Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2022 Ran by xanderusa (01-01-2023 16:04:26) Running from C:\Users\xanderusa\Downloads Microsoft Windows 10 Home Version 22H2 19045.2364 (X64) (2020-10-02 04:22:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-897932974-2442178479-4115753467-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-897932974-2442178479-4115753467-503 - Limited - Disabled) defaultuser0 (S-1-5-21-897932974-2442178479-4115753467-1002 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-897932974-2442178479-4115753467-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-897932974-2442178479-4115753467-504 - Limited - Disabled) xanderusa (S-1-5-21-897932974-2442178479-4115753467-1003 - Administrator - Enabled) => C:\Users\xanderusa ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated) Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0) (Version: 17.0 - Adobe Inc.) Adobe AIR (HKLM-x32\...\{7D5344C9-E173-4148-93EC-6137D797835A}) (Version: 29.0.0.112 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated) Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788 - Adobe Inc.) Adobe Flash CS6 (HKLM-x32\...\{DD03FA15-5C20-4738-B3A0-9A6FF837929A}_is1) (Version: 12.0.0.481 - El Abuelo Sawa) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Help Manager (HKLM-x32\...\{AF37176A-78CA-545B-34EF-8B6A21514DD1}) (Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824272646}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 12.3 (HKLM-x32\...\{4487064C-F31E-4499-A1EF-9B8E809A0358}) (Version: 12.3.5.205 - Adobe, Inc) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{2282AFD7-5074-4BC6-B1F7-205AAC8F6AC9}) (Version: 18.6.1844.34416 - Alcor Micro Corp.) Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.1 - Sereby Corporation) Amazon Kindle (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Amazon Kindle) (Version: 1.36.0.65107 - Amazon) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Argente - Registry Cleaner 3.1.2.0 (HKLM\...\Argente - Registry Cleaner_is1) (Version: 3.1.2.0 - Raúl Argente) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) Audacity 3.2.1 (HKLM\...\Audacity_is1) (Version: 3.2.1 - Audacity Team) blender (HKLM\...\{3033FBAD-BA86-469B-8C6F-ECD41334BD4D}) (Version: 2.93.5 - Blender Foundation) Blender (HKLM\...\{F343C69A-4ABA-434C-9C73-12A519D269CD}) (Version: 2.80.0 - Blender Foundation) BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.9.500.1019 - BlueStack Systems, Inc.) BlueStacks X (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\BlueStacks X) (Version: 0.19.3.1001 - BlueStack Systems, Inc.) Boris FX Continuum 2020 Plug-ins for OpenFX and Compatible Products (HKLM\...\{CD3E4D20-4EAA-461F-9025-FAD60661D06D}_is1) (Version: 13.0.0 - Boris FX, Inc.) Boris FX Mocha Plug-ins 2022 for Adobe (HKLM\...\{C84E7DD3-AA23-4B4A-BB51-085A65EB2548}) (Version: 9.0.1 - Boris FX, Inc.) Boris FX Sapphire Plug-ins 2019.52 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: 12.520 - Boris FX, Inc.) Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 6.07 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org) Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - ) CORSAIR iCUE Software (HKLM-x32\...\{10730A22-FBFF-43C4-92EA-1583832711B4}) (Version: 3.37.140 - Corsair) CyberLink Media Suite 12 (HKLM-x32\...\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}) (Version: 12.2.0324.52004 - CyberLink Corp.) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.) CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6511 - CyberLink Corp.) Hidden CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2826.0 - CyberLink Corp.) Hidden Dell Digital Delivery Services (HKLM-x32\...\{560DFD4A-23E2-45DD-A223-A4B3FA356913}) (Version: 4.0.92.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\InstallShield_{6EC2BBF2-A438-4240-A7C1-748309E77E02}) (Version: 3.0.98.0 - Dell Inc.) Dictate (HKLM-x32\...\{8475267E-D7DF-4A6D-A126-2C6B519E6F74}) (Version: 5.00.0000 - Microsoft) DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation) Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - ) Evernote v. 6.25.1 (HKLM-x32\...\{CA92FF58-B652-11EA-A23A-42010A401FD0}) (Version: 6.25.1.9091 - Evernote Corp.) Excel (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel) ExpressVPN (HKLM-x32\...\{33f23ba6-f3f2-4d75-a07c-d1e922da392c}) (Version: 12.39.1.5 - ExpressVPN) ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8983D8836}) (Version: 12.39.1.5 - ExpressVPN) Hidden FileZilla 3.62.2 (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\FileZilla Client) (Version: 3.62.2 - Tim Kosse) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Google Ads Editor (HKLM-x32\...\{BD8B9D40-4659-11EC-9DAF-DC4A3E998CF6}) (Version: 13.8.2.0 - Google) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.125 - Google LLC) Google Chrome Canary (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Google Chrome SxS) (Version: 99.0.4840.0 - Google LLC) HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - ) HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard) HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) iCloud (HKLM\...