Like most of us, I have thousands of photos on my Windows 10 PC. I have just noticed that every single photo name has had an identical date and time added to it. For example, instead of "Me on the beach.jpg" is now reads "Me on the beach (2020_15_12 14_09_53 UTC).jpg" Each photo has the exact same date and time, which has nothing to do with when the photo was taken, added to the PC or last edited. Some recent photos (added in 2022, 2023) have a different date and time; Very recent ones (2024) do not....YET! What has caused this, and how can I stop it happening? I am starting to laboriously edit each file name, but am most worried that something will cause a new date to be added at some point. Please can anyone help?
All my photos have new spurious date and time added to file name
- Thread starter huwhuw
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More. -
Hello everyone We want to personally apologize to everyone for the downtime that we've experienced. We are working to get everything back up as quickly as possible. Due to the issues we've had, your password will need to be reset. Please click the button that says "Forgot Your Password" and change it. We are working to have things back to normal. Emails are fixed and should now send properly. Thank you all for your patience. Thanks, PCHF Management
- Status
See if this will help save you some time on the re-naming job. https://www.bulkrenameutility.co.uk/#mainscreen
The issue as to why they changed would be better served by our security expert.
@Malnutrition
The issue as to why they changed would be better served by our security expert.
@Malnutrition
Yes, they are. I just want to get rid of the superfluous dates and stop it happening again.
I've only seen that kind of mass renaming of files when a ramsonware infection has happened, and even then, it has been all personal file types; .jpg, .doc, .mp4, .txt, etc.
Would be worth the effort for @Malnutrition to give the PC a clean bill of health.
Would be worth the effort for @Malnutrition to give the PC a clean bill of health.
Please follow the instructions here. https://pchelpforum.net/t/prework-please-read-before-posting.11235/post-11788
Attach both Frst and addition.txt logs for review.
Attach both Frst and addition.txt logs for review.
Thank you so much for offering to help me.
Logs are below this....
To reiterate my issue : Like most of us, I have thousands of photos on my Windows 10 PC. I have just noticed that every single photo name has had an identical date and time added to it. For example, instead of “John at the beach.jpg” it now reads “John at the beach (2020_12_15 14_09_53 UTC).jpg. Each photo has the exact same date and time, which has nothing to do with when the photo was taken, uploaded, or edited. Some more recent photos (2022, 2023) have a different date and time. Very recent ones (2024) do not… YET!
Thanks to xrobwx71, I have successfully used the suggested software to remove the unwanted dates.
My concern is why did this happen in the first place, and - most importantly - how can I prevent it re-occurring.. Although the bulk of dates is as noted above, some photos have other dates, the most recent being September 2023.
Any advice is greatly appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.07.2024
Ran by Huw (administrator) on HUW-PC (02-07-2024 13:18:49)
Running from C:\Users\Huw\Desktop\FRST64 (1).exe
Loaded Profiles: Huw
Platform: Microsoft Windows 10 Home Version 22H2 19045.4529 (X64) Language: English (United States)
Default browser: "C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe" -noautoupdate -- "%1"
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
(C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Huw\AppData\Local\Programs\Opera\111.0.5168.43\opera_crashreporter.exe
(DriverStore\FileRepository\c0380462.inf_amd64_3f0d0d0e3189ddd8\B378995\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0380462.inf_amd64_3f0d0d0e3189ddd8\B378995\atieclxx.exe
(explorer.exe ->) (Intuit) [File not signed] C:\Program Files (x86)\QUICKENW\QWDLLS.EXE
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe <15>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0380462.inf_amd64_3f0d0d0e3189ddd8\B378995\atiesrxx.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(services.exe ->) (ORANGE VIEW LIMITED -> iTop Inc.) C:\Program Files (x86)\iTop Data Recovery\IDRService.exe <2>
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2022-06-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6813680 2016-12-15] (Acronis International GmbH -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3590656 2021-10-20] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7010280 2024-04-03] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45430176 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe [2011504 2024-02-21] (Digital Wave Ltd -> Digital Wave Ltd)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Huw\AppData\Local\Microsoft\Teams\Update.exe [2587320 2023-06-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [Microsoft Edge Update] => C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateCore.exe [264264 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [Opera Stable] => C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe [1247136 2024-06-27] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [com.messenger] => "C:\Users\Huw\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [5461872 2024-05-07] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\HP 1254 Status Monitor: C:\WINDOWS\system32\hpinksts1254LM.dll [476640 2019-03-14] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY Photo 6200 series): C:\WINDOWS\system32\HPDiscoPM1254.dll [987040 2019-03-18] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\PJLMON.DLL [24064 2024-06-17] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{BC455173-F501-4356-804F-571FAFB6EA9A}] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2020-12-15]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\QUICKENW\QWDLLS.EXE (Intuit) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickScan (OpticFilm 8100).lnk [2021-06-22]
ShortcutTarget: QuickScan (OpticFilm 8100).lnk -> C:\Program Files (x86)\Plustek\OpticFilm 8100\QuickScan_x64.exe () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {220CD70C-43F3-457B-A188-C04E906B28FA} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {40E93541-895E-4986-ADB8-AE963FDCB067} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {8E2CA7EA-5000-4E65-A91B-6E10132819D0} - System32\Tasks\{0397C9A3-863E-4496-B0B3-E7923A0913A7} => C:\Windows\System32\pcalua.exe [53760 2024-06-17] (Microsoft Windows -> Microsoft Corporation) -> -a "D:\Downloads\Pinnacle Studio Install Files\Studio 19.5 Download Files\64bit\Prerequisites\directx_jun2010_rar_redist.exe" -d "D:\Downloads\Pinnacle Studio Install Files\Studio 19.5 Download Files\64bit\Prerequisites"
Task: {67A15A45-D3A2-483D-A8EA-D0E4136D22C0} - System32\Tasks\{90F463F5-2ED2-4376-BF59-B436CF298BA3} => C:\Program Files (x86)\QUICKENW\QW.EXE [7831552 2002-01-24] (Intuit) [File not signed]
Task: {F3398ECE-422F-4397-BDBA-67BD61728433} - System32\Tasks\{9E25DB88-A553-4F74-B6F5-71BE32D30F03} => C:\Windows\System32\pcalua.exe [53760 2024-06-17] (Microsoft Windows -> Microsoft Corporation) -> -a "D:\Downloads\Smart Address Install Files\SmartAddress2000Setup.exe" -d "D:\Downloads\Smart Address Install Files"
Task: {F5C32D33-922B-44BA-90B5-95C25DBCD375} - System32\Tasks\{B8EB5E79-58E6-4E5E-BBF5-CFCB2A8AD4C4} => D:\Downloads\Pinnacle Studio Install Files\Studio 19.5 Download Files\64bit\Prerequisites\directx_jun2010_rar_redist.exe [100881546 2016-08-05] () [File not signed]
Task: {16B8BB06-CAF2-4B9C-9DCD-A00E90D02A74} - System32\Tasks\{E31D0EC9-7C0C-401E-97CE-415011156FDD} => C:\Program Files (x86)\Smart Address 2000\SMARTADR.exe [226816 2002-02-10] (Oakley Data Services) [File not signed]
Task: {4C88C614-D3AC-4B0E-92D8-83FAA0CC2D8F} - System32\Tasks\{EB60A9A2-4EBE-4B3D-8C0C-AE3D3FAA5AE1} => C:\Program Files (x86)\QUICKENW\QW.EXE [7831552 2002-01-24] (Intuit) [File not signed]
Task: {5029F108-616F-439E-9A0C-9C18BA27A9C4} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5511536 2024-03-15] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task
Task: {9CBF6765-35E8-4AE2-99E4-3C6245B5C912} - System32\Tasks\ASC_SkipUac_Huw => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [10551664 2024-05-08] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {5F4B20BD-142C-4181-BF51-37CD323D21D7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1134752 2014-03-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {FCEDCB5A-529F-433D-BADD-6234CA9CBBA2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-27] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {48FE5DBA-41A5-469F-A47C-1A5AB1FAC815} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {C889F682-64F9-49FF-B25B-2E72680E9A4E} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "b0176b80-9fa8-4398-9dd4-e713c839ca7f" --version "6.24.11060" --silent
Task: {CD3AFF32-C85D-497A-92FD-601193AC5745} - System32\Tasks\CCleanerSkipUAC - Huw => C:\Program Files\CCleaner\CCleaner.exe [39169952 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {00E13EEA-AD05-4ADB-85F6-94BA118B7F6C} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\11.4.0\Scheduler.exe [160744 2024-03-12] (IObit CO., LTD -> IObit)
Task: {DCD166CB-DA89-4706-80C9-5BEA6CFF2F66} - System32\Tasks\Driver Booster SkipUAC (Huw) => C:\Program Files (x86)\IObit\Driver Booster\11.4.0\DriverBooster.exe [9050480 2024-04-10] (IObit CO., LTD -> IObit)
Task: {B153ADE1-EEEE-4844-B9EA-ACE15224E2C4} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\11.4.0\AutoUpdate.exe [2533232 2024-04-12] (IObit CO., LTD -> IObit)
Task: {C11399A1-0ABD-48BA-ADF4-34BCA0CCC618} - System32\Tasks\DSOne Agent => C:\Program Files (x86)\Driver Support One\DSOne.exe [1086656 2020-06-02] (Asurvio, LP -> Asurvio LP) <==== ATTENTION
Task: {E912BA93-2A4F-45DA-8C5C-C9DF60020FC5} - System32\Tasks\DuplicatePhotoCleaner => C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe [7588512 2024-04-11] (Webminds, Inc. -> Webminds, Inc.)
Task: {398BC768-F3EC-4EFC-B5CD-0DE52808D653} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{ED147991-B258-4A45-9DD8-66E12ECBD39E} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {F516B4F3-2436-4A06-BEBC-F202A69B47DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-05-13] (HP Inc. -> HP Inc.)
Task: {1F259B8B-4BBF-47B8-8071-0E25F9A77478} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [231472 2024-05-13] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {8DBBA722-A27B-4BF3-AB7A-E0FA8ECD89D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {65302BB3-AE7C-43E8-834E-FEDF5D7EA146} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH87U7V0F1 => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {108AFDBA-0358-44A0-BAC8-51A31F809882} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-15] (HP Inc. -> HP Inc.)
Task: {E72966D2-CB7F-4628-9D37-01CA619B7C13} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-15] (HP Inc. -> HP Inc.)
Task: {AF3B665F-FD4E-4342-86DE-449D835C9F3F} - System32\Tasks\IMF_SkipUAC_Huw => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7010280 2024-04-03] (IObit CO., LTD -> IObit)
Task: {4A8366B8-8772-475E-829D-EFFB1432CB7D} - System32\Tasks\iTop Data Recovery SkipUAC (Huw) => C:\Program Files (x86)\iTop Data Recovery\iTopDataRecovery.exe [3609856 2022-12-09] (ORANGE VIEW LIMITED -> iTop Inc.) -> C:\Program Files (x86)\iTop Data Recovery\\/skipUAC
Task: {999AA725-043D-4264-BA7D-95850A2D1056} - System32\Tasks\iTop Data Recovery Update => C:\Program Files (x86)\iTop Data Recovery\AutoUpdate.exe [3132672 2022-11-19] (ORANGE VIEW LIMITED -> iTop Inc.) -> C:\Program Files (x86)\iTop Data Recovery\\/auto
Task: {A9D7983D-CCB3-45EB-B121-00961C0806BF} - System32\Tasks\iTop Screenshot SkipUAC (Huw) => C:\Program Files (x86)\iTop Screenshot\iScrShot.exe [7622400 2023-05-11] (ORANGE VIEW LIMITED -> iTop Inc.) -> C:\Program Files (x86)\iTop Screenshot\\/skipuac
Task: {A1ABEA15-F548-4688-8810-5E7FA0507862} - System32\Tasks\iTop Screenshot Update => C:\Program Files (x86)\iTop Screenshot\AutoUpdate.exe [3081472 2023-05-17] (ORANGE VIEW LIMITED -> iTop Inc.) -> C:\Program Files (x86)\iTop Screenshot\\/auto
Task: {CDCC67DB-64B5-4079-85E1-C1617A8F42C4} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2221484241-1263235730-2637574372-1000 => C:\Users\Huw\AppData\Local\Programs\Messenger\MessengerHelper.exe [2171640 2024-03-23] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {023C3B70-74BB-4A85-9E54-EE23FB5A15E7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570424 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE8F1632-AAB8-4815-9201-917A486D58EA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570424 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {6253B889-88C5-447C-8592-786313F86544} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209896 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {82FFF415-61CD-4CC7-B1D3-0A7022DA234B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209896 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {900221FE-2B21-417F-A767-E63120DC536A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3515344 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD96627C-0ED0-4A4A-B6CB-8238EEEC2908} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3515344 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {105549DE-15ED-4535-8C6E-0C37C565B036} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {28D4FD3C-0590-4BA3-9580-032F8A0A95B7} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {F63E0DDC-2C75-4441-96A6-AE3F45340CA2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {F4A6A04E-F558-490E-94AD-FB747FAB3568} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {7E72C13E-D2BE-465C-AED2-557C32DDFB7A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4225AA2C-FD8E-4065-B5DF-0E0EEA1D94E6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {BA3E05A9-3DC5-4C3F-97DD-92CD4748AB13} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {4CCCF5FF-25B6-4535-A3E6-3BC7BD11010A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {3356D6BC-E82B-46EB-8E23-FFD82254D58C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {778214DB-CC8B-4DC2-8572-FA523A124127} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {6EDB3AAD-0A7B-45A5-8FAF-9136F3E4C23F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {BB6A194D-7756-412B-A398-1FEBC74149B8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {28379DA4-66B3-4C75-A97B-03BB461D690F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5CE9D087-7F86-42E1-8FED-7C4F42F8CC1C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {1BEB23D7-0E64-43EC-B70A-0FFC958CB198} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D2CF5F2F-E491-4270-87AC-437FF94077E7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {E6BA2871-74A2-4C72-8822-18CF3F71B7FE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {BBA1404E-6B55-43FF-97B8-A79340594E73} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {3356DA62-C4DA-4773-BE02-AFB78931AF6A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {4CDD7FCB-90FA-4EB3-973F-D1546D3FCF2F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {BFED4D8C-F9DA-4666-B36A-FBEE07BE7887} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2CDF0C09-7B42-41DB-B811-AC32A2F5D068} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {A137888F-F049-4056-BBAA-7A066C52E510} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {9F1DA2F7-DA72-4415-8420-F054D19EDDDF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {61B70DAE-58A6-4156-8D69-9864581DD22C} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {C483CE25-B1C5-4BEB-AA31-5CADC8C66692} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance => {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {B968624F-1684-4B11-8AB2-422FF19F50E7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {162713F9-1699-45CE-89AB-47C17CF5F05F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {B6643B35-9A75-4B79-95BE-56B4876A8098} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {4775606B-31C3-404D-9222-306E7464D209} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {4588D2BF-5384-4B63-B86A-C012E3C468ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94A94F2C-0BD4-4D9F-9CBA-677E36B5B65F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF7BBEEE-90FB-4C5B-8BCA-F0CBAAFED538} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BA718461-A9A9-4015-83B0-64CD8F46664D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F93E2A44-7E3E-49FE-9F66-12B1F4A037C0} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization => {97D47D56-3777-49FB-8E8F-90D7E30E1A1E}
Task: {6440C5E0-A168-4A5F-B84E-F7C8C0A6E933} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work => {63260BCE-A3FB-4A34-AA51-D4D8E877B62B}
Task: {ABE3FE72-050C-46EB-84A1-C4F861F2EF03} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2221484241-1263235730-2637574372-1000Core{73550B76-A631-4331-A975-AB1934074C24} => C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8222D43A-6E81-4146-8BCA-997865474B47} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2221484241-1263235730-2637574372-1000UA{A2CE1023-1F89-4092-BF14-3BCA233CECB6} => C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3177E19-B6BF-4F7D-8872-E8695FF0ADD1} - System32\Tasks\Opera scheduled assistant Autoupdate 1621513394 => C:\Users\Huw\AppData\Local\Programs\Opera\launcher.exe [1247136 2024-06-27] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Huw\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {79AC36A7-9C0F-4AE0-AD0A-56B4937A7334} - System32\Tasks\Opera scheduled Autoupdate 1621513387 => C:\Users\Huw\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [4886944 2024-06-25] (Opera Norway AS -> Opera Software)
Task: {D4BEF5F4-D1B6-423C-8E43-7B9B96916FCD} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2221484241-1263235730-2637574372-1000 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {4BB141A8-BAD7-4AB2-A425-F40FDAFE4147} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2024-03-22] (IObit Information Technology -> IObit)
Task: {CE3DDA2B-9A65-4F82-8609-8B8A095121E3} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3721576 2024-04-09] (IObit CO., LTD -> IObit)
Task: {4BA79B2A-C96A-4AEC-8EF8-81335020A392} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [2194440 2024-03-12] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {A8B64938-B491-4BA2-A179-AAC136834F49} - System32\Tasks\Software Updater SkipUAC(Huw) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4561416 2024-03-12] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {24106DE2-279E-4F1D-9BE9-9AC093CA0D06} - System32\Tasks\Uninstaller_SkipUac_Huw => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [9909256 2024-03-06] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\IObit Uninstaller\\/UninstallExplorer
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{3C384970-4A3D-41A7-AC31-FA461DA2F432}: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{3C384970-4A3D-41A7-AC31-FA461DA2F432}: [DhcpDomain] fritz.box
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-01] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Huw\AppData\Local\Google\Chrome\User Data\Default [2024-06-12]
CHR Notifications: Default -> hxxps://track.dpd.co.uk; hxxps://uk.allsearchsite.com; hxxps://www.cruise118.com; hxxps://www.opendemocracy.net; hxxps://www.sixstarcruises.co.uk
CHR StartupUrls: Default -> "hxxps://www.trivago.co.uk/?iPathId=569786&bDispMoreFilter=false&aDateRange%5Barr%5D=2017-12-19&aDateRange%5Bdep%5D=2017-12-22&aCategoryRange=0%2C1%2C2%2C3%2C4%2C5&iRoomType=7&sOrderBy=relevance%20desc&aPartner=&aOverallLiking=1%2C2%2C3%2C4%2C5&iOffset=0&iLimit=25&iIncludeAll=0&bTopDealsOnly=false&iViewType=0&aPriceRange%5Bto%5D=0&aPriceRange%5Bfrom%5D=0&aPathList=569786&aGeoCode%5Blng%5D=124.646698&aGeoCode%5Blat%5D=8.481277&bIsSeoPage=false&aHotelTestClassifier=&bSharedRooms=false&bIsSitemap=false&rp=&cpt=56978603&iFilterTab=0&","hxxps://uk.hotels.com/ho455339/?PSRC=TR01&cur=GBP&locale=en_GB&mpa=159.30&mpd=GBP&mpe=1505652601&mph=0&pos=HCOM_UK&q-check-in=2017-12-19&q-check-out=2017-12-22&q-room-0-adults=2&q-rooms=1&rateplanid=203325736&rffrid=mdp.hcom.UK.011.387.02.42&trv_curr=GBP&trv_dp=53&wapa4=455339","hxxps://uk.hotels.com/ho633787872/?PSRC=TR01&cur=GBP&locale=en_GB&mpa=49.44&mpb=5.94&mpd=GBP&mpe=1505652601&mph=0&pos=HCOM_UK&q-check-in=2017-12-19&q-check-out=2017-12-22&q-room-0-adults=2&q-rooms=1&rateplanid=211045727&rffrid=mdp.hcom.UK.011.387.02.42&trv_curr=GBP&trv_dp=18&wapa4=633787872"
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2024-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
Opera:
=======
OPR DefaultProfile: Default
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1135600 2016-12-15] (Acronis International GmbH -> )
R2 AdvancedSystemCareService17; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1268744 2024-03-07] (IObit CO., LTD -> IObit)
S3 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463960 2020-08-16] (Acronis International GmbH -> Acronis)
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [377856 2023-07-20] (Brother Industries, Ltd.) [File not signed]
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9498088 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
S3 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [462432 2022-07-06] (Digital Wave Ltd -> Digital Wave Ltd)
S3 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2433528 2024-02-01] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [895552 2024-03-25] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [894416 2024-03-25] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [890832 2024-03-25] (HP Inc. -> HP Inc.)
