C-4200-9596-87EBBB835240}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPD VD14.exe (CyberLink Corp. → CyberLink)
FirewallRules: [{7D8460B2-1AB4-4753-8F90-B45EBCD1E1F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. → CyberLink Corp.)
FirewallRules: [{6A9F18CD-0B5F-47C9-B640-59F3D09F7C82}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. → CyberLink Corp.)
FirewallRules: [{599300C6-9E66-49D5-B628-E3039749D57A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. → CyberLink Corp.)
FirewallRules: [{8FEB901F-8013-4877-A078-25E823EFCD81}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd → Piriform)
FirewallRules: [{BC73D79F-4D9F-46B6-95AF-AEE88D1DC4F5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd → Piriform)
FirewallRules: [{1531F537-6417-456A-AFAB-A276F5208C60}] => (Allow) C:\Users\Andy\AppData\Local\Chromium\Application\c hrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{215EC8A5-00CF-4E99-B4BE-4B63746EFC6E}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\bin\DigitalWizards.exe (Hewlett Packard → HP Inc.)
FirewallRules: [{47376E0D-7F9F-4D04-B932-C6763CB9E5A3}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\DeviceSetup.exe (Hewlett Packard → HP Inc.)
FirewallRules: [{23AAC3C3-F67F-4C7C-A157-D0499651F83A}] => (Allow) LPort=5357
FirewallRules: [{F31E1E5B-95E7-483A-9E25-D7C01D1AA936}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard → HP Inc.)
FirewallRules: [{1763A87E-8AFB-4168-A445-4A3979A84F2F}] => (Allow) C:\Users\paula\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{6A998B62-4F91-41BA-AEF9-D2818DB4F68E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{9BD64FE4-4319-402B-8434-9310EE080DEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{C109A9FE-AFF8-4711-8FC8-5A3D8A216374}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{99B962F5-B762-4F50-A318-759C6B99972D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{47EE42D7-781A-4D60-BE7C-E85AC925BEFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
==================== Restore Points =========================
10-08-2021 23:49:34 Windows Modules Installer
11-08-2021 00:04:20 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (08/11/2021 04:48:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Faulting module name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Exception code: 0xc0000409
Fault offset: 0x000dcbdd
Faulting process ID: 0x1730
Faulting application start time: 0x01d78ec7bbd768c1
Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe
Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe
Report ID: 5d24a630-7d55-4895-aa66-4f0a9a14db7a
Faulting package full name:
Faulting package-relative application ID:
Error: (08/11/2021 04:34:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialise the VSS backup “System Writer” object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (08/11/2021 08:47:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (08/11/2021 08:47:21 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (08/11/2021 05:15:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Faulting module name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Exception code: 0xc0000409
Fault offset: 0x000dcbdd
Faulting process ID: 0x66c
Faulting application start time: 0x01d78e67775c31d9
Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe
Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe
Report ID: 120c431c-a78b-4c67-866c-cbb6cfd927b8
Faulting package full name:
Faulting package-relative application ID:
Error: (08/11/2021 03:17:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Faulting module name: vpnupdate.exe, version: 5.5.515.0, time stamp: 0x5d4a8d1e
Exception code: 0xc0000409
Fault offset: 0x000dcbdd
Faulting process ID: 0x1414
Faulting application start time: 0x01d78e56fa3f8c85
Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe
Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe
Report ID: da2cadb4-b782-4738-b941-8412af2dbe43
Faulting package full name:
Faulting package-relative application ID:
Error: (08/11/2021 12:04:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service avgbIDSAgent since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (08/11/2021 12:04:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Tools since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
[HEADING=1]System errors:[/HEADING]
Error: (08/11/2021 04:50:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
Error: (08/11/2021 04:47:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service did not respond on starting.
Error: (08/11/2021 04:45:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Storage Service service did not respond on starting.
Error: (08/11/2021 04:42:40 PM) (Source: DCOM) (EventID: 10010) (User: ANDYS-POSH-LAPT)
Description: The server {40ECCDBB-2202-4FDF-83ED-272187326B7A} did not register with DCOM within the required timeout.
Error: (08/11/2021 04:41:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service did not respond on starting.
Error: (08/11/2021 04:34:26 PM) (Source: DCOM) (EventID: 10005) (User: ANDYS-POSH-LAPT)
Description: DCOM got error “1084” attempting to start the service camsvc with arguments “Unavailable” in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Error: (08/11/2021 04:34:12 PM) (Source: DCOM) (EventID: 10005) (User: ANDYS-POSH-LAPT)
Description: DCOM got error “1084” attempting to start the service lfsvc with arguments “Unavailable” in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}
Error: (08/11/2021 04:33:54 PM) (Source: DCOM) (EventID: 10005) (User: ANDYS-POSH-LAPT)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
[HEADING=1]Windows Defender:[/HEADING]
Date: 2020-09-21 21:42:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-20 19:12:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-19 19:53:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-17 22:02:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-16 19:32:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-10 20:12:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-08-10 19:24:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-08-10 19:24:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-08-10 19:24:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-08-10 19:24:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2021-08-08 01:08:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-08-08 01:02:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-08 01:01:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.21 05/17/2016
Motherboard: HP 80C1
Processor: Intel(R) Pentium(R) CPU 3825U @ 1.90GHz
Percentage of memory in use: 92%
Total physical RAM: 4011.39 MB
Available physical RAM: 294.55 MB
Total Virtual: 6544.4 MB
Available Virtual: 1028.75 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:914.48 GB) (Free:769.05 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.06 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
\?\Volume{e2aeaa44-6276-430e-bc54-56281d82efda}\ () (Fixed) (Total:1.7 GB) (Free:0.84 GB) NTFS
\?\Volume{63d7ab20-ad76-4d07-aac0-6e5ddd51248a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
================================================== ========
Disk: 0 (Size: 931.5 GB) (Disk ID: 36BEF902)
Partition: GPT.
==================== End of Addition.txt =======================
Comment