\{359CA9EA-898C-4F5C-80D9-C111F27B489E}) (Version: 7.17.0.13 - Apple Inc.) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{00176A23-1A4E-4429-817E-44B40D9EF692}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{0854C811-6DAD-441D-AB36-2F73631A04A1}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{650FF4FD-69E7-4AA4-9F46-6B7DFC8489F7}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{1535E647-D354-4775-9EE8-FD9E8ED0701A}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 22.3 - Intel) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.5.1025 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{69A3A70F-818A-47ED-8226-583A839DF7F9}) (Version: 15.7.5.1025 - Intel Corporation) Hidden Intel(R) Ready Mode Technology (HKLM\...\{7331913F-E841-469A-B151-1046F1889E7B}) (Version: 1.1.70.518 - Intel Corporation) Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.52.230.1 - Intel Corporation) Hidden Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden Intel(R) Wireless Manageability Driver (HKLM\...\{0859D400-7865-4657-90B2-85C84B45B41B}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Wireless Manageability Driver Extension (HKLM\...\{BBC1E59D-8BF9-4AED-8B02-DC54DDE462D0}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) iZotope iDrum (HKLM-x32\...\iZotope iDrum_is1) (Version: 1.75 - iZotope, Inc.) Kindle Create (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Kindle Create) (Version: 1.29.17.0 - Amazon) LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech Capture (HKLM\...\Capture) (Version: 2.08.11 - Logitech) Magic Bullet Suite 64-bit (HKLM\...\{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) Hidden Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) magicJack (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\magicJack) (Version: 4.18.9462.6668 - magicJack L.P.) Malwarebytes version 4.5.19.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.19.229 - Malwarebytes) Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon) Messenger 97.11.116 (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 97.11.116 - Facebook, Inc.) Microsoft .NET Host - 6.0.5 (x64) (HKLM\...\{F3B3A61B-DC16-429A-A260-DBAFE66741A9}) (Version: 48.23.40665 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.5 (x64) (HKLM\...\{3E6CCD41-6B96-47BD-8E1E-D7B593CEE976}) (Version: 48.23.40665 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.5 (x64) (HKLM\...\{089A177D-98AE-4195-A115-D3C45613B875}) (Version: 48.23.40665 - Microsoft Corporation) Hidden Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.54 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.54 - Microsoft Corporation) Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\OneDriveSetup.exe) (Version: 22.238.1114.0002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Teams) (Version: 1.5.00.31168 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft VC++ redistributables repacked. (HKLM\...\{2FAF2A80-5906-467E-8AD2-B83C94383600}) (Version: 12.0.0.0 - Intel Corporation) Hidden Microsoft VC++ redistributables repacked. (HKLM-x32\...\{F85F7FF0-5DFF-4BC0-9045-C9573D1BC11F}) (Version: 12.0.0.0 - Intel Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual Studio Code (User) (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.73.1 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.5 (x64) (HKLM\...\{DE578B32-084A-49E7-8E55-6F58A37578C0}) (Version: 48.23.40699 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.5 (x64) (HKLM-x32\...\{0f711ee3-eb88-456d-acb4-c2ee31add211}) (Version: 6.0.5.31215 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden Mocha Plug-ins 2021 for OFX (HKLM\...\{2ED4A161-6720-4CC4-91E9-99C63D8EF98E}) (Version: 8.0.3 - Imagineer Systems) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 108.0.1 (x64 en-US)) (Version: 108.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0.1 - Mozilla) Mozilla Thunderbird 60.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.8.0 (x86 en-US)) (Version: 60.8.0 - Mozilla) MSVCRT Redists (HKLM\...\{0B98B330-A098-11E8-B35C-00155D6302F2}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden MSVCRT Redists (HKLM\...\{52116C70-79F9-11E6-9541-BB95F5A309BD}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden MSVCRT Redists (HKLM\...\{FDB647E1-FA63-11EB-80FB-00155DEA5CED}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden NDI 4 Runtime (HKLM\...\{71AFF296-ED43-4166-8301-4649285EE712}_is1) (Version: - NewTek, inc.) NewBlue plug-ins bundle patch build 121206 (HKLM\...\NewBlue plug-ins bundle patch build 121206_is1) (Version: 3.0.0.0 - NewBlue Inc.) NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue) NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue) Node.js (HKLM\...