S3 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-06-15] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [894928 2024-03-25] (HP Inc. -> HP Inc.)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2641384 2024-04-09] (IObit CO., LTD -> IObit)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [167432 2023-12-08] (IObit CO., LTD -> IObit)
R2 iTopDataRecoveryService3; C:\Program Files (x86)\iTop Data Recovery\IDRService.exe [1948928 2022-12-09] (ORANGE VIEW LIMITED -> iTop Inc.)
U2 iTopDataRecoveryService4; C:\Program Files (x86)\iTop Data Recovery\IDRService.exe [1948928 2022-12-09] (ORANGE VIEW LIMITED -> iTop Inc.)
S3 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973040 2021-10-21] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis International GmbH -> Acronis)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-09-08] (CyberLink Corp. -> CyberLink)
S3 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7637744 2015-11-06] (Acronis International GmbH -> Acronis)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [11776 2023-11-28] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [19968 2022-05-24] (Microsoft) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-09-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40920 2024-03-07] (IObit CO., LTD -> IObit)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-03-07] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46552 2024-03-07] (IObit CO., LTD -> IObit)
R1 CLMirrorDriver; C:\WINDOWS\System32\drivers\CLMirrorDriver.sys [21264 2016-11-09] (CyberLink Corp. -> CyberLink)
R3 cpuz154; C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [40976 2024-06-30] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [339808 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [160600 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 gdrv; C:\Windows\gdrv.sys [25640 2019-03-26] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2019-03-26] (GIGA-BYTE TECHNOLOGY CO., LTD -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-03-21] (Martin Malik - REALiX -> REALiX(tm))
R3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [26296 2024-01-21] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [42360 2019-07-30] (IObit Information Technology -> IObit)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40920 2023-11-03] (IObit CO., LTD -> IObit)
S3 IMFEFSFileControl; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [40824 2023-11-03] (IObit Information Technology -> IObit)
R3 IMFForceDelete123; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [20008 2023-11-03] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2023-11-03] (IObit Information Technology -> IObit)
S4 IMFMBRProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [23976 2023-11-03] (IObit Information Technology -> IObit)
S3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [33984 2023-11-03] (IObit Information Technology -> IObit)
S3 ImfRealScanner; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [53232 2023-11-03] (IObit CO., LTD -> IObit)
S3 ImfRegistryFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [42360 2023-11-03] (IObit Information Technology -> IObit)
R3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2024-03-07] (IObit CO., LTD -> IObit)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R1 JitDriver; C:\WINDOWS\system32\drivers\JitDriver.sys [47104 2020-07-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2013-09-23] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
S3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2024-03-22] (IObit Information Technology -> IObit)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1049432 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [202592 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [581464 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 usbscan; C:\Windows\SysWOW64\drivers\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [File not signed]
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [301408 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R2 WiseFs; C:\WINDOWS\WiseFs64.sys [49736 2023-11-27] (Microsoft Windows Hardware Compatibility Publisher -> )
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-07-02 13:18 - 2024-07-02 13:20 - 000044134 _____ C:\Users\Huw\Desktop\FRST.txt
2024-07-02 13:17 - 2024-07-02 13:19 - 000000000 ____D C:\FRST
2024-07-02 13:16 - 2024-07-02 13:17 - 002395648 _____ (Farbar) C:\Users\Huw\Desktop\FRST64 (1).exe
2024-07-01 23:42 - 2024-07-01 23:42 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2221484241-1263235730-2637574372-1000
2024-07-01 23:42 - 2024-07-01 23:42 - 000002413 _____ C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-01 12:02 - 2024-07-01 12:02 - 000001023 _____ C:\Users\Huw\Desktop\Bulk Rename Utility.lnk
2024-06-30 12:48 - 2024-06-30 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2024-06-30 12:48 - 2024-06-30 12:48 - 000000000 ____D C:\Program Files\Bulk Rename Utility
2024-06-30 11:33 - 2024-06-30 11:34 - 000000000 ____D C:\ProgramData\FreeFileSync
2024-06-27 16:11 - 2024-06-27 16:11 - 000004200 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1621513387
2024-06-27 16:11 - 2024-06-27 16:11 - 000001404 _____ C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2024-06-23 18:25 - 2024-06-23 18:25 - 120102912 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2024-06-23 18:25 - 2024-06-23 18:25 - 000843776 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2024-06-23 18:25 - 2024-06-23 18:25 - 000065536 _____ C:\WINDOWS\system32\config\SAM.iobit
2024-06-23 18:25 - 2024-06-23 18:25 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2024-06-21 12:56 - 2024-06-21 12:56 - 000001250 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2024-06-21 12:56 - 2024-06-21 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2024-06-18 20:27 - 2024-06-18 20:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-06-17 18:04 - 2024-06-17 18:04 - 000004390 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1621513394
2024-06-17 17:58 - 2024-06-17 17:58 - 007372800 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2024-06-17 17:54 - 2024-06-17 17:54 - 000003062 _____ C:\WINDOWS\system32\Tasks\ASC_SkipUac_Huw
2024-06-17 17:54 - 2024-06-17 17:54 - 000001312 _____ C:\Users\Public\Desktop\Advanced SystemCare.lnk
2024-06-17 09:33 - 2024-06-17 09:39 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-06-17 09:33 - 2024-06-17 09:33 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2024-06-17 09:30 - 2024-06-17 09:32 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-06-17 09:30 - 2024-06-17 09:30 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-06-17 09:28 - 2024-06-27 16:09 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-17 09:28 - 2024-06-17 09:28 - 000000000 ____D C:\WINDOWS\InboxApps
2024-06-17 09:28 - 2024-06-17 09:28 - 000000000 ____D C:\ProgramData\ssh
2024-06-17 09:20 - 2024-06-17 09:20 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-06-17 09:17 - 2024-06-17 09:17 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\WINDOWS\system32\msmq
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\Program Files\MSBuild
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\inetpub
2024-06-17 01:02 - 2024-06-17 01:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-06-17 01:00 - 2024-07-01 23:42 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2221484241-1263235730-2637574372-1000
2024-06-17 01:00 - 2024-06-30 01:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-17 01:00 - 2024-06-30 01:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2024-06-17 01:00 - 2024-06-17 17:55 - 000003276 _____ C:\WINDOWS\system32\Tasks\ASC_PerformanceMonitor
2024-06-17 01:00 - 2024-06-17 01:00 - 000003714 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2221484241-1263235730-2637574372-1000UA{A2CE1023-1F89-4092-BF14-3BCA233CECB6}
2024-06-17 01:00 - 2024-06-17 01:00 - 000003598 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2221484241-1263235730-2637574372-1000Core{73550B76-A631-4331-A975-AB1934074C24}
2024-06-17 01:00 - 2024-06-17 01:00 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-17 01:00 - 2024-06-17 01:00 - 000003280 _____ C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-2221484241-1263235730-2637574372-1000
2024-06-17 01:00 - 2024-06-17 01:00 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-17 01:00 - 2024-06-17 01:00 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002954 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-06-17 01:00 - 2024-06-17 01:00 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2221484241-1263235730-2637574372-1005
2024-06-17 01:00 - 2024-06-17 01:00 - 000002744 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Huw)
2024-06-17 01:00 - 2024-06-17 01:00 - 000002720 _____ C:\WINDOWS\system32\Tasks\iTop Data Recovery Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002702 _____ C:\WINDOWS\system32\Tasks\iTop Screenshot Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002684 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_AutoAnalyze
2024-06-17 01:00 - 2024-06-17 01:00 - 000002674 _____ C:\WINDOWS\system32\Tasks\DSOne Agent
2024-06-17 01:00 - 2024-06-17 01:00 - 000002632 _____ C:\WINDOWS\system32\Tasks\DuplicatePhotoCleaner
2024-06-17 01:00 - 2024-06-17 01:00 - 000002582 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Huw
2024-06-17 01:00 - 2024-06-17 01:00 - 000002580 _____ C:\WINDOWS\system32\Tasks\{0397C9A3-863E-4496-B0B3-E7923A0913A7}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002570 _____ C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2024-06-17 01:00 - 2024-06-17 01:00 - 000002562 _____ C:\WINDOWS\system32\Tasks\iTop Data Recovery SkipUAC (Huw)
2024-06-17 01:00 - 2024-06-17 01:00 - 000002560 _____ C:\WINDOWS\system32\Tasks\Software Updater Scheduler
2024-06-17 01:00 - 2024-06-17 01:00 - 000002556 _____ C:\WINDOWS\system32\Tasks\Driver Booster Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002528 _____ C:\WINDOWS\system32\Tasks\iTop Screenshot SkipUAC (Huw)
2024-06-17 01:00 - 2024-06-17 01:00 - 000002482 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002402 _____ C:\WINDOWS\system32\Tasks\Software Updater SkipUAC(Huw)
2024-06-17 01:00 - 2024-06-17 01:00 - 000002374 _____ C:\WINDOWS\system32\Tasks\{9E25DB88-A553-4F74-B6F5-71BE32D30F03}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002346 _____ C:\WINDOWS\system32\Tasks\IMF_SkipUAC_Huw
2024-06-17 01:00 - 2024-06-17 01:00 - 000002258 _____ C:\WINDOWS\system32\Tasks\{B8EB5E79-58E6-4E5E-BBF5-CFCB2A8AD4C4}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002250 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Huw
2024-06-17 01:00 - 2024-06-17 01:00 - 000002126 _____ C:\WINDOWS\system32\Tasks\{E31D0EC9-7C0C-401E-97CE-415011156FDD}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002094 _____ C:\WINDOWS\system32\Tasks\{EB60A9A2-4EBE-4B3D-8C0C-AE3D3FAA5AE1}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002094 _____ C:\WINDOWS\system32\Tasks\{90F463F5-2ED2-4376-BF59-B436CF298BA3}
2024-06-17 01:00 - 2024-06-17 01:00 - 000000020 ___SH C:\Users\Huw\ntuser.ini
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2024-06-17 00:59 - 2024-06-17 01:00 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2024-06-17 00:59 - 2024-06-17 01:00 - 000007623 _____ C:\WINDOWS\diagerr.xml
2024-06-17 00:51 - 2024-06-17 00:51 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\SystemCertificates
2024-06-17 00:51 - 2024-06-17 00:51 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Network
2024-06-17 00:51 - 2024-06-17 00:51 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Crypto
2024-06-17 00:50 - 2024-06-17 00:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-06-17 00:47 - 2024-06-30 01:49 - 000000000 ____D C:\Users\Huw
2024-06-17 00:47 - 2024-06-30 01:23 - 000934858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-17 00:47 - 2024-06-17 01:01 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows
2024-06-17 00:40 - 2024-07-02 13:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-17 00:40 - 2024-06-17 18:10 - 000804400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-06-14 13:39 - 2024-06-28 11:44 - 000000000 ___DC C:\WINDOWS\Panther
2024-06-14 13:37 - 2024-06-14 13:37 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-07-02 13:09 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-02 12:35 - 2023-11-29 00:57 - 000000000 ____D C:\Users\Huw\AppData\Roaming\FreeFileSync
2024-07-02 12:10 - 2019-03-21 19:23 - 000000000 ____D C:\Users\Huw\AppData\Roaming\vlc
2024-07-02 00:55 - 2020-01-14 01:48 - 000000000 ____D C:\Users\Huw\AppData\Local\ClassicShell
2024-07-01 17:27 - 2019-03-21 11:22 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Word
2024-07-01 13:39 - 2020-01-07 16:49 - 000000000 ____D C:\Users\Huw\AppData\Local\D3DSCache
2024-07-01 12:40 - 2022-09-15 15:17 - 000002554 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2024-06-30 17:20 - 2023-02-21 09:10 - 000000000 ____D C:\Users\Huw\AppData\Local\CrashDumps
2024-06-30 11:33 - 2023-11-29 00:57 - 000001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2024-06-30 11:33 - 2023-11-29 00:57 - 000001015 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2024-06-30 11:33 - 2023-11-29 00:57 - 000001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
2024-06-30 11:33 - 2023-11-29 00:57 - 000000991 _____ C:\Users\Public\Desktop\RealTimeSync.lnk
2024-06-30 11:33 - 2023-11-29 00:57 - 000000000 ____D C:\Program Files\FreeFileSync
2024-06-30 01:26 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-30 01:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-30 01:23 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-06-30 01:17 - 2023-08-24 16:26 - 000008192 ___SH C:\DumpStack.log.tmp
2024-06-28 11:57 - 2020-12-15 12:44 - 000001111 _____ C:\WINDOWS\QUICKEN.INI
2024-06-28 11:43 - 2019-10-05 17:51 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Publisher Building Blocks
2024-06-27 16:37 - 2019-03-21 17:04 - 000000000 ____D C:\ProgramData\ProductData
2024-06-27 16:15 - 2021-03-26 09:41 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-06-27 16:09 - 2023-08-30 12:52 - 000000000 ____D C:\ProgramData\ProductData3
2024-06-27 16:09 - 2020-04-28 14:54 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-24 14:15 - 2022-11-03 23:16 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-06-24 01:05 - 2019-03-20 16:30 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Office
2024-06-21 12:22 - 2019-03-21 16:20 - 000000000 ____D C:\Program Files (x86)\Smart Address 2000
2024-06-18 20:27 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-06-18 20:25 - 2021-04-01 16:11 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-18 13:38 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-06-18 13:38 - 2019-03-21 18:06 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2024-06-18 13:00 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-17 18:10 - 2024-05-30 14:03 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-06-17 18:10 - 2022-11-03 23:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-06-17 18:04 - 2019-03-21 17:03 - 000000000 ____D C:\ProgramData\IObit
2024-06-17 18:02 - 2019-03-20 16:19 - 000000000 ____D C:\Users\Huw\AppData\Local\Microsoft Help
2024-06-17 17:54 - 2019-03-21 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2024-06-17 14:41 - 2022-11-03 23:16 - 000001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-06-17 11:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-06-17 10:59 - 2020-01-07 16:38 - 000000000 ____D C:\ProgramData\Packages
2024-06-17 10:59 - 2020-01-07 16:20 - 000000000 ____D C:\Users\Huw\AppData\Local\Packages
2024-06-17 10:59 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-06-17 09:39 - 2024-05-18 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awesome Duplicate Photo Finder
2024-06-17 09:39 - 2024-05-18 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DuplicatePhotoCleaner
2024-06-17 09:39 - 2024-04-29 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 11
2024-06-17 09:39 - 2024-04-02 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2024-06-17 09:39 - 2024-04-01 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop Data Recovery
2024-06-17 09:39 - 2024-03-27 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2024-06-17 09:39 - 2023-10-18 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2024-06-17 09:39 - 2023-09-09 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2024-06-17 09:39 - 2021-11-04 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop Screenshot
2024-06-17 09:39 - 2021-10-28 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirona
2024-06-17 09:39 - 2021-09-17 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2024-06-17 09:39 - 2021-06-22 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plustek OpticFilm 8100 V5.0.2.3
2024-06-17 09:39 - 2021-04-01 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-06-17 09:39 - 2021-03-25 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider
2024-06-17 09:39 - 2020-12-15 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken
2024-06-17 09:39 - 2020-11-22 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photo Finder
2024-06-17 09:39 - 2020-09-29 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2024-06-17 09:39 - 2020-08-21 17:40 - 000000000 ____D C:\WINDOWS\system32\AMD
2024-06-17 09:39 - 2020-07-16 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support One
2024-06-17 09:39 - 2020-05-30 10:56 - 000000000 ____D C:\Program Files\UNP
2024-06-17 09:39 - 2020-01-14 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2024-06-17 09:39 - 2020-01-07 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2024-06-17 09:39 - 2019-12-30 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Software Updater
2024-06-17 09:39 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2024-06-17 09:39 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\IME
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\System
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\schemas
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-17 09:39 - 2019-04-09 13:03 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2024-06-17 09:39 - 2019-03-22 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Address 2000
2024-06-17 09:39 - 2019-03-21 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MapCreator 3
2024-06-17 09:39 - 2019-03-21 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2024-06-17 09:39 - 2019-03-21 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2024-06-17 09:39 - 2019-03-21 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synchromagic
2024-06-17 09:39 - 2019-03-21 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoldWave
2024-06-17 09:39 - 2019-03-21 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2024-06-17 09:39 - 2019-03-21 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2024-06-17 09:39 - 2019-03-21 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2024-06-17 09:39 - 2019-03-20 14:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-06-17 09:39 - 2019-03-20 14:03 - 000000000 ____D C:\Program Files\Common Files\logishrd
2024-06-17 09:39 - 2019-03-20 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2024-06-17 09:39 - 2019-03-20 12:23 - 000000000 ____D C:\Program Files\AMD
2024-06-17 09:39 - 2019-03-20 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2024-06-17 09:39 - 2009-07-14 04:20 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-06-17 09:38 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2024-06-17 09:33 - 2023-03-01 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicWish
2024-06-17 09:33 - 2021-12-27 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2024-06-17 09:33 - 2020-08-16 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2024-06-17 09:33 - 2019-03-21 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2024-06-17 09:33 - 2019-03-21 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin
2024-06-17 09:33 - 2019-03-20 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2024-06-17 09:33 - 2019-03-20 12:23 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2024-06-17 09:33 - 2019-03-20 12:07 - 000000000 ____D C:\Program Files\Realtek
2024-06-17 09:33 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Microsoft Games
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-06-17 09:28 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemApps
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-06-17 09:28 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2024-06-17 09:27 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-06-17 09:26 - 2019-12-07 10:52 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-06-17 09:26 - 2019-12-07 10:52 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-06-17 09:26 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-06-17 09:07 - 2019-12-07 10:51 - 000000000 ____D C:\WINDOWS\OCR
2024-06-17 09:07 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-06-17 09:07 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-06-17 01:01 - 2020-01-07 16:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-06-17 01:01 - 2020-01-07 16:21 - 000000000 ___RD C:\Users\Huw\3D Objects
2024-06-17 01:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-06-17 01:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-06-17 01:00 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-06-17 00:51 - 2020-09-28 14:16 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2024-06-17 00:48 - 2024-03-04 13:27 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-06-17 00:48 - 2023-10-27 20:45 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inkscape
2024-06-17 00:48 - 2022-04-30 20:13 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2024-06-17 00:48 - 2021-06-21 10:36 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2024-06-17 00:48 - 2021-04-22 14:13 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2024-06-17 00:48 - 2019-12-07 10:14 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2024-06-17 00:47 - 2021-03-14 15:04 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2024-06-17 00:47 - 2019-03-20 12:15 - 000891256 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2024-06-17 00:42 - 2019-03-20 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-06-17 00:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\tracing
2024-06-16 11:41 - 2019-03-20 15:05 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2024-06-14 17:37 - 2020-12-15 17:54 - 000000000 ____D C:\Program Files (x86)\QUICKENW
2024-06-11 23:15 - 2024-04-01 13:48 - 000000000 ____D C:\Users\Huw\AppData\Roaming\iTop Data Recovery
2024-06-11 22:54 - 2024-04-01 13:48 - 000000000 ____D C:\Program Files (x86)\iTop Data Recovery
2024-06-11 22:34 - 2019-04-09 10:22 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Excel
2024-06-11 21:20 - 2019-03-20 14:37 - 199048176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-06-05 11:34 - 2020-01-07 16:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2019-03-22 16:19 - 2019-04-09 10:52 - 000002617 _____ () C:\Users\Huw\AppData\Roaming\HUW-PC.MTBF.txt
2019-03-26 16:13 - 2019-12-27 22:02 - 000009216 _____ () C:\Users\Huw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2024-05-11 22:03 - 2024-05-11 22:03 - 000000218 _____ () C:\Users\Huw\AppData\Local\recently-used.xbel
2019-08-18 02:32 - 2019-08-18 02:32 - 000000000 _____ () C:\Users\Huw\AppData\Local\{CD8710DC-8301-44B7-B2AC-D7B810F710B1}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by Huw (02-07-2024 13:22:42)
Running from C:\Users\Huw\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4529 (X64) (2024-06-17 00:00:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2221484241-1263235730-2637574372-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2221484241-1263235730-2637574372-503 - Limited - Disabled)
Guest (S-1-5-21-2221484241-1263235730-2637574372-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2221484241-1263235730-2637574372-1004 - Limited - Enabled)
Huw (S-1-5-21-2221484241-1263235730-2637574372-1000 - Administrator - Enabled) => C:\Users\Huw
WDAGUtilityAccount (S-1-5-21-2221484241-1263235730-2637574372-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
Acronis True Image WD Edition (HKLM-x32\...\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}) (Version: 19.0.33 - Acronis)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 17.4.0 - IObit)
AMD Accelerated Video Transcoding (HKLM\...\{B1CC87D5-ABC8-8BB9-AA76-7CFF8A63B554}) (Version: 13.30.100.40529 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B7E1CDB6-83B8-E4BD-E4A5-85CC977BD19C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.7.0 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
Awesome Duplicate Photo Finder v. 1.1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother IPPoverUSB Driver (HKLM-x32\...\{4D844217-17F2-40E2-92A1-D9CE3DD57E4E}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{6a05ac5a-2963-4a6b-aff2-77bdf51ff082}) (Version: 11.0.2.3 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{79F6CD87-9761-414F-87C4-79767318CBFA}) (Version: 10.3.1.1 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{C16B1697-EEE8-4701-81A1-58FF51E00B93}) (Version: 11.0.2.3 - Brother Industries, Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{BA1AA022-45E3-49FA-8DB1-E032112A5ABC}) (Version: 1.6.0.0 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
Bulk Rename Utility 3.4.4.0 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: 3.4.4.0 - TGRMN Software)
Catalyst Control Center - Branding (HKLM-x32\...\{72590884-7F26-4245-8987-2137E1CD7169}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.24 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.3929.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
Dentsply Sirona Sidexis 4 - Viewer (HKLM\...\{015DC716-DFAA-4AD4-AE56-92665E4A8714}) (Version: 4.3.1.0 - Sirona Dental Systems GmbH) Hidden
Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.4.0 - IObit)
Driver Support One (HKLM-x32\...\DSOne) (Version: 1.4.7446.23844 - Asurvio, LP) <==== ATTENTION
Duplicate Photo Cleaner 7 (HKLM\...\{DF4FE8F9-110F-4F20-8F4B-204AAA1A64A5}_is1) (Version: 7.18.0.49 - Webminds, Inc.)
Duplicate Photo Finder (HKLM-x32\...\{82BAA379-A0B8-4637-8286-0A9AD146453F}}_is1) (Version: 1.6.5.0 - Ashisoft)
Duplicate Sweeper (HKLM-x32\...\{13BE2838-6660-4FC9-818C-64C7977AE6C5}) (Version: 1.90 - Wide Angle Software)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2024.1.0.23997 - Foxit Software Inc.)
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.7.7.1110 - Digital Wave Ltd)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.3.111.220 - Digital Wave Ltd)
FreeFileSync [Supporter Edition] (HKLM-x32\...\FreeFileSync_is1) (Version: 13.7 - FreeFileSync.org)
Gadwin PrintScreen (64-Bit) (HKLM\...\{9D41A5E9-499A-4B98-8F05-CAB1C879E046}) (Version: 5.8.5.0 - Gadwin Systems)
GoldWave v5.12 (HKLM-x32\...\GoldWave v5.12) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Google Earth Pro (HKLM\...\{3470AD08-85F2-4B1D-8487-FC4750732087}) (Version: 7.3.6.9796 - Google)
Google Earth Pro (HKLM\...\{F5A0C4E5-0B6C-43B1-AEFA-7E0BE48214FF}) (Version: 7.3.6.9285 - Google)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
HandBrake 1.7.3 (HKLM-x32\...\HandBrake) (Version: 1.7.3 - )
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP)
HP ENVY Photo 6200 series Basic Device Software (HKLM\...\{DF33278E-9E1C-45CD-8884-7BBECBF54B8C}) (Version: 44.9.2759.21325 - HP Inc.)
HP ENVY Photo 6200 series Help (HKLM-x32\...\{B0F106A0-9B78-461B-90B6-E70B13968DC4}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP)
HttpToUsbBridge (HKLM-x32\...\{A92EB32D-F0D1-45D8-A071-262D1229D400}) (Version: 2.0.33.1 - Brother Industries Ltd.)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Inkscape (HKLM\...\{2C69A8D5-2E44-4F99-BD5E-08536B52F1DA}) (Version: 1.3.0 - Inkscape)
IObit Malware Fighter 11 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 11.2.0.1334 - IObit)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 6.5.0.20 - IObit)
IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.4.0.2 - IObit)
iTop Data Recovery (HKLM-x32\...\iTop Data Recovery_is1) (Version: 3.4.0.806 - iTop Inc.)
iTop Screenshot (HKLM-x32\...\iTop Screenshot_is1) (Version: 1.2.3.544 - iTop Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
MapCreator 3 (HKLM-x32\...\MapCreator 3) (Version: 3.0 - primap)
Messenger (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 208.0.580469446 - Facebook, Inc.)
Microsoft .NET Framework 4.7.2 (HKLM\...\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Volume - en-us) (Version: 16.0.10411.20011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Teams) (Version: 1.6.00.11166 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30037 (HKLM-x32\...\{dfea0fad-88b2-4a1f-8536-3f8f9391f4ef}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29325 (HKLM\...\{26AF0C35-55EC-4025-8D83-349E8FB1419F}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29325 (HKLM\...\{7D0362D5-C699-4403-BC09-0C1DAD1D93AB}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30037 (HKLM-x32\...\{01FAEC41-B3BC-44F4-B185-5E8475AEB855}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30037 (HKLM-x32\...\{7D75664A-6C04-424C-82A1-EE88913E5F16}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 12.15 - NCH Software)
MosChip Multi-IO Controller (HKLM\...\MosChip Technology) (Version: - )
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.4.2 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.11.1 (x64 en-US)) (Version: 115.11.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10411.20011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10411.20011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10411.20011 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Opera Stable 111.0.5168.43 (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Opera 111.0.5168.43) (Version: 111.0.5168.43 - Opera Software)
Opera Stable 85.0.4341.75 (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Opera 85.0.4341.75) (Version: 85.0.4341.75 - Opera Software)
OpticFilm 8100 (HKLM-x32\...\{CA3AC3CC-3B2F-45F9-8C68-485269110A8D}) (Version: 5.0.2.3 - )
PagePlusX7ContentDeclaration (HKLM-x32\...\{DDD8D35B-EDEA-45FC-8930-C494B02E42FF}) (Version: 1.0.0.0 - Serif (Europe) Ltd) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PicWish V2.9.3 (HKLM-x32\...\{42ED4049-4165-48B6-843F-4E7AA16497BB}_is1) (Version: 2.9.3 - Wangxu Technology Co.,Ltd.)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Quicken 2002 (HKLM-x32\...\Quicken 2002) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
Serif DrawPlus X4 (HKLM-x32\...\{EEA1BB90-CF27-449E-B269-0C5A660AC4C1}) (Version: 11.0.3.023 - Serif (Europe) Ltd)
Serif PagePlus X7 (HKLM\...\{CB487BBA-A1AC-4B2B-80AC-DED349C897C5}) (Version: 17.0.3.28 - Serif (Europe) Ltd)
Serif PhotoPlus X5 (HKLM-x32\...\{617E7009-0C50-4178-B0E2-F9D66DC8A582}) (Version: 15.0.2.012 - Serif (Europe) Ltd)
Sidexis 4 - Viewer (HKLM-x32\...\{18ba8b0a-c5a6-473c-a3a5-45e2a2c8d648}) (Version: 4.3.1.0 - Dentsply Sirona)
SilverFast 8.8.0r24 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.8.0r24 - LaserSoft Imaging AG)
Smart Address 2000 (HKLM-x32\...\Smart Address 2000_is1) (Version: - Oakley Data Services)
Smart Defrag 9 (HKLM-x32\...\Smart Defrag_is1) (Version: 9.4.0.342 - IObit)
SoftwareUpdateNotification (HKLM-x32\...\{3D1AD910-B82B-4635-B1C3-0CEF9F6F3D34}) (Version: 1.0.21.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{9CE041EA-9991-4A5E-BA7E-D568D47C6735}) (Version: 1.37.1.0 - Brother Industries, Ltd.) Hidden
Synchromagic version 5.0 (HKLM-x32\...\Synchromagic_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.20 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.641 - McAfee, LLC)
Windows Help Viewer (HKLM-x32\...\{2F6F93BF-9A86-4093-B0D9-DEC64CE550E0}) (Version: 6.3.9600.16411 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wise Folder Hider (HKLM-x32\...\Wise Folder Hider_is1) (Version: 5.0.2 - Lespeed Technology Co., Ltd.)
Zoom (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\ZoomUMX) (Version: 5.17.10 (33775) - Zoom Video Communications, Inc.)