\{91F74847-89FC-44F0-802A-747D265FDA53}) (Version: 8.9.3 - Node.js Foundation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.4.7 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA Graphics Driver 516.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.94 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.0.1 - OBS Project) obs-ndi version 4.9.0 (HKLM-x32\...\{69FA0C71-8BEB-4E0D-B5D2-53BFF9192EE2}_is1) (Version: 4.9.0 - Stephane Lepin) obs-virtualcam (HKLM-x32\...\obs-virtualcam) (Version: - ) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15831.20184 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Outlook (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Peace (HKLM\...\Peace) (Version: 1.4.8.6 - P.E. Verbeek) Pointofix (HKLM-x32\...\Pointofix_is1) (Version: - Amerigomedia) PowerPoint (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony) proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH) Python 3.10.2 (64-bit) (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\{c60fd5ac-367d-4e3a-a975-f157502ac30a}) (Version: 3.10.2150.0 - Python Software Foundation) Python 3.10.2 Add to Path (64-bit) (HKLM\...\{F55A8CCD-A817-4C53-91B8-4B7E6C49DA7B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 Core Interpreter (64-bit) (HKLM\...\{6475B354-B0F6-4837-8738-784937D647B2}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 Development Libraries (64-bit) (HKLM\...\{8277936D-8A34-4758-893C-0B29342A6F27}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 Documentation (64-bit) (HKLM\...\{B51A07AD-9BCE-485D-8721-C7C83992794B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 Executables (64-bit) (HKLM\...\{EDEE3162-8399-42D4-9D7C-7DA21275BFD0}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 pip Bootstrap (64-bit) (HKLM\...\{08B7036F-0609-4634-9A5F-1688230E9D9D}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 Standard Library (64-bit) (HKLM\...\{D862D299-FDC2-4571-B3A1-27CEE951D2D1}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 Tcl/Tk Support (64-bit) (HKLM\...\{7863DF45-23BB-4D83-97B3-CF08F3192F5B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 Test Suite (64-bit) (HKLM\...\{D68594E9-2F98-4EA0-8A94-5D7D9FF51960}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.10.2 Utility Scripts (64-bit) (HKLM\...\{300F0759-8294-4971-9FAD-7AB19FA7B270}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden Python 3.11.1 (64-bit) (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\{fca95908-8c70-405d-9e72-cd746e2f7786}) (Version: 3.11.1150.0 - Python Software Foundation) Python 3.11.1 Add to Path (64-bit) (HKLM\...\{592A8BDA-2DD1-4C98-86D1-72B14B0464FD}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 Core Interpreter (64-bit) (HKLM\...\{5D1EFF51-4740-4E62-8E49-11C13DEC34C3}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 Development Libraries (64-bit) (HKLM\...\{988799D6-A7CE-4F51-89AF-1E4A64FA7ECA}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 Documentation (64-bit) (HKLM\...\{5EB7FFE8-5B05-4DD3-9DE0-D0F20D93FA6C}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 Executables (64-bit) (HKLM\...\{A7DE96A8-2F75-44B2-B46E-5D50DE5B1B80}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 pip Bootstrap (64-bit) (HKLM\...\{C5FAF3D9-A03D-4F6A-AAC9-87735DDA5DCF}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 Standard Library (64-bit) (HKLM\...\{21EEFB31-6A96-4CAE-9A3B-B7FD6374C155}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 Tcl/Tk Support (64-bit) (HKLM\...\{66CA643F-68B2-4063-8F87-34D48A2C49ED}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 Test Suite (64-bit) (HKLM\...\{EFFC2C23-AEE2-4867-998C-5F5A902496C0}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python 3.11.1 Utility Scripts (64-bit) (HKLM\...\{E63D4F21-1B1F-43DC-9347-4FB51A71704C}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{8A19B72D-62A8-4198-BEBD-CAEF117194C8}) (Version: 3.11.8009.0 - Python Software Foundation) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.32.1206.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9225.1 - Realtek Semiconductor Corp.) REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{6BFBB929-C278-42B3-8065-FF1178E071B8}) (Version: 13.231.243 - REALTEK Semiconductor Corp.) Sandboxie 5.60.3 (64-bit) (HKLM\...\Sandboxie) (Version: 5.60.3 - sandboxie-plus.com) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com) Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.19260 - Microsoft Corporation) Telegram Desktop (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.5 - Telegram FZ-LLC) The T-Pain Effect Bundle (HKLM-x32\...\The T-Pain Effect Bundle_is1) (Version: 1.02 - iZotope, Inc.) TTEC Initial System Assessment (HKLM-x32\...\TTEC ISA) (Version: 3.4.3.0 - TTEC) Universe (HKLM\...\Universe v3.3.1) (Version: - Red Giant LLC) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation) VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VEGAS Deep Learning Models (HKLM\...