Packages:
=========
HEIC to JPEG (FREE) -> C:\Program Files\WindowsApps\53354DuckheadSoftware.HEICtoJPEGFREE_11.2.6.0_x64__2gc4m0bggm024 [2024-06-17] (Duckhead Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.2.1075.0_x64__v10z8vjag6ke6 [2024-06-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.35.35.0_x64__v10z8vjag6ke6 [2024-05-18] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-06-17] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm [2024-06-20] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Huw\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{2B72BD98-421B-4411-BED3-46F583C97B8E}\InprocServer32 -> C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe (Webminds, Inc. -> Webminds, Inc.)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{5FC44EBC-3A1F-4FBB-85E5-34405788C8D7}\InprocServer32 -> C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Huw\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2023-11-03] (IObit Information Technology -> IObit)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-03-07] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2021-02-03] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2023-11-03] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis International GmbH -> Acronis)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-03-07] (IObit CO., LTD -> IObit)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2021-02-03] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-03-07] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-03-07] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2021-02-03] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2023-11-03] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-09-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2023-11-03] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis International GmbH -> Acronis)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.pDAD] => C:\WINDOWS\system32\prodad-codec.dll [607256 2016-11-09] (proDAD GmbH -> proDAD GmbH)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2020-12-15 17:54 - 2002-01-24 21:39 - 000484864 _____ () [File not signed] C:\Program Files (x86)\QUICKENW\ALRTINT8.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000106496 _____ () [File not signed] C:\Program Files (x86)\QUICKENW\QCOMUTIL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000172032 _____ () [File not signed] C:\Program Files (x86)\QUICKENW\QWAPP.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000040960 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\CHANNEL.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000020480 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\CUSTPROF.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000081920 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\GRAPHS6.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000073728 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\HELPTL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000102400 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\LBTMNGR.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 002822144 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\ONLN32.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000065536 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\ONLNCALL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000032768 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\PNF.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000430080 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QACCES32.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000036864 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QDAPP.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000499712 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QDB.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000180224 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\qdbbase.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000114688 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QREP.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000032768 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QSAPI.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000024576 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QSAPIENG.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000065536 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\qsnapeng.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000024576 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QVERSION.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000143360 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWINET.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 002535424 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWOESDK.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 002277376 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWONLINE.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000503808 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWPLAN.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000106496 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWRMND.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 001503232 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWUTIL7.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000221184 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWWIN.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000790528 _____ (Intuit) [File not signed] C:\Program Files (x86)\QUICKENW\decApi.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000196608 _____ (Intuit) [File not signed] C:\Program Files (x86)\QUICKENW\QTAXUTIL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000020480 _____ (Intuit) [File not signed] C:\Program Files (x86)\QUICKENW\QWENC.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000225280 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\LFCMP70N.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000055808 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\LTFIL70N.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000349696 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\LTKRN70N.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2023-08-25] (IObit CO., LTD -> IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {34EDF7FD-FD9B-420F-A701-CC2C081FB26C} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2024-03-07] (IObit CO., LTD -> IObit)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Huw\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img5.jpg
DNS Servers: 192.168.188.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupfolder: C:^Users^Huw^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Address Call Monitor.lnk => C:\Windows\pss\Smart Address Call Monitor.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Huw^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Address Reminders.lnk => C:\Windows\pss\Smart Address Reminders.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\...\StartupApproved\StartupFolder: => "QuickScan (OpticFilm 8100).lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "msedge_cleanup_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "BrotherSoftwareUpdateNotification"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "Advanced SystemCare"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "vidnotifier.exe"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "Opera Stable"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "com.messenger"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9D3EFCC2-F861-4475-A8C6-64D9B4C134D9}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{5A73275B-E922-43C5-85E6-D527163DA2D8}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{9013325C-449D-4AFE-84DA-D3A75F7D4FD8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{042A39D5-FA07-42D8-A566-BA71CFA06301}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{41CE3B76-64FC-4903-936C-C7ECDF9D74F5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{3EBA44C4-6E1D-47B3-A422-FBEF281A6EB5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{52FCD3B6-33E0-453F-BF72-3F7E0E2B8696}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FEA66384-70A0-4F8B-AC37-AC14C88D0D99}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{340EC906-CF32-43F8-9AAE-3D4623D03E3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1C031265-2FE9-4BFF-AB3F-9640855645AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5DDB363D-FEA9-4C3B-A416-36899B009230}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E4F738C-C909-451F-AADD-C73C0FC48EB8}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DF1D4848-4E21-4549-87A6-EEF7AB21E596}] => (Allow) LPort=54955
FirewallRules: [{2BFCD370-3600-43A9-B075-068EFB8AD1BD}] => (Allow) LPort=54951
FirewallRules: [{19E88170-3FC1-4FAD-903E-5115CC79BC63}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [{C641D8B8-F900-4A26-A015-7F08786E1D88}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [{CEE6917D-3E85-4FDC-9BEB-3DD569AE420B}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8C779644-0E48-427F-8D6A-05AF389316E8}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6F23678A-9DB1-4982-94E5-38E9AFA8D21E}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{84DAF525-40E1-45DB-84D2-9B026FE13D38}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1AE3A57D-55DF-49AA-88FE-A93940818AE1}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2DE91B46-9A45-495E-98C3-7DE6AAF2A5C3}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6DCAFD4C-C451-473B-AEF1-B202C6DD9C61}] => (Allow) C:\Program Files (x86)\PicWish\PicWish\PicWish.exe (Apowersoft Ltd -> PicWish)
FirewallRules: [{174FFB0E-2F07-4B0F-B0B8-9084B3D8C60A}] => (Allow) C:\Program Files (x86)\PicWish\PicWish\PicWish.exe (Apowersoft Ltd -> PicWish)
FirewallRules: [{864B3862-8F0A-449B-8DD0-62939CF01670}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AF7F8338-CE1D-4A7F-A4B2-DE95E82256A7}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FC5F7E0E-65C8-4432-8989-039378582AE1}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A8E4979A-8DA7-41F1-9599-489725A37897}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DA64D2D4-4610-41F9-A8FA-7D897773B13C}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{777147EF-050F-4CF5-8E4A-9436E185AEDD}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{4C344C50-2C72-4E2E-BEE5-C56C497ADDF2}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{554EF9E6-3400-47F6-8FE9-23D7E41506BE}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F8A80DD2-9C05-4564-89EA-F1D6128ED0A3}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{70D170C4-9F97-4BD9-95AD-52F0CAFE2214}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C0753F9B-E25C-4E8B-B721-8DE3CB3125D2}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{71D54DC3-E5C4-4363-B9A1-A443180DC80D}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{535CB18A-78A3-45B8-8CF1-EE34E601F2CD}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{883D6870-3A70-41E1-9229-992B1BEFB7BA}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A91F5445-8493-4435-9EB9-7CD71222BF00}] => (Allow) C:\Users\Huw\AppData\Local\Programs\Opera\85.0.4341.60\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{84D7850F-04C4-4446-8F33-4A17393794E5}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{2B780EDA-A06C-4EB7-A761-E51756BD28E4}C:\users\huw\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\huw\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{31A6557D-03FB-4A6F-83F3-60FB19C989E2}C:\users\huw\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\huw\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8FA25A8-B244-463C-BFA9-1E56FC8A209F}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{647A5981-1338-4711-B7C7-9830E91567A1}] => (Allow) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{D9E2C670-C84B-4563-8C7F-0B357F5ADE16}] => (Allow) LPort=5357
FirewallRules: [{804CCBD9-D1BF-4614-961D-5AD38B8949BD}] => (Allow) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{295FF832-302B-45E4-BE1E-E0FDB9A3BAB9}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0CD8D6B1-59FF-42BE-9487-F946B013737A}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A8DEDEA7-353E-406F-8558-CC542C776C97}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2ACD2AA8-46D1-4721-9294-588F59FA46B1}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7D1E91ED-4A5F-4EBE-91EC-41B93D381A71}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{500455FA-54B4-4E11-AB50-4F66184A1DC8}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FDB5B366-0C92-4C38-8535-2F915F1EBDE7}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E987DCF5-1424-42B0-A98D-4B0DF2F860F7}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A892B46A-7F50-472B-ABF1-4DFABE664124}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7676FB8B-C61A-4513-8046-F36C3DD4D39E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C520E44F-3624-40A8-A4D6-0BAA0BA59967}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56ACB5EB-8118-4BB5-9D74-684E4A62C18B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{344E1A10-7BD4-4F2C-AB0F-939D9F303EB7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4BB7132D-91A2-46A7-982A-5CBF3F8FF2A5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB9238E6-1C10-4D03-8869-C70E2C90B063}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{99905F88-7916-48CD-88A5-9F1ED7AD27A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{121CAB24-A190-41C4-AE0C-E7B230E6037A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2C113CA-5C82-4287-B1EB-B95CC37EB3BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C771D663-BE5E-4F84-8F51-4DAA92DC3D82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{D1BA20B2-E088-4160-9603-8055D759F033}C:\program files (x86)\smart address 2000\saremind.exe] => (Block) C:\program files (x86)\smart address 2000\saremind.exe (Oakley Data Services) [File not signed]
FirewallRules: [TCP Query User{28F9C725-7142-4341-BFB5-7B0A3A532629}C:\program files (x86)\smart address 2000\saremind.exe] => (Block) C:\program files (x86)\smart address 2000\saremind.exe (Oakley Data Services) [File not signed]
FirewallRules: [UDP Query User{FE30FF53-1225-4078-BE1F-00D931630400}C:\program files (x86)\smart address 2000\smartadr.exe] => (Allow) C:\program files (x86)\smart address 2000\smartadr.exe (Oakley Data Services) [File not signed]
FirewallRules: [TCP Query User{E7A7E34B-5850-47D7-A4E8-C8469D42D5D9}C:\program files (x86)\smart address 2000\smartadr.exe] => (Allow) C:\program files (x86)\smart address 2000\smartadr.exe (Oakley Data Services) [File not signed]
FirewallRules: [UDP Query User{3B1C50FB-F815-45E9-A498-611F0A7DA9F9}C:\program files (x86)\smart address 2000\saremind.exe] => (Allow) C:\program files (x86)\smart address 2000\saremind.exe (Oakley Data Services) [File not signed]
FirewallRules: [TCP Query User{2116CBFA-78EE-4C93-A685-789E42306641}C:\program files (x86)\smart address 2000\saremind.exe] => (Allow) C:\program files (x86)\smart address 2000\saremind.exe (Oakley Data Services) [File not signed]
FirewallRules: [{EF3780A6-E17A-4729-BFD9-0D1B8FB7B0D8}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D60BAA82-D5FF-44F0-88B8-D0EA88F7106C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{83342D88-48A6-4916-80E7-F83C4B282B72}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{4EF61D9E-2156-45CD-A07A-C0B8BA122317}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E6C81571-01FA-44F3-9BFF-D9F98B845DEA}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AE3A1763-4039-40DC-AA62-C877CC86231A}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F2BE528D-9D94-4D55-B81E-C42F5062FA1E}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{944001C9-EC61-4CDE-B933-B83F4EB1D4EE}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0DAA35FC-916A-4546-A2DF-8307160405B1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{DAFE14BE-1172-46D7-8CB9-F6698BC5B0BA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E4B53537-A0D6-4B70-841A-D53279FB0E82}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{01E6D627-56FB-4755-9D41-61FC24E6F061}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{4A8D2345-B5CC-4495-8E58-75E5EA6DB983}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D3E45CDA-23CA-4956-A4B2-FEC16874D80F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{97F308ED-B3A4-4CFC-AA19-D419E4688A77}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{18B7A62F-67F0-4C33-B630-182BEAC0ACD4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E4EC6218-0474-413C-9452-77EBB1708BAF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{401DA980-0288-46ED-9E41-EF4981E40177}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DED17519-D4DC-45B9-8988-51BD69F356C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37EA6F1A-6542-40D8-816E-EDC6F08523BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9876E582-0762-4EC9-8D42-9F68A9A51B5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{56D1BAC4-AEA7-4DE4-AC33-0FD2DA1E91D8}] => (Allow) C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{FA4A45B6-0499-4AE9-9B27-D0E136DB91C7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
28-06-2024 17:37:29 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (07/01/2024 01:39:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FreeFileSync_x64.exe version 13.7.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2b54
Start Time: 01dacbb0828bc2e7
Termination Time: 4294967295
Application Path: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
Report Id: c687c363-4ca1-412c-9267-8343d245e20a
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (06/30/2024 05:20:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0x77c
Faulting application start time: 0x01dacb09745d05a6
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: 029334b6-3eca-4f84-9ee6-fa2d10e16bf6
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 05:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0x28d0
Faulting application start time: 0x01dacb096eb5e591
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: ee27feab-2d2b-4a66-8adc-7ca0b2ee0ba0
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 05:20:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0xa04
Faulting application start time: 0x01dacb0969359f43
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: 82c52442-15aa-49de-a142-340cafa27122
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 05:19:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0xb14
Faulting application start time: 0x01dacb095579fb84
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: 002e8104-683d-49a2-80a7-bb0cb6a30ea3
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 05:19:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0x1ba8
Faulting application start time: 0x01dacb094e56c819
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: 55cd0689-14b2-4f8e-aace-0b3af7aadce5
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 01:17:31 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
Error: (06/30/2024 01:17:31 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
System errors:
=============
Error: (07/02/2024 11:21:44 AM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (07/01/2024 02:41:44 PM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (07/01/2024 01:22:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Hewlett-Packard - USB - 2/10/2017 12:00:00 AM - 44.1.2402.1741.
Error: (07/01/2024 01:22:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Microsoft - Printer - 6/22/2006 12:00:00 AM - 6.1.7233.1.
Error: (06/30/2024 04:14:49 PM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (06/30/2024 03:07:52 PM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (06/30/2024 02:07:19 PM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (06/30/2024 11:57:58 AM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2024-07-02 12:45:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-07-01 13:56:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-30 11:06:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-30 08:35:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-30 08:29:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2024-06-18 20:40:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:40:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:40:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:40:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:32:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:32:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:32:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. FB 10/31/2014
Motherboard: Gigabyte Technology Co., Ltd. 970A-DS3P
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 16350.65 MB
Available physical RAM: 11697.63 MB
Total Virtual: 32734.65 MB
Available Virtual: 27798.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:246.56 GB) (Free:139 GB) (Model: WDC WDS 100T2B0A-00SM50 SATA Disk Device) NTFS
Drive d: (Documents) (Fixed) (Total:683.83 GB) (Free:485.46 GB) (Model: WDC WDS 100T2B0A-00SM50 SATA Disk Device) NTFS
Drive e: (Pictures and Videos) (Fixed) (Total:931.5 GB) (Free:602.57 GB) (Model: Samsung SSD 870 QVO 1TB SATA Disk Device) NTFS
Drive g: (Windows 10 Backup) (Fixed) (Total:465.63 GB) (Free:0 GB) (Model: ST350041 8AS SATA Disk Device) NTFS
Drive h: (Seagate Portable Drive) (Fixed) (Total:931.51 GB) (Free:402.88 GB) (Model: Seagate Expansion SCSI Disk Device) NTFS
Drive j: (Buffalo Drive) (Fixed) (Total:931.51 GB) (Free:728.22 GB) (Model: BUFFALO INC. HDD IEEE 1394 SBP2 Device) NTFS
Drive q: (QUICKEN) (Fixed) (Total:0.34 GB) (Free:0.13 GB) (Model: WDC WDS 100T2B0A-00SM50 SATA Disk Device) FAT32
\\?\Volume{19d81ea6-5242-48b4-a3f1-dbdca074cd0e}\ () (Fixed) (Total:0.56 GB) (Free:0.07 GB) NTFS
\\?\Volume{f63826ee-0ea7-4998-a265-c2caad3c34cb}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 78C44749)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 877FA422)
Partition: GPT.
==========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 5A6DF27B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: 8A7065E8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Logs are below this....
To reiterate my issue : Like most of us, I have thousands of photos on my Windows 10 PC. I have just noticed that every single photo name has had an identical date and time added to it. For example, instead of “John at the beach.jpg” it now reads “John at the beach (2020_12_15 14_09_53 UTC).jpg. Each photo has the exact same date and time, which has nothing to do with when the photo was taken, uploaded, or edited. Some more recent photos (2022, 2023) have a different date and time. Very recent ones (2024) do not… YET!
Thanks to xrobwx71, I have successfully used the suggested software to remove the unwanted dates.
My concern is why did this happen in the first place, and - most importantly - how can I prevent it re-occurring.. Although the bulk of dates is as noted above, some photos have other dates, the most recent being September 2023.
Any advice is greatly appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.07.2024
Ran by Huw (administrator) on HUW-PC (02-07-2024 13:18:49)
Running from C:\Users\Huw\Desktop\FRST64 (1).exe
Loaded Profiles: Huw
Platform: Microsoft Windows 10 Home Version 22H2 19045.4529 (X64) Language: English (United States)
Default browser: "C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe" -noautoupdate -- "%1"
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
(C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Huw\AppData\Local\Programs\Opera\111.0.5168.43\opera_crashreporter.exe
(DriverStore\FileRepository\c0380462.inf_amd64_3f0d0d0e3189ddd8\B378995\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0380462.inf_amd64_3f0d0d0e3189ddd8\B378995\atieclxx.exe
(explorer.exe ->) (Intuit) [File not signed] C:\Program Files (x86)\QUICKENW\QWDLLS.EXE
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe <15>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0380462.inf_amd64_3f0d0d0e3189ddd8\B378995\atiesrxx.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(services.exe ->) (ORANGE VIEW LIMITED -> iTop Inc.) C:\Program Files (x86)\iTop Data Recovery\IDRService.exe <2>
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2022-06-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6813680 2016-12-15] (Acronis International GmbH -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3590656 2021-10-20] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7010280 2024-04-03] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45430176 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe [2011504 2024-02-21] (Digital Wave Ltd -> Digital Wave Ltd)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Huw\AppData\Local\Microsoft\Teams\Update.exe [2587320 2023-06-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [Microsoft Edge Update] => C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateCore.exe [264264 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [Opera Stable] => C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe [1247136 2024-06-27] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [com.messenger] => "C:\Users\Huw\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [5461872 2024-05-07] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\HP 1254 Status Monitor: C:\WINDOWS\system32\hpinksts1254LM.dll [476640 2019-03-14] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY Photo 6200 series): C:\WINDOWS\system32\HPDiscoPM1254.dll [987040 2019-03-18] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\PJLMON.DLL [24064 2024-06-17] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{BC455173-F501-4356-804F-571FAFB6EA9A}] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2020-12-15]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\QUICKENW\QWDLLS.EXE (Intuit) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickScan (OpticFilm 8100).lnk [2021-06-22]
ShortcutTarget: QuickScan (OpticFilm 8100).lnk -> C:\Program Files (x86)\Plustek\OpticFilm 8100\QuickScan_x64.exe () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {220CD70C-43F3-457B-A188-C04E906B28FA} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {40E93541-895E-4986-ADB8-AE963FDCB067} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {8E2CA7EA-5000-4E65-A91B-6E10132819D0} - System32\Tasks\{0397C9A3-863E-4496-B0B3-E7923A0913A7} => C:\Windows\System32\pcalua.exe [53760 2024-06-17] (Microsoft Windows -> Microsoft Corporation) -> -a "D:\Downloads\Pinnacle Studio Install Files\Studio 19.5 Download Files\64bit\Prerequisites\directx_jun2010_rar_redist.exe" -d "D:\Downloads\Pinnacle Studio Install Files\Studio 19.5 Download Files\64bit\Prerequisites"
Task: {67A15A45-D3A2-483D-A8EA-D0E4136D22C0} - System32\Tasks\{90F463F5-2ED2-4376-BF59-B436CF298BA3} => C:\Program Files (x86)\QUICKENW\QW.EXE [7831552 2002-01-24] (Intuit) [File not signed]
Task: {F3398ECE-422F-4397-BDBA-67BD61728433} - System32\Tasks\{9E25DB88-A553-4F74-B6F5-71BE32D30F03} => C:\Windows\System32\pcalua.exe [53760 2024-06-17] (Microsoft Windows -> Microsoft Corporation) -> -a "D:\Downloads\Smart Address Install Files\SmartAddress2000Setup.exe" -d "D:\Downloads\Smart Address Install Files"
Task: {F5C32D33-922B-44BA-90B5-95C25DBCD375} - System32\Tasks\{B8EB5E79-58E6-4E5E-BBF5-CFCB2A8AD4C4} => D:\Downloads\Pinnacle Studio Install Files\Studio 19.5 Download Files\64bit\Prerequisites\directx_jun2010_rar_redist.exe [100881546 2016-08-05] () [File not signed]
Task: {16B8BB06-CAF2-4B9C-9DCD-A00E90D02A74} - System32\Tasks\{E31D0EC9-7C0C-401E-97CE-415011156FDD} => C:\Program Files (x86)\Smart Address 2000\SMARTADR.exe [226816 2002-02-10] (Oakley Data Services) [File not signed]
Task: {4C88C614-D3AC-4B0E-92D8-83FAA0CC2D8F} - System32\Tasks\{EB60A9A2-4EBE-4B3D-8C0C-AE3D3FAA5AE1} => C:\Program Files (x86)\QUICKENW\QW.EXE [7831552 2002-01-24] (Intuit) [File not signed]
Task: {5029F108-616F-439E-9A0C-9C18BA27A9C4} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5511536 2024-03-15] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task
Task: {9CBF6765-35E8-4AE2-99E4-3C6245B5C912} - System32\Tasks\ASC_SkipUac_Huw => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [10551664 2024-05-08] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {5F4B20BD-142C-4181-BF51-37CD323D21D7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1134752 2014-03-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {FCEDCB5A-529F-433D-BADD-6234CA9CBBA2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-27] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {48FE5DBA-41A5-469F-A47C-1A5AB1FAC815} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {C889F682-64F9-49FF-B25B-2E72680E9A4E} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "b0176b80-9fa8-4398-9dd4-e713c839ca7f" --version "6.24.11060" --silent
Task: {CD3AFF32-C85D-497A-92FD-601193AC5745} - System32\Tasks\CCleanerSkipUAC - Huw => C:\Program Files\CCleaner\CCleaner.exe [39169952 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {00E13EEA-AD05-4ADB-85F6-94BA118B7F6C} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\11.4.0\Scheduler.exe [160744 2024-03-12] (IObit CO., LTD -> IObit)
Task: {DCD166CB-DA89-4706-80C9-5BEA6CFF2F66} - System32\Tasks\Driver Booster SkipUAC (Huw) => C:\Program Files (x86)\IObit\Driver Booster\11.4.0\DriverBooster.exe [9050480 2024-04-10] (IObit CO., LTD -> IObit)
Task: {B153ADE1-EEEE-4844-B9EA-ACE15224E2C4} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\11.4.0\AutoUpdate.exe [2533232 2024-04-12] (IObit CO., LTD -> IObit)
Task: {C11399A1-0ABD-48BA-ADF4-34BCA0CCC618} - System32\Tasks\DSOne Agent => C:\Program Files (x86)\Driver Support One\DSOne.exe [1086656 2020-06-02] (Asurvio, LP -> Asurvio LP) <==== ATTENTION
Task: {E912BA93-2A4F-45DA-8C5C-C9DF60020FC5} - System32\Tasks\DuplicatePhotoCleaner => C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe [7588512 2024-04-11] (Webminds, Inc. -> Webminds, Inc.)
Task: {398BC768-F3EC-4EFC-B5CD-0DE52808D653} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{ED147991-B258-4A45-9DD8-66E12ECBD39E} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {F516B4F3-2436-4A06-BEBC-F202A69B47DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-05-13] (HP Inc. -> HP Inc.)
Task: {1F259B8B-4BBF-47B8-8071-0E25F9A77478} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [231472 2024-05-13] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {8DBBA722-A27B-4BF3-AB7A-E0FA8ECD89D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {65302BB3-AE7C-43E8-834E-FEDF5D7EA146} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH87U7V0F1 => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {108AFDBA-0358-44A0-BAC8-51A31F809882} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-15] (HP Inc. -> HP Inc.)
Task: {E72966D2-CB7F-4628-9D37-01CA619B7C13} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-15] (HP Inc. -> HP Inc.)
Task: {AF3B665F-FD4E-4342-86DE-449D835C9F3F} - System32\Tasks\IMF_SkipUAC_Huw => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7010280 2024-04-03] (IObit CO., LTD -> IObit)
Task: {4A8366B8-8772-475E-829D-EFFB1432CB7D} - System32\Tasks\iTop Data Recovery SkipUAC (Huw) => C:\Program Files (x86)\iTop Data Recovery\iTopDataRecovery.exe [3609856 2022-12-09] (ORANGE VIEW LIMITED -> iTop Inc.) -> C:\Program Files (x86)\iTop Data Recovery\\/skipUAC
Task: {999AA725-043D-4264-BA7D-95850A2D1056} - System32\Tasks\iTop Data Recovery Update => C:\Program Files (x86)\iTop Data Recovery\AutoUpdate.exe [3132672 2022-11-19] (ORANGE VIEW LIMITED -> iTop Inc.) -> C:\Program Files (x86)\iTop Data Recovery\\/auto
Task: {A9D7983D-CCB3-45EB-B121-00961C0806BF} - System32\Tasks\iTop Screenshot SkipUAC (Huw) => C:\Program Files (x86)\iTop Screenshot\iScrShot.exe [7622400 2023-05-11] (ORANGE VIEW LIMITED -> iTop Inc.) -> C:\Program Files (x86)\iTop Screenshot\\/skipuac
Task: {A1ABEA15-F548-4688-8810-5E7FA0507862} - System32\Tasks\iTop Screenshot Update => C:\Program Files (x86)\iTop Screenshot\AutoUpdate.exe [3081472 2023-05-17] (ORANGE VIEW LIMITED -> iTop Inc.) -> C:\Program Files (x86)\iTop Screenshot\\/auto
Task: {CDCC67DB-64B5-4079-85E1-C1617A8F42C4} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2221484241-1263235730-2637574372-1000 => C:\Users\Huw\AppData\Local\Programs\Messenger\MessengerHelper.exe [2171640 2024-03-23] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {023C3B70-74BB-4A85-9E54-EE23FB5A15E7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570424 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE8F1632-AAB8-4815-9201-917A486D58EA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570424 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {6253B889-88C5-447C-8592-786313F86544} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209896 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {82FFF415-61CD-4CC7-B1D3-0A7022DA234B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209896 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {900221FE-2B21-417F-A767-E63120DC536A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3515344 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD96627C-0ED0-4A4A-B6CB-8238EEEC2908} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3515344 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {105549DE-15ED-4535-8C6E-0C37C565B036} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {28D4FD3C-0590-4BA3-9580-032F8A0A95B7} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {F63E0DDC-2C75-4441-96A6-AE3F45340CA2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {F4A6A04E-F558-490E-94AD-FB747FAB3568} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {7E72C13E-D2BE-465C-AED2-557C32DDFB7A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4225AA2C-FD8E-4065-B5DF-0E0EEA1D94E6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {BA3E05A9-3DC5-4C3F-97DD-92CD4748AB13} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {4CCCF5FF-25B6-4535-A3E6-3BC7BD11010A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {3356D6BC-E82B-46EB-8E23-FFD82254D58C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {778214DB-CC8B-4DC2-8572-FA523A124127} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {6EDB3AAD-0A7B-45A5-8FAF-9136F3E4C23F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {BB6A194D-7756-412B-A398-1FEBC74149B8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {28379DA4-66B3-4C75-A97B-03BB461D690F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5CE9D087-7F86-42E1-8FED-7C4F42F8CC1C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {1BEB23D7-0E64-43EC-B70A-0FFC958CB198} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D2CF5F2F-E491-4270-87AC-437FF94077E7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {E6BA2871-74A2-4C72-8822-18CF3F71B7FE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {BBA1404E-6B55-43FF-97B8-A79340594E73} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {3356DA62-C4DA-4773-BE02-AFB78931AF6A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {4CDD7FCB-90FA-4EB3-973F-D1546D3FCF2F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {BFED4D8C-F9DA-4666-B36A-FBEE07BE7887} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2CDF0C09-7B42-41DB-B811-AC32A2F5D068} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {A137888F-F049-4056-BBAA-7A066C52E510} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {9F1DA2F7-DA72-4415-8420-F054D19EDDDF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {61B70DAE-58A6-4156-8D69-9864581DD22C} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {C483CE25-B1C5-4BEB-AA31-5CADC8C66692} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance => {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {B968624F-1684-4B11-8AB2-422FF19F50E7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {162713F9-1699-45CE-89AB-47C17CF5F05F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {B6643B35-9A75-4B79-95BE-56B4876A8098} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {4775606B-31C3-404D-9222-306E7464D209} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {4588D2BF-5384-4B63-B86A-C012E3C468ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94A94F2C-0BD4-4D9F-9CBA-677E36B5B65F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF7BBEEE-90FB-4C5B-8BCA-F0CBAAFED538} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BA718461-A9A9-4015-83B0-64CD8F46664D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F93E2A44-7E3E-49FE-9F66-12B1F4A037C0} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization => {97D47D56-3777-49FB-8E8F-90D7E30E1A1E}
Task: {6440C5E0-A168-4A5F-B84E-F7C8C0A6E933} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work => {63260BCE-A3FB-4A34-AA51-D4D8E877B62B}
Task: {ABE3FE72-050C-46EB-84A1-C4F861F2EF03} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2221484241-1263235730-2637574372-1000Core{73550B76-A631-4331-A975-AB1934074C24} => C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8222D43A-6E81-4146-8BCA-997865474B47} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2221484241-1263235730-2637574372-1000UA{A2CE1023-1F89-4092-BF14-3BCA233CECB6} => C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3177E19-B6BF-4F7D-8872-E8695FF0ADD1} - System32\Tasks\Opera scheduled assistant Autoupdate 1621513394 => C:\Users\Huw\AppData\Local\Programs\Opera\launcher.exe [1247136 2024-06-27] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Huw\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {79AC36A7-9C0F-4AE0-AD0A-56B4937A7334} - System32\Tasks\Opera scheduled Autoupdate 1621513387 => C:\Users\Huw\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [4886944 2024-06-25] (Opera Norway AS -> Opera Software)
Task: {D4BEF5F4-D1B6-423C-8E43-7B9B96916FCD} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2221484241-1263235730-2637574372-1000 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {4BB141A8-BAD7-4AB2-A425-F40FDAFE4147} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2024-03-22] (IObit Information Technology -> IObit)
Task: {CE3DDA2B-9A65-4F82-8609-8B8A095121E3} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3721576 2024-04-09] (IObit CO., LTD -> IObit)
Task: {4BA79B2A-C96A-4AEC-8EF8-81335020A392} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [2194440 2024-03-12] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {A8B64938-B491-4BA2-A179-AAC136834F49} - System32\Tasks\Software Updater SkipUAC(Huw) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4561416 2024-03-12] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {24106DE2-279E-4F1D-9BE9-9AC093CA0D06} - System32\Tasks\Uninstaller_SkipUac_Huw => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [9909256 2024-03-06] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\IObit Uninstaller\\/UninstallExplorer
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{3C384970-4A3D-41A7-AC31-FA461DA2F432}: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{3C384970-4A3D-41A7-AC31-FA461DA2F432}: [DhcpDomain] fritz.box
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-01] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Huw\AppData\Local\Google\Chrome\User Data\Default [2024-06-12]
CHR Notifications: Default -> hxxps://track.dpd.co.uk; hxxps://uk.allsearchsite.com; hxxps://www.cruise118.com; hxxps://www.opendemocracy.net; hxxps://www.sixstarcruises.co.uk
CHR StartupUrls: Default -> "hxxps://www.trivago.co.uk/?iPathId=569786&bDispMoreFilter=false&aDateRange%5Barr%5D=2017-12-19&aDateRange%5Bdep%5D=2017-12-22&aCategoryRange=0%2C1%2C2%2C3%2C4%2C5&iRoomType=7&sOrderBy=relevance%20desc&aPartner=&aOverallLiking=1%2C2%2C3%2C4%2C5&iOffset=0&iLimit=25&iIncludeAll=0&bTopDealsOnly=false&iViewType=0&aPriceRange%5Bto%5D=0&aPriceRange%5Bfrom%5D=0&aPathList=569786&aGeoCode%5Blng%5D=124.646698&aGeoCode%5Blat%5D=8.481277&bIsSeoPage=false&aHotelTestClassifier=&bSharedRooms=false&bIsSitemap=false&rp=&cpt=56978603&iFilterTab=0&","hxxps://uk.hotels.com/ho455339/?PSRC=TR01&cur=GBP&locale=en_GB&mpa=159.30&mpd=GBP&mpe=1505652601&mph=0&pos=HCOM_UK&q-check-in=2017-12-19&q-check-out=2017-12-22&q-room-0-adults=2&q-rooms=1&rateplanid=203325736&rffrid=mdp.hcom.UK.011.387.02.42&trv_curr=GBP&trv_dp=53&wapa4=455339","hxxps://uk.hotels.com/ho633787872/?PSRC=TR01&cur=GBP&locale=en_GB&mpa=49.44&mpb=5.94&mpd=GBP&mpe=1505652601&mph=0&pos=HCOM_UK&q-check-in=2017-12-19&q-check-out=2017-12-22&q-room-0-adults=2&q-rooms=1&rateplanid=211045727&rffrid=mdp.hcom.UK.011.387.02.42&trv_curr=GBP&trv_dp=18&wapa4=633787872"
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2024-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Huw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
Opera:
=======
OPR DefaultProfile: Default
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1135600 2016-12-15] (Acronis International GmbH -> )
R2 AdvancedSystemCareService17; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1268744 2024-03-07] (IObit CO., LTD -> IObit)
S3 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463960 2020-08-16] (Acronis International GmbH -> Acronis)
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [377856 2023-07-20] (Brother Industries, Ltd.) [File not signed]
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9498088 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
S3 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [462432 2022-07-06] (Digital Wave Ltd -> Digital Wave Ltd)
S3 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2433528 2024-02-01] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [895552 2024-03-25] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [894416 2024-03-25] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [890832 2024-03-25] (HP Inc. -> HP Inc.)
S3 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-06-15] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [894928 2024-03-25] (HP Inc. -> HP Inc.)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2641384 2024-04-09] (IObit CO., LTD -> IObit)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [167432 2023-12-08] (IObit CO., LTD -> IObit)
R2 iTopDataRecoveryService3; C:\Program Files (x86)\iTop Data Recovery\IDRService.exe [1948928 2022-12-09] (ORANGE VIEW LIMITED -> iTop Inc.)
U2 iTopDataRecoveryService4; C:\Program Files (x86)\iTop Data Recovery\IDRService.exe [1948928 2022-12-09] (ORANGE VIEW LIMITED -> iTop Inc.)
S3 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973040 2021-10-21] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis International GmbH -> Acronis)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-09-08] (CyberLink Corp. -> CyberLink)
S3 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7637744 2015-11-06] (Acronis International GmbH -> Acronis)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [11776 2023-11-28] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [19968 2022-05-24] (Microsoft) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-09-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40920 2024-03-07] (IObit CO., LTD -> IObit)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-03-07] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46552 2024-03-07] (IObit CO., LTD -> IObit)
R1 CLMirrorDriver; C:\WINDOWS\System32\drivers\CLMirrorDriver.sys [21264 2016-11-09] (CyberLink Corp. -> CyberLink)
R3 cpuz154; C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [40976 2024-06-30] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [339808 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [160600 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 gdrv; C:\Windows\gdrv.sys [25640 2019-03-26] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2019-03-26] (GIGA-BYTE TECHNOLOGY CO., LTD -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-03-21] (Martin Malik - REALiX -> REALiX(tm))
R3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [26296 2024-01-21] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [42360 2019-07-30] (IObit Information Technology -> IObit)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40920 2023-11-03] (IObit CO., LTD -> IObit)
S3 IMFEFSFileControl; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [40824 2023-11-03] (IObit Information Technology -> IObit)
R3 IMFForceDelete123; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [20008 2023-11-03] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2023-11-03] (IObit Information Technology -> IObit)
S4 IMFMBRProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [23976 2023-11-03] (IObit Information Technology -> IObit)
S3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [33984 2023-11-03] (IObit Information Technology -> IObit)
S3 ImfRealScanner; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [53232 2023-11-03] (IObit CO., LTD -> IObit)
S3 ImfRegistryFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [42360 2023-11-03] (IObit Information Technology -> IObit)
R3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2024-03-07] (IObit CO., LTD -> IObit)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R1 JitDriver; C:\WINDOWS\system32\drivers\JitDriver.sys [47104 2020-07-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2013-09-23] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
S3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2024-03-22] (IObit Information Technology -> IObit)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1049432 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [202592 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [581464 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 usbscan; C:\Windows\SysWOW64\drivers\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [File not signed]
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [301408 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R2 WiseFs; C:\WINDOWS\WiseFs64.sys [49736 2023-11-27] (Microsoft Windows Hardware Compatibility Publisher -> )
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-07-02 13:18 - 2024-07-02 13:20 - 000044134 _____ C:\Users\Huw\Desktop\FRST.txt
2024-07-02 13:17 - 2024-07-02 13:19 - 000000000 ____D C:\FRST
2024-07-02 13:16 - 2024-07-02 13:17 - 002395648 _____ (Farbar) C:\Users\Huw\Desktop\FRST64 (1).exe
2024-07-01 23:42 - 2024-07-01 23:42 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2221484241-1263235730-2637574372-1000
2024-07-01 23:42 - 2024-07-01 23:42 - 000002413 _____ C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-01 12:02 - 2024-07-01 12:02 - 000001023 _____ C:\Users\Huw\Desktop\Bulk Rename Utility.lnk
2024-06-30 12:48 - 2024-06-30 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2024-06-30 12:48 - 2024-06-30 12:48 - 000000000 ____D C:\Program Files\Bulk Rename Utility
2024-06-30 11:33 - 2024-06-30 11:34 - 000000000 ____D C:\ProgramData\FreeFileSync
2024-06-27 16:11 - 2024-06-27 16:11 - 000004200 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1621513387
2024-06-27 16:11 - 2024-06-27 16:11 - 000001404 _____ C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2024-06-23 18:25 - 2024-06-23 18:25 - 120102912 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2024-06-23 18:25 - 2024-06-23 18:25 - 000843776 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2024-06-23 18:25 - 2024-06-23 18:25 - 000065536 _____ C:\WINDOWS\system32\config\SAM.iobit
2024-06-23 18:25 - 2024-06-23 18:25 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2024-06-21 12:56 - 2024-06-21 12:56 - 000001250 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2024-06-21 12:56 - 2024-06-21 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2024-06-18 20:27 - 2024-06-18 20:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-06-17 18:04 - 2024-06-17 18:04 - 000004390 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1621513394
2024-06-17 17:58 - 2024-06-17 17:58 - 007372800 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2024-06-17 17:54 - 2024-06-17 17:54 - 000003062 _____ C:\WINDOWS\system32\Tasks\ASC_SkipUac_Huw
2024-06-17 17:54 - 2024-06-17 17:54 - 000001312 _____ C:\Users\Public\Desktop\Advanced SystemCare.lnk
2024-06-17 09:33 - 2024-06-17 09:39 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-06-17 09:33 - 2024-06-17 09:33 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2024-06-17 09:30 - 2024-06-17 09:32 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-06-17 09:30 - 2024-06-17 09:30 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-06-17 09:28 - 2024-06-27 16:09 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-17 09:28 - 2024-06-17 09:28 - 000000000 ____D C:\WINDOWS\InboxApps
2024-06-17 09:28 - 2024-06-17 09:28 - 000000000 ____D C:\ProgramData\ssh
2024-06-17 09:20 - 2024-06-17 09:20 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-06-17 09:17 - 2024-06-17 09:17 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\WINDOWS\system32\msmq
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\Program Files\MSBuild
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-06-17 09:01 - 2024-06-17 09:01 - 000000000 ____D C:\inetpub
2024-06-17 01:02 - 2024-06-17 01:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-06-17 01:00 - 2024-07-01 23:42 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2221484241-1263235730-2637574372-1000
2024-06-17 01:00 - 2024-06-30 01:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-17 01:00 - 2024-06-30 01:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2024-06-17 01:00 - 2024-06-17 17:55 - 000003276 _____ C:\WINDOWS\system32\Tasks\ASC_PerformanceMonitor
2024-06-17 01:00 - 2024-06-17 01:00 - 000003714 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2221484241-1263235730-2637574372-1000UA{A2CE1023-1F89-4092-BF14-3BCA233CECB6}
2024-06-17 01:00 - 2024-06-17 01:00 - 000003598 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2221484241-1263235730-2637574372-1000Core{73550B76-A631-4331-A975-AB1934074C24}
2024-06-17 01:00 - 2024-06-17 01:00 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-17 01:00 - 2024-06-17 01:00 - 000003280 _____ C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-2221484241-1263235730-2637574372-1000
2024-06-17 01:00 - 2024-06-17 01:00 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-17 01:00 - 2024-06-17 01:00 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002954 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-06-17 01:00 - 2024-06-17 01:00 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2221484241-1263235730-2637574372-1005
2024-06-17 01:00 - 2024-06-17 01:00 - 000002744 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Huw)
2024-06-17 01:00 - 2024-06-17 01:00 - 000002720 _____ C:\WINDOWS\system32\Tasks\iTop Data Recovery Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002702 _____ C:\WINDOWS\system32\Tasks\iTop Screenshot Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002684 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_AutoAnalyze
2024-06-17 01:00 - 2024-06-17 01:00 - 000002674 _____ C:\WINDOWS\system32\Tasks\DSOne Agent
2024-06-17 01:00 - 2024-06-17 01:00 - 000002632 _____ C:\WINDOWS\system32\Tasks\DuplicatePhotoCleaner
2024-06-17 01:00 - 2024-06-17 01:00 - 000002582 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Huw
2024-06-17 01:00 - 2024-06-17 01:00 - 000002580 _____ C:\WINDOWS\system32\Tasks\{0397C9A3-863E-4496-B0B3-E7923A0913A7}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002570 _____ C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2024-06-17 01:00 - 2024-06-17 01:00 - 000002562 _____ C:\WINDOWS\system32\Tasks\iTop Data Recovery SkipUAC (Huw)
2024-06-17 01:00 - 2024-06-17 01:00 - 000002560 _____ C:\WINDOWS\system32\Tasks\Software Updater Scheduler
2024-06-17 01:00 - 2024-06-17 01:00 - 000002556 _____ C:\WINDOWS\system32\Tasks\Driver Booster Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002528 _____ C:\WINDOWS\system32\Tasks\iTop Screenshot SkipUAC (Huw)
2024-06-17 01:00 - 2024-06-17 01:00 - 000002482 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2024-06-17 01:00 - 2024-06-17 01:00 - 000002402 _____ C:\WINDOWS\system32\Tasks\Software Updater SkipUAC(Huw)
2024-06-17 01:00 - 2024-06-17 01:00 - 000002374 _____ C:\WINDOWS\system32\Tasks\{9E25DB88-A553-4F74-B6F5-71BE32D30F03}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002346 _____ C:\WINDOWS\system32\Tasks\IMF_SkipUAC_Huw
2024-06-17 01:00 - 2024-06-17 01:00 - 000002258 _____ C:\WINDOWS\system32\Tasks\{B8EB5E79-58E6-4E5E-BBF5-CFCB2A8AD4C4}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002250 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Huw
2024-06-17 01:00 - 2024-06-17 01:00 - 000002126 _____ C:\WINDOWS\system32\Tasks\{E31D0EC9-7C0C-401E-97CE-415011156FDD}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002094 _____ C:\WINDOWS\system32\Tasks\{EB60A9A2-4EBE-4B3D-8C0C-AE3D3FAA5AE1}
2024-06-17 01:00 - 2024-06-17 01:00 - 000002094 _____ C:\WINDOWS\system32\Tasks\{90F463F5-2ED2-4376-BF59-B436CF298BA3}
2024-06-17 01:00 - 2024-06-17 01:00 - 000000020 ___SH C:\Users\Huw\ntuser.ini
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2024-06-17 01:00 - 2024-06-17 01:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2024-06-17 00:59 - 2024-06-17 01:00 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2024-06-17 00:59 - 2024-06-17 01:00 - 000007623 _____ C:\WINDOWS\diagerr.xml
2024-06-17 00:51 - 2024-06-17 00:51 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\SystemCertificates
2024-06-17 00:51 - 2024-06-17 00:51 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Network
2024-06-17 00:51 - 2024-06-17 00:51 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Crypto
2024-06-17 00:50 - 2024-06-17 00:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-06-17 00:47 - 2024-06-30 01:49 - 000000000 ____D C:\Users\Huw
2024-06-17 00:47 - 2024-06-30 01:23 - 000934858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-17 00:47 - 2024-06-17 01:01 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows
2024-06-17 00:40 - 2024-07-02 13:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-17 00:40 - 2024-06-17 18:10 - 000804400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-06-14 13:39 - 2024-06-28 11:44 - 000000000 ___DC C:\WINDOWS\Panther
2024-06-14 13:37 - 2024-06-14 13:37 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-07-02 13:09 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-02 12:35 - 2023-11-29 00:57 - 000000000 ____D C:\Users\Huw\AppData\Roaming\FreeFileSync
2024-07-02 12:10 - 2019-03-21 19:23 - 000000000 ____D C:\Users\Huw\AppData\Roaming\vlc
2024-07-02 00:55 - 2020-01-14 01:48 - 000000000 ____D C:\Users\Huw\AppData\Local\ClassicShell
2024-07-01 17:27 - 2019-03-21 11:22 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Word
2024-07-01 13:39 - 2020-01-07 16:49 - 000000000 ____D C:\Users\Huw\AppData\Local\D3DSCache
2024-07-01 12:40 - 2022-09-15 15:17 - 000002554 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2024-06-30 17:20 - 2023-02-21 09:10 - 000000000 ____D C:\Users\Huw\AppData\Local\CrashDumps
2024-06-30 11:33 - 2023-11-29 00:57 - 000001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2024-06-30 11:33 - 2023-11-29 00:57 - 000001015 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2024-06-30 11:33 - 2023-11-29 00:57 - 000001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
2024-06-30 11:33 - 2023-11-29 00:57 - 000000991 _____ C:\Users\Public\Desktop\RealTimeSync.lnk
2024-06-30 11:33 - 2023-11-29 00:57 - 000000000 ____D C:\Program Files\FreeFileSync
2024-06-30 01:26 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-30 01:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-30 01:23 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-06-30 01:17 - 2023-08-24 16:26 - 000008192 ___SH C:\DumpStack.log.tmp
2024-06-28 11:57 - 2020-12-15 12:44 - 000001111 _____ C:\WINDOWS\QUICKEN.INI
2024-06-28 11:43 - 2019-10-05 17:51 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Publisher Building Blocks
2024-06-27 16:37 - 2019-03-21 17:04 - 000000000 ____D C:\ProgramData\ProductData
2024-06-27 16:15 - 2021-03-26 09:41 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-06-27 16:09 - 2023-08-30 12:52 - 000000000 ____D C:\ProgramData\ProductData3
2024-06-27 16:09 - 2020-04-28 14:54 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-24 14:15 - 2022-11-03 23:16 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-06-24 01:05 - 2019-03-20 16:30 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Office
2024-06-21 12:22 - 2019-03-21 16:20 - 000000000 ____D C:\Program Files (x86)\Smart Address 2000
2024-06-18 20:27 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-06-18 20:25 - 2021-04-01 16:11 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-18 13:38 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-06-18 13:38 - 2019-03-21 18:06 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2024-06-18 13:00 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-17 18:10 - 2024-05-30 14:03 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-06-17 18:10 - 2022-11-03 23:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-06-17 18:04 - 2019-03-21 17:03 - 000000000 ____D C:\ProgramData\IObit
2024-06-17 18:02 - 2019-03-20 16:19 - 000000000 ____D C:\Users\Huw\AppData\Local\Microsoft Help
2024-06-17 17:54 - 2019-03-21 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2024-06-17 14:41 - 2022-11-03 23:16 - 000001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-06-17 11:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-06-17 10:59 - 2020-01-07 16:38 - 000000000 ____D C:\ProgramData\Packages
2024-06-17 10:59 - 2020-01-07 16:20 - 000000000 ____D C:\Users\Huw\AppData\Local\Packages
2024-06-17 10:59 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-06-17 09:39 - 2024-05-18 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awesome Duplicate Photo Finder
2024-06-17 09:39 - 2024-05-18 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DuplicatePhotoCleaner
2024-06-17 09:39 - 2024-04-29 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 11
2024-06-17 09:39 - 2024-04-02 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2024-06-17 09:39 - 2024-04-01 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop Data Recovery
2024-06-17 09:39 - 2024-03-27 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2024-06-17 09:39 - 2023-10-18 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2024-06-17 09:39 - 2023-09-09 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2024-06-17 09:39 - 2021-11-04 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop Screenshot
2024-06-17 09:39 - 2021-10-28 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirona
2024-06-17 09:39 - 2021-09-17 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2024-06-17 09:39 - 2021-06-22 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plustek OpticFilm 8100 V5.0.2.3
2024-06-17 09:39 - 2021-04-01 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-06-17 09:39 - 2021-03-25 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider
2024-06-17 09:39 - 2020-12-15 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken
2024-06-17 09:39 - 2020-11-22 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photo Finder
2024-06-17 09:39 - 2020-09-29 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2024-06-17 09:39 - 2020-08-21 17:40 - 000000000 ____D C:\WINDOWS\system32\AMD
2024-06-17 09:39 - 2020-07-16 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support One
2024-06-17 09:39 - 2020-05-30 10:56 - 000000000 ____D C:\Program Files\UNP
2024-06-17 09:39 - 2020-01-14 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2024-06-17 09:39 - 2020-01-07 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2024-06-17 09:39 - 2019-12-30 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Software Updater
2024-06-17 09:39 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2024-06-17 09:39 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\IME
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\System
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\schemas
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-06-17 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-17 09:39 - 2019-04-09 13:03 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2024-06-17 09:39 - 2019-03-22 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Address 2000
2024-06-17 09:39 - 2019-03-21 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MapCreator 3
2024-06-17 09:39 - 2019-03-21 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2024-06-17 09:39 - 2019-03-21 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2024-06-17 09:39 - 2019-03-21 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synchromagic
2024-06-17 09:39 - 2019-03-21 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoldWave
2024-06-17 09:39 - 2019-03-21 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2024-06-17 09:39 - 2019-03-21 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2024-06-17 09:39 - 2019-03-21 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2024-06-17 09:39 - 2019-03-20 14:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-06-17 09:39 - 2019-03-20 14:03 - 000000000 ____D C:\Program Files\Common Files\logishrd
2024-06-17 09:39 - 2019-03-20 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2024-06-17 09:39 - 2019-03-20 12:23 - 000000000 ____D C:\Program Files\AMD
2024-06-17 09:39 - 2019-03-20 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2024-06-17 09:39 - 2009-07-14 04:20 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-06-17 09:38 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2024-06-17 09:33 - 2023-03-01 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicWish
2024-06-17 09:33 - 2021-12-27 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2024-06-17 09:33 - 2020-08-16 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2024-06-17 09:33 - 2019-03-21 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2024-06-17 09:33 - 2019-03-21 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin
2024-06-17 09:33 - 2019-03-20 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2024-06-17 09:33 - 2019-03-20 12:23 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2024-06-17 09:33 - 2019-03-20 12:07 - 000000000 ____D C:\Program Files\Realtek
2024-06-17 09:33 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Microsoft Games
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-06-17 09:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-06-17 09:28 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemApps
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-06-17 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-06-17 09:28 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2024-06-17 09:27 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-06-17 09:26 - 2019-12-07 10:52 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-06-17 09:26 - 2019-12-07 10:52 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-06-17 09:26 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-06-17 09:07 - 2019-12-07 10:51 - 000000000 ____D C:\WINDOWS\OCR
2024-06-17 09:07 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-06-17 09:07 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-06-17 01:01 - 2020-01-07 16:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-06-17 01:01 - 2020-01-07 16:21 - 000000000 ___RD C:\Users\Huw\3D Objects
2024-06-17 01:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-06-17 01:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-06-17 01:00 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-06-17 00:51 - 2020-09-28 14:16 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2024-06-17 00:48 - 2024-03-04 13:27 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-06-17 00:48 - 2023-10-27 20:45 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inkscape
2024-06-17 00:48 - 2022-04-30 20:13 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2024-06-17 00:48 - 2021-06-21 10:36 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2024-06-17 00:48 - 2021-04-22 14:13 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2024-06-17 00:48 - 2019-12-07 10:14 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2024-06-17 00:47 - 2021-03-14 15:04 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2024-06-17 00:47 - 2019-03-20 12:15 - 000891256 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2024-06-17 00:42 - 2019-03-20 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-06-17 00:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\tracing
2024-06-16 11:41 - 2019-03-20 15:05 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2024-06-14 17:37 - 2020-12-15 17:54 - 000000000 ____D C:\Program Files (x86)\QUICKENW
2024-06-11 23:15 - 2024-04-01 13:48 - 000000000 ____D C:\Users\Huw\AppData\Roaming\iTop Data Recovery
2024-06-11 22:54 - 2024-04-01 13:48 - 000000000 ____D C:\Program Files (x86)\iTop Data Recovery
2024-06-11 22:34 - 2019-04-09 10:22 - 000000000 ____D C:\Users\Huw\AppData\Roaming\Microsoft\Excel
2024-06-11 21:20 - 2019-03-20 14:37 - 199048176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-06-05 11:34 - 2020-01-07 16:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2019-03-22 16:19 - 2019-04-09 10:52 - 000002617 _____ () C:\Users\Huw\AppData\Roaming\HUW-PC.MTBF.txt
2019-03-26 16:13 - 2019-12-27 22:02 - 000009216 _____ () C:\Users\Huw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2024-05-11 22:03 - 2024-05-11 22:03 - 000000218 _____ () C:\Users\Huw\AppData\Local\recently-used.xbel
2019-08-18 02:32 - 2019-08-18 02:32 - 000000000 _____ () C:\Users\Huw\AppData\Local\{CD8710DC-8301-44B7-B2AC-D7B810F710B1}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by Huw (02-07-2024 13:22:42)
Running from C:\Users\Huw\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4529 (X64) (2024-06-17 00:00:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2221484241-1263235730-2637574372-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2221484241-1263235730-2637574372-503 - Limited - Disabled)
Guest (S-1-5-21-2221484241-1263235730-2637574372-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2221484241-1263235730-2637574372-1004 - Limited - Enabled)
Huw (S-1-5-21-2221484241-1263235730-2637574372-1000 - Administrator - Enabled) => C:\Users\Huw
WDAGUtilityAccount (S-1-5-21-2221484241-1263235730-2637574372-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
Acronis True Image WD Edition (HKLM-x32\...\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}) (Version: 19.0.33 - Acronis)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 17.4.0 - IObit)
AMD Accelerated Video Transcoding (HKLM\...\{B1CC87D5-ABC8-8BB9-AA76-7CFF8A63B554}) (Version: 13.30.100.40529 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B7E1CDB6-83B8-E4BD-E4A5-85CC977BD19C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.7.0 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
Awesome Duplicate Photo Finder v. 1.1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother IPPoverUSB Driver (HKLM-x32\...\{4D844217-17F2-40E2-92A1-D9CE3DD57E4E}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{6a05ac5a-2963-4a6b-aff2-77bdf51ff082}) (Version: 11.0.2.3 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{79F6CD87-9761-414F-87C4-79767318CBFA}) (Version: 10.3.1.1 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{C16B1697-EEE8-4701-81A1-58FF51E00B93}) (Version: 11.0.2.3 - Brother Industries, Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{BA1AA022-45E3-49FA-8DB1-E032112A5ABC}) (Version: 1.6.0.0 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
Bulk Rename Utility 3.4.4.0 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: 3.4.4.0 - TGRMN Software)
Catalyst Control Center - Branding (HKLM-x32\...\{72590884-7F26-4245-8987-2137E1CD7169}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.24 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.3929.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
Dentsply Sirona Sidexis 4 - Viewer (HKLM\...\{015DC716-DFAA-4AD4-AE56-92665E4A8714}) (Version: 4.3.1.0 - Sirona Dental Systems GmbH) Hidden
Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.4.0 - IObit)
Driver Support One (HKLM-x32\...\DSOne) (Version: 1.4.7446.23844 - Asurvio, LP) <==== ATTENTION
Duplicate Photo Cleaner 7 (HKLM\...\{DF4FE8F9-110F-4F20-8F4B-204AAA1A64A5}_is1) (Version: 7.18.0.49 - Webminds, Inc.)
Duplicate Photo Finder (HKLM-x32\...\{82BAA379-A0B8-4637-8286-0A9AD146453F}}_is1) (Version: 1.6.5.0 - Ashisoft)
Duplicate Sweeper (HKLM-x32\...\{13BE2838-6660-4FC9-818C-64C7977AE6C5}) (Version: 1.90 - Wide Angle Software)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2024.1.0.23997 - Foxit Software Inc.)
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.7.7.1110 - Digital Wave Ltd)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.3.111.220 - Digital Wave Ltd)
FreeFileSync [Supporter Edition] (HKLM-x32\...\FreeFileSync_is1) (Version: 13.7 - FreeFileSync.org)
Gadwin PrintScreen (64-Bit) (HKLM\...\{9D41A5E9-499A-4B98-8F05-CAB1C879E046}) (Version: 5.8.5.0 - Gadwin Systems)
GoldWave v5.12 (HKLM-x32\...\GoldWave v5.12) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Google Earth Pro (HKLM\...\{3470AD08-85F2-4B1D-8487-FC4750732087}) (Version: 7.3.6.9796 - Google)
Google Earth Pro (HKLM\...\{F5A0C4E5-0B6C-43B1-AEFA-7E0BE48214FF}) (Version: 7.3.6.9285 - Google)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
HandBrake 1.7.3 (HKLM-x32\...\HandBrake) (Version: 1.7.3 - )
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP)
HP ENVY Photo 6200 series Basic Device Software (HKLM\...\{DF33278E-9E1C-45CD-8884-7BBECBF54B8C}) (Version: 44.9.2759.21325 - HP Inc.)
HP ENVY Photo 6200 series Help (HKLM-x32\...\{B0F106A0-9B78-461B-90B6-E70B13968DC4}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP)
HttpToUsbBridge (HKLM-x32\...\{A92EB32D-F0D1-45D8-A071-262D1229D400}) (Version: 2.0.33.1 - Brother Industries Ltd.)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Inkscape (HKLM\...\{2C69A8D5-2E44-4F99-BD5E-08536B52F1DA}) (Version: 1.3.0 - Inkscape)
IObit Malware Fighter 11 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 11.2.0.1334 - IObit)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 6.5.0.20 - IObit)
IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.4.0.2 - IObit)
iTop Data Recovery (HKLM-x32\...\iTop Data Recovery_is1) (Version: 3.4.0.806 - iTop Inc.)
iTop Screenshot (HKLM-x32\...\iTop Screenshot_is1) (Version: 1.2.3.544 - iTop Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
MapCreator 3 (HKLM-x32\...\MapCreator 3) (Version: 3.0 - primap)
Messenger (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 208.0.580469446 - Facebook, Inc.)
Microsoft .NET Framework 4.7.2 (HKLM\...\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Volume - en-us) (Version: 16.0.10411.20011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Teams) (Version: 1.6.00.11166 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30037 (HKLM-x32\...\{dfea0fad-88b2-4a1f-8536-3f8f9391f4ef}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29325 (HKLM\...\{26AF0C35-55EC-4025-8D83-349E8FB1419F}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29325 (HKLM\...\{7D0362D5-C699-4403-BC09-0C1DAD1D93AB}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30037 (HKLM-x32\...\{01FAEC41-B3BC-44F4-B185-5E8475AEB855}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30037 (HKLM-x32\...\{7D75664A-6C04-424C-82A1-EE88913E5F16}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 12.15 - NCH Software)
MosChip Multi-IO Controller (HKLM\...\MosChip Technology) (Version: - )
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.4.2 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.11.1 (x64 en-US)) (Version: 115.11.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10411.20011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10411.20011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10411.20011 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Opera Stable 111.0.5168.43 (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Opera 111.0.5168.43) (Version: 111.0.5168.43 - Opera Software)
Opera Stable 85.0.4341.75 (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Opera 85.0.4341.75) (Version: 85.0.4341.75 - Opera Software)
OpticFilm 8100 (HKLM-x32\...\{CA3AC3CC-3B2F-45F9-8C68-485269110A8D}) (Version: 5.0.2.3 - )
PagePlusX7ContentDeclaration (HKLM-x32\...\{DDD8D35B-EDEA-45FC-8930-C494B02E42FF}) (Version: 1.0.0.0 - Serif (Europe) Ltd) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PicWish V2.9.3 (HKLM-x32\...\{42ED4049-4165-48B6-843F-4E7AA16497BB}_is1) (Version: 2.9.3 - Wangxu Technology Co.,Ltd.)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Quicken 2002 (HKLM-x32\...\Quicken 2002) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
Serif DrawPlus X4 (HKLM-x32\...\{EEA1BB90-CF27-449E-B269-0C5A660AC4C1}) (Version: 11.0.3.023 - Serif (Europe) Ltd)
Serif PagePlus X7 (HKLM\...\{CB487BBA-A1AC-4B2B-80AC-DED349C897C5}) (Version: 17.0.3.28 - Serif (Europe) Ltd)
Serif PhotoPlus X5 (HKLM-x32\...\{617E7009-0C50-4178-B0E2-F9D66DC8A582}) (Version: 15.0.2.012 - Serif (Europe) Ltd)
Sidexis 4 - Viewer (HKLM-x32\...\{18ba8b0a-c5a6-473c-a3a5-45e2a2c8d648}) (Version: 4.3.1.0 - Dentsply Sirona)
SilverFast 8.8.0r24 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.8.0r24 - LaserSoft Imaging AG)
Smart Address 2000 (HKLM-x32\...\Smart Address 2000_is1) (Version: - Oakley Data Services)
Smart Defrag 9 (HKLM-x32\...\Smart Defrag_is1) (Version: 9.4.0.342 - IObit)
SoftwareUpdateNotification (HKLM-x32\...\{3D1AD910-B82B-4635-B1C3-0CEF9F6F3D34}) (Version: 1.0.21.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{9CE041EA-9991-4A5E-BA7E-D568D47C6735}) (Version: 1.37.1.0 - Brother Industries, Ltd.) Hidden
Synchromagic version 5.0 (HKLM-x32\...\Synchromagic_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.20 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.641 - McAfee, LLC)
Windows Help Viewer (HKLM-x32\...\{2F6F93BF-9A86-4093-B0D9-DEC64CE550E0}) (Version: 6.3.9600.16411 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wise Folder Hider (HKLM-x32\...\Wise Folder Hider_is1) (Version: 5.0.2 - Lespeed Technology Co., Ltd.)
Zoom (HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\ZoomUMX) (Version: 5.17.10 (33775) - Zoom Video Communications, Inc.)
Packages:
=========
HEIC to JPEG (FREE) -> C:\Program Files\WindowsApps\53354DuckheadSoftware.HEICtoJPEGFREE_11.2.6.0_x64__2gc4m0bggm024 [2024-06-17] (Duckhead Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.2.1075.0_x64__v10z8vjag6ke6 [2024-06-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.35.35.0_x64__v10z8vjag6ke6 [2024-05-18] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-06-17] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm [2024-06-20] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Huw\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{2B72BD98-421B-4411-BED3-46F583C97B8E}\InprocServer32 -> C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe (Webminds, Inc. -> Webminds, Inc.)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{5FC44EBC-3A1F-4FBB-85E5-34405788C8D7}\InprocServer32 -> C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Huw\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Huw\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2023-11-03] (IObit Information Technology -> IObit)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-03-07] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2021-02-03] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2023-11-03] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis International GmbH -> Acronis)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-03-07] (IObit CO., LTD -> IObit)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2021-02-03] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-03-07] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-03-07] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2021-02-03] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2023-11-03] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-09-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2023-11-03] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-12-06] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis International GmbH -> Acronis)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.pDAD] => C:\WINDOWS\system32\prodad-codec.dll [607256 2016-11-09] (proDAD GmbH -> proDAD GmbH)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2020-12-15 17:54 - 2002-01-24 21:39 - 000484864 _____ () [File not signed] C:\Program Files (x86)\QUICKENW\ALRTINT8.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000106496 _____ () [File not signed] C:\Program Files (x86)\QUICKENW\QCOMUTIL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000172032 _____ () [File not signed] C:\Program Files (x86)\QUICKENW\QWAPP.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000040960 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\CHANNEL.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000020480 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\CUSTPROF.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000081920 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\GRAPHS6.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000073728 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\HELPTL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000102400 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\LBTMNGR.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 002822144 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\ONLN32.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000065536 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\ONLNCALL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000032768 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\PNF.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000430080 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QACCES32.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000036864 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QDAPP.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000499712 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QDB.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000180224 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\qdbbase.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000114688 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QREP.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000032768 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QSAPI.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000024576 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QSAPIENG.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000065536 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\qsnapeng.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000024576 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QVERSION.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000143360 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWINET.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 002535424 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWOESDK.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 002277376 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWONLINE.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000503808 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWPLAN.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000106496 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWRMND.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 001503232 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWUTIL7.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000221184 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\QWWIN.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000790528 _____ (Intuit) [File not signed] C:\Program Files (x86)\QUICKENW\decApi.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000196608 _____ (Intuit) [File not signed] C:\Program Files (x86)\QUICKENW\QTAXUTIL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000020480 _____ (Intuit) [File not signed] C:\Program Files (x86)\QUICKENW\QWENC.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2020-12-15 17:54 - 2002-01-24 21:39 - 000225280 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\LFCMP70N.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000055808 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\LTFIL70N.DLL
2020-12-15 17:54 - 2002-01-24 21:39 - 000349696 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\QUICKENW\LTKRN70N.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2023-08-25] (IObit CO., LTD -> IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {34EDF7FD-FD9B-420F-A701-CC2C081FB26C} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2024-03-07] (IObit CO., LTD -> IObit)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Huw\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img5.jpg
DNS Servers: 192.168.188.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupfolder: C:^Users^Huw^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Address Call Monitor.lnk => C:\Windows\pss\Smart Address Call Monitor.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Huw^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Address Reminders.lnk => C:\Windows\pss\Smart Address Reminders.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\...\StartupApproved\StartupFolder: => "QuickScan (OpticFilm 8100).lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "msedge_cleanup_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "BrotherSoftwareUpdateNotification"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "Advanced SystemCare"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "vidnotifier.exe"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "Opera Stable"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\StartupApproved\Run: => "com.messenger"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9D3EFCC2-F861-4475-A8C6-64D9B4C134D9}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{5A73275B-E922-43C5-85E6-D527163DA2D8}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{9013325C-449D-4AFE-84DA-D3A75F7D4FD8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{042A39D5-FA07-42D8-A566-BA71CFA06301}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{41CE3B76-64FC-4903-936C-C7ECDF9D74F5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{3EBA44C4-6E1D-47B3-A422-FBEF281A6EB5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{52FCD3B6-33E0-453F-BF72-3F7E0E2B8696}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FEA66384-70A0-4F8B-AC37-AC14C88D0D99}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{340EC906-CF32-43F8-9AAE-3D4623D03E3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1C031265-2FE9-4BFF-AB3F-9640855645AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5DDB363D-FEA9-4C3B-A416-36899B009230}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E4F738C-C909-451F-AADD-C73C0FC48EB8}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DF1D4848-4E21-4549-87A6-EEF7AB21E596}] => (Allow) LPort=54955
FirewallRules: [{2BFCD370-3600-43A9-B075-068EFB8AD1BD}] => (Allow) LPort=54951
FirewallRules: [{19E88170-3FC1-4FAD-903E-5115CC79BC63}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [{C641D8B8-F900-4A26-A015-7F08786E1D88}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [{CEE6917D-3E85-4FDC-9BEB-3DD569AE420B}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8C779644-0E48-427F-8D6A-05AF389316E8}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6F23678A-9DB1-4982-94E5-38E9AFA8D21E}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{84DAF525-40E1-45DB-84D2-9B026FE13D38}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1AE3A57D-55DF-49AA-88FE-A93940818AE1}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2DE91B46-9A45-495E-98C3-7DE6AAF2A5C3}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6DCAFD4C-C451-473B-AEF1-B202C6DD9C61}] => (Allow) C:\Program Files (x86)\PicWish\PicWish\PicWish.exe (Apowersoft Ltd -> PicWish)
FirewallRules: [{174FFB0E-2F07-4B0F-B0B8-9084B3D8C60A}] => (Allow) C:\Program Files (x86)\PicWish\PicWish\PicWish.exe (Apowersoft Ltd -> PicWish)
FirewallRules: [{864B3862-8F0A-449B-8DD0-62939CF01670}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AF7F8338-CE1D-4A7F-A4B2-DE95E82256A7}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FC5F7E0E-65C8-4432-8989-039378582AE1}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A8E4979A-8DA7-41F1-9599-489725A37897}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DA64D2D4-4610-41F9-A8FA-7D897773B13C}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{777147EF-050F-4CF5-8E4A-9436E185AEDD}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{4C344C50-2C72-4E2E-BEE5-C56C497ADDF2}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{554EF9E6-3400-47F6-8FE9-23D7E41506BE}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F8A80DD2-9C05-4564-89EA-F1D6128ED0A3}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{70D170C4-9F97-4BD9-95AD-52F0CAFE2214}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C0753F9B-E25C-4E8B-B721-8DE3CB3125D2}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{71D54DC3-E5C4-4363-B9A1-A443180DC80D}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{535CB18A-78A3-45B8-8CF1-EE34E601F2CD}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{883D6870-3A70-41E1-9229-992B1BEFB7BA}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A91F5445-8493-4435-9EB9-7CD71222BF00}] => (Allow) C:\Users\Huw\AppData\Local\Programs\Opera\85.0.4341.60\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{84D7850F-04C4-4446-8F33-4A17393794E5}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{2B780EDA-A06C-4EB7-A761-E51756BD28E4}C:\users\huw\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\huw\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{31A6557D-03FB-4A6F-83F3-60FB19C989E2}C:\users\huw\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\huw\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8FA25A8-B244-463C-BFA9-1E56FC8A209F}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{647A5981-1338-4711-B7C7-9830E91567A1}] => (Allow) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{D9E2C670-C84B-4563-8C7F-0B357F5ADE16}] => (Allow) LPort=5357
FirewallRules: [{804CCBD9-D1BF-4614-961D-5AD38B8949BD}] => (Allow) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{295FF832-302B-45E4-BE1E-E0FDB9A3BAB9}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0CD8D6B1-59FF-42BE-9487-F946B013737A}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A8DEDEA7-353E-406F-8558-CC542C776C97}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2ACD2AA8-46D1-4721-9294-588F59FA46B1}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7D1E91ED-4A5F-4EBE-91EC-41B93D381A71}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{500455FA-54B4-4E11-AB50-4F66184A1DC8}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FDB5B366-0C92-4C38-8535-2F915F1EBDE7}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E987DCF5-1424-42B0-A98D-4B0DF2F860F7}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A892B46A-7F50-472B-ABF1-4DFABE664124}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7676FB8B-C61A-4513-8046-F36C3DD4D39E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C520E44F-3624-40A8-A4D6-0BAA0BA59967}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56ACB5EB-8118-4BB5-9D74-684E4A62C18B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{344E1A10-7BD4-4F2C-AB0F-939D9F303EB7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4BB7132D-91A2-46A7-982A-5CBF3F8FF2A5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB9238E6-1C10-4D03-8869-C70E2C90B063}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{99905F88-7916-48CD-88A5-9F1ED7AD27A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{121CAB24-A190-41C4-AE0C-E7B230E6037A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2C113CA-5C82-4287-B1EB-B95CC37EB3BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C771D663-BE5E-4F84-8F51-4DAA92DC3D82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{D1BA20B2-E088-4160-9603-8055D759F033}C:\program files (x86)\smart address 2000\saremind.exe] => (Block) C:\program files (x86)\smart address 2000\saremind.exe (Oakley Data Services) [File not signed]
FirewallRules: [TCP Query User{28F9C725-7142-4341-BFB5-7B0A3A532629}C:\program files (x86)\smart address 2000\saremind.exe] => (Block) C:\program files (x86)\smart address 2000\saremind.exe (Oakley Data Services) [File not signed]
FirewallRules: [UDP Query User{FE30FF53-1225-4078-BE1F-00D931630400}C:\program files (x86)\smart address 2000\smartadr.exe] => (Allow) C:\program files (x86)\smart address 2000\smartadr.exe (Oakley Data Services) [File not signed]
FirewallRules: [TCP Query User{E7A7E34B-5850-47D7-A4E8-C8469D42D5D9}C:\program files (x86)\smart address 2000\smartadr.exe] => (Allow) C:\program files (x86)\smart address 2000\smartadr.exe (Oakley Data Services) [File not signed]
FirewallRules: [UDP Query User{3B1C50FB-F815-45E9-A498-611F0A7DA9F9}C:\program files (x86)\smart address 2000\saremind.exe] => (Allow) C:\program files (x86)\smart address 2000\saremind.exe (Oakley Data Services) [File not signed]
FirewallRules: [TCP Query User{2116CBFA-78EE-4C93-A685-789E42306641}C:\program files (x86)\smart address 2000\saremind.exe] => (Allow) C:\program files (x86)\smart address 2000\saremind.exe (Oakley Data Services) [File not signed]
FirewallRules: [{EF3780A6-E17A-4729-BFD9-0D1B8FB7B0D8}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D60BAA82-D5FF-44F0-88B8-D0EA88F7106C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{83342D88-48A6-4916-80E7-F83C4B282B72}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{4EF61D9E-2156-45CD-A07A-C0B8BA122317}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E6C81571-01FA-44F3-9BFF-D9F98B845DEA}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AE3A1763-4039-40DC-AA62-C877CC86231A}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F2BE528D-9D94-4D55-B81E-C42F5062FA1E}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{944001C9-EC61-4CDE-B933-B83F4EB1D4EE}] => (Allow) C:\Users\Huw\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0DAA35FC-916A-4546-A2DF-8307160405B1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{DAFE14BE-1172-46D7-8CB9-F6698BC5B0BA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E4B53537-A0D6-4B70-841A-D53279FB0E82}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{01E6D627-56FB-4755-9D41-61FC24E6F061}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{4A8D2345-B5CC-4495-8E58-75E5EA6DB983}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D3E45CDA-23CA-4956-A4B2-FEC16874D80F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{97F308ED-B3A4-4CFC-AA19-D419E4688A77}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{18B7A62F-67F0-4C33-B630-182BEAC0ACD4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E4EC6218-0474-413C-9452-77EBB1708BAF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{401DA980-0288-46ED-9E41-EF4981E40177}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DED17519-D4DC-45B9-8988-51BD69F356C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37EA6F1A-6542-40D8-816E-EDC6F08523BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9876E582-0762-4EC9-8D42-9F68A9A51B5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{56D1BAC4-AEA7-4DE4-AC33-0FD2DA1E91D8}] => (Allow) C:\Users\Huw\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{FA4A45B6-0499-4AE9-9B27-D0E136DB91C7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
28-06-2024 17:37:29 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (07/01/2024 01:39:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FreeFileSync_x64.exe version 13.7.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2b54
Start Time: 01dacbb0828bc2e7
Termination Time: 4294967295
Application Path: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
Report Id: c687c363-4ca1-412c-9267-8343d245e20a
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (06/30/2024 05:20:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0x77c
Faulting application start time: 0x01dacb09745d05a6
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: 029334b6-3eca-4f84-9ee6-fa2d10e16bf6
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 05:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0x28d0
Faulting application start time: 0x01dacb096eb5e591
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: ee27feab-2d2b-4a66-8adc-7ca0b2ee0ba0
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 05:20:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0xa04
Faulting application start time: 0x01dacb0969359f43
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: 82c52442-15aa-49de-a142-340cafa27122
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 05:19:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0xb14
Faulting application start time: 0x01dacb095579fb84
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: 002e8104-683d-49a2-80a7-bb0cb6a30ea3
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 05:19:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.3636, time stamp: 0x6d07b58e
Faulting module name: ti_managers_proxy.dll, version: 19.0.0.33, time stamp: 0x5852cfbf
Exception code: 0xc0000005
Fault offset: 0x0000a219
Faulting process id: 0x1ba8
Faulting application start time: 0x01dacb094e56c819
Faulting application path: C:\WINDOWS\SysWOW64\DllHost.exe
Faulting module path: C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
Report Id: 55cd0689-14b2-4f8e-aace-0b3af7aadce5
Faulting package full name:
Faulting package-relative application ID:
Error: (06/30/2024 01:17:31 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
Error: (06/30/2024 01:17:31 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
System errors:
=============
Error: (07/02/2024 11:21:44 AM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (07/01/2024 02:41:44 PM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (07/01/2024 01:22:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Hewlett-Packard - USB - 2/10/2017 12:00:00 AM - 44.1.2402.1741.
Error: (07/01/2024 01:22:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Microsoft - Printer - 6/22/2006 12:00:00 AM - 6.1.7233.1.
Error: (06/30/2024 04:14:49 PM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (06/30/2024 03:07:52 PM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (06/30/2024 02:07:19 PM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (06/30/2024 11:57:58 AM) (Source: DCOM) (EventID: 10010) (User: Huw-PC)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2024-07-02 12:45:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-07-01 13:56:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-30 11:06:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-30 08:35:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-30 08:29:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2024-06-18 20:40:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:40:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:40:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:40:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:32:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:32:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2024-06-18 20:32:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. FB 10/31/2014
Motherboard: Gigabyte Technology Co., Ltd. 970A-DS3P
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 16350.65 MB
Available physical RAM: 11697.63 MB
Total Virtual: 32734.65 MB
Available Virtual: 27798.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:246.56 GB) (Free:139 GB) (Model: WDC WDS 100T2B0A-00SM50 SATA Disk Device) NTFS
Drive d: (Documents) (Fixed) (Total:683.83 GB) (Free:485.46 GB) (Model: WDC WDS 100T2B0A-00SM50 SATA Disk Device) NTFS
Drive e: (Pictures and Videos) (Fixed) (Total:931.5 GB) (Free:602.57 GB) (Model: Samsung SSD 870 QVO 1TB SATA Disk Device) NTFS
Drive g: (Windows 10 Backup) (Fixed) (Total:465.63 GB) (Free:0 GB) (Model: ST350041 8AS SATA Disk Device) NTFS
Drive h: (Seagate Portable Drive) (Fixed) (Total:931.51 GB) (Free:402.88 GB) (Model: Seagate Expansion SCSI Disk Device) NTFS
Drive j: (Buffalo Drive) (Fixed) (Total:931.51 GB) (Free:728.22 GB) (Model: BUFFALO INC. HDD IEEE 1394 SBP2 Device) NTFS
Drive q: (QUICKEN) (Fixed) (Total:0.34 GB) (Free:0.13 GB) (Model: WDC WDS 100T2B0A-00SM50 SATA Disk Device) FAT32
\\?\Volume{19d81ea6-5242-48b4-a3f1-dbdca074cd0e}\ () (Fixed) (Total:0.56 GB) (Free:0.07 GB) NTFS
\\?\Volume{f63826ee-0ea7-4998-a265-c2caad3c34cb}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 78C44749)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 877FA422)
Partition: GPT.
==========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 5A6DF27B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: 8A7065E8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
As to the cause, since it's only photo type files and only some (not the most recent for example) my guess is one of your many duplicate file finding programs has renamed them to make them unique or it couldn't decide which one is the 'master' so has kept them all and giving them a date/time stamp.
From a quick eyeball scan of your logs, you have;
I first came across ioBit stuff many years ago, and then at least, it was simply rubbish, causing more harm than help. Same as any sort of driver update software I have seen - nothing more than ineffective, malicious crap peddled by snake-oil salesman.
When was the last time you ran any of those duplicate file finding programs?
And does that time tie in with what photos have not had a date/time name change?
From a quick eyeball scan of your logs, you have;
- Awesome Duplicate Photo Finder
- Duplicate Photo Finder
- Duplicate Photo Cleaner
- Duplicate Sweeper
- Driver Booster
- Driver Support One
I first came across ioBit stuff many years ago, and then at least, it was simply rubbish, causing more harm than help. Same as any sort of driver update software I have seen - nothing more than ineffective, malicious crap peddled by snake-oil salesman.
When was the last time you ran any of those duplicate file finding programs?
And does that time tie in with what photos have not had a date/time name change?
Uninstall the following with GeeK Uninstaller
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 17.4.0 - IObit)
Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.4.0 - IObit)
Driver Support One (HKLM-x32\...\DSOne) (Version: 1.4.7446.23844 - Asurvio, LP) <==== ATTENTION
IObit Malware Fighter 11 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 11.2.0.1334 - IObit)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 6.5.0.20 - IObit)
IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.4.0.2 - IObit)
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Download Malwarebytes v.4 . Install and run.
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 17.4.0 - IObit)
Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.4.0 - IObit)
Driver Support One (HKLM-x32\...\DSOne) (Version: 1.4.7446.23844 - Asurvio, LP) <==== ATTENTION
IObit Malware Fighter 11 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 11.2.0.1334 - IObit)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 6.5.0.20 - IObit)
IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.4.0.2 - IObit)
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Code:
start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {220CD70C-43F3-457B-A188-C04E906B28FA} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {40E93541-895E-4986-ADB8-AE963FDCB067} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {C11399A1-0ABD-48BA-ADF4-34BCA0CCC618} - System32\Tasks\DSOne Agent => C:\Program Files (x86)\Driver Support One\DSOne.exe [1086656 2020-06-02] (Asurvio, LP -> Asurvio LP) <==== ATTENTION
Task: {4BA79B2A-C96A-4AEC-8EF8-81335020A392} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [2194440 2024-03-12] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {A8B64938-B491-4BA2-A179-AAC136834F49} - System32\Tasks\Software Updater SkipUAC(Huw) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4561416 2024-03-12] (IObit CO., LTD -> IObit) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
R3 cpuz154; C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [40976 2024-06-30] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {FCEDCB5A-529F-433D-BADD-6234CA9CBBA2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-27] (AVG Technologies USA, LLC -> AVG Technologies)
C:\Program Files\Common Files\AVG
C:\Program Files (x86)\Driver Support One
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\Run: [com.messenger] => "C:\Users\Huw\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
Task: {220CD70C-43F3-457B-A188-C04E906B28FA} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {40E93541-895E-4986-ADB8-AE963FDCB067} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {F63E0DDC-2C75-4441-96A6-AE3F45340CA2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {F4A6A04E-F558-490E-94AD-FB747FAB3568} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {7E72C13E-D2BE-465C-AED2-557C32DDFB7A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4225AA2C-FD8E-4065-B5DF-0E0EEA1D94E6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {BA3E05A9-3DC5-4C3F-97DD-92CD4748AB13} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {4CCCF5FF-25B6-4535-A3E6-3BC7BD11010A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {3356D6BC-E82B-46EB-8E23-FFD82254D58C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {778214DB-CC8B-4DC2-8572-FA523A124127} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {6EDB3AAD-0A7B-45A5-8FAF-9136F3E4C23F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {BB6A194D-7756-412B-A398-1FEBC74149B8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {28379DA4-66B3-4C75-A97B-03BB461D690F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5CE9D087-7F86-42E1-8FED-7C4F42F8CC1C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {1BEB23D7-0E64-43EC-B70A-0FFC958CB198} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D2CF5F2F-E491-4270-87AC-437FF94077E7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {E6BA2871-74A2-4C72-8822-18CF3F71B7FE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {BBA1404E-6B55-43FF-97B8-A79340594E73} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {3356DA62-C4DA-4773-BE02-AFB78931AF6A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {4CDD7FCB-90FA-4EB3-973F-D1546D3FCF2F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {BFED4D8C-F9DA-4666-B36A-FBEE07BE7887} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2CDF0C09-7B42-41DB-B811-AC32A2F5D068} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {A137888F-F049-4056-BBAA-7A066C52E510} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {9F1DA2F7-DA72-4415-8420-F054D19EDDDF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
C:\WINDOWS\system32\Tasks\{0397C9A3-863E-4496-B0B3-E7923A0913A7}
C:\WINDOWS\system32\Tasks\{B8EB5E79-58E6-4E5E-BBF5-CFCB2A8AD4C4}
C:\WINDOWS\system32\Tasks\{E31D0EC9-7C0C-401E-97CE-415011156FDD}
C:\WINDOWS\system32\Tasks\{EB60A9A2-4EBE-4B3D-8C0C-AE3D3FAA5AE1}
C:\WINDOWS\system32\Tasks\{90F463F5-2ED2-4376-BF59-B436CF298BA3}
C:\WINDOWS\system32\Tasks\AVG
C:\Users\Huw\AppData\Local\{CD8710DC-8301-44B7-B2AC-D7B810F710B1}
HKU\S-1-5-21-2221484241-1263235730-2637574372-1000\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
BHO: No Name -> {34EDF7FD-FD9B-420F-A701-CC2C081FB26C} -> No File
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
FirewallRules: [{DF1D4848-4E21-4549-87A6-EEF7AB21E596}] => (Allow) LPort=54955
FirewallRules: [{2BFCD370-3600-43A9-B075-068EFB8AD1BD}] => (Allow) LPort=54951
FirewallRules: [{D9E2C670-C84B-4563-8C7F-0B357F5ADE16}] => (Allow) LPort=5357
File: C:\WINDOWS\system32\Drivers\lvuvc.hs
File: C:\WINDOWS\system32\drivers\JitDriver.sys
CMD: dism /online /cleanup-image /restorehealth
CMD: sfc /scannow
RemoveProxy:
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::Download Malwarebytes v.4 . Install and run.
- Once the MBAM dashboard opens, click on Settings (gear icon).
- Click on Security tab and make sure that all four Scan options are enabled.
- Close Settings and click on the Scan button on the dashboard.
- Once the scan is completed make sure you have it quarantine any detections it finds.
- If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
- If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
- If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.
Closing – no activity.
To request a re-open, go to Members > Staff Members, click a Staffer then Start Conversation and quote thread name.
To request a re-open, go to Members > Staff Members, click a Staffer then Start Conversation and quote thread name.
- Status