\{944F8A4F-E698-404E-B121-4F73E1C21BE4}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden VEGAS Deep Learning Models (HKLM\...\MX.{944F8A4F-E698-404E-B121-4F73E1C21BE4}) (Version: 19.0.0.0 - MAGIX Software GmbH) VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS) VEGAS Pro 16.0 (HKLM\...\{0A119E00-A098-11E8-A73C-00155D6302F2}) (Version: 16.0.248 - VEGAS) VEGAS Pro 19.0 (HKLM\...\{FB6AD140-FA63-11EB-982B-00155DEA5CED}) (Version: 19.0.341 - VEGAS) Visual C++ 10.0 CRT (x64) (HKLM\...\{BFF61907-AA2D-3A26-8666-98D956A62ABC}) (Version: 10.0 - Microsoft Corporation) Hidden Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) WinRAR 6.02 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH) Word (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word) YouTube (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\6d9d1262dd92d3dd8f2d8aeb50569a69) (Version: 1.0 - Google\Chrome) Zello (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\1a531e37-9acf-5dbc-9298-b519954e1d38) (Version: 11.0.1 - Zello Inc.) Zello 2.6.0.0 (HKLM-x32\...\Zello) (Version: 2.6.0.0 - Zello Inc) Zemana AntiMalware version 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana) Zoom (HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2022-11-18] (Adobe Systems Incorporated) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.28.17.0_x64__kgqvnymyfvs32 [2022-12-13] (king.com) CyberLink Media Suite Essentials -> C:\Program Files\WindowsApps\DB6EA5DB.CyberLinkMediaSuiteEssentials_1.0.10.0_x86__mcezb6ze687jp [2022-11-18] (CYBERLINK CORPORATION.) Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.49.0_x64__htrsf667h5kn2 [2022-11-18] (Dell Inc) Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2022-11-18] (Dell Inc) Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2022.1209.5.0_neutral__8xx8rvfyw5nnt [2022-12-13] (Meta) Grammarly for Microsoft Edge -> C:\Program Files\WindowsApps\Grammarly.GrammarlyforMicrosoftEdge_1.121.2317.0_neutral__zee0y2571dhse [2022-11-18] (Grammarly) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_141.2.441.0_x64__v10z8vjag6ke6 [2022-12-05] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-11-18] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-11-18] (Microsoft Corporation) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.11129.457.0_x64__8wekyb3d8bbwe [2022-12-22] (Microsoft Corporation) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-11-18] (Microsoft Corporation) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-11-18] (NVIDIA Corp.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-11-18] (Microsoft Corporation) Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.3568.0_x64__qbz5n2kfra8p0 [2022-12-13] (Python Software Foundation) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2022-11-18] (Twitter Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-897932974-2442178479-4115753467-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-AFA095AA6940} -> [Creative Cloud Files] => C:\Users\xanderusa\Creative Cloud Files [2019-02-23 13:25] CustomCLSID: HKU\S-1-5-21-897932974-2442178479-4115753467-1003_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\xanderusa\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22272.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-897932974-2442178479-4115753467-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-897932974-2442178479-4115753467-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) CustomCLSID: HKU\S-1-5-21-897932974-2442178479-4115753467-1003_Classes\CLSID\{FA372A6E-149F-4E95-832D-8F698D40AD7F}\localserver32 -> C:\Users\xanderusa\AppData\Local\Google\Chrome SxS\Application\99.0.4840.0\notification_helper.exe (Google LLC -> Google LLC) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2022-11-08] (Notepad++ -> ) ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-09] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\nvshext.dll [2022-08-23] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-09] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [398360 2009-04-30] (Logitech Inc -> Logitech Inc.) HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1562432 2017-03-01] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed] HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2009-04-30] (Logitech Inc -> Logitech Inc.) HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506392 2016-04-27] (proDAD GmbH -> proDAD GmbH) HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1456448 2017-03-01] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\xanderusa\Documents\SONY VEGAS\PLUGINS\Pro's 30K Ultimate Editing Pack\Tutorial\Download Vegas Plug-ins FREE.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cgdckkpknggimafaehajabegglfnnkmc ShortcutWithArgument: C:\Users\xanderusa\Documents\SONY VEGAS\PLUGINS\Pro's 30K Ultimate Editing Pack\Mega Transition Pack (Promo)\Download Link.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gpelbdkheelhfpdckbjikjkmkdffimnl ShortcutWithArgument: C:\Users\xanderusa\Documents\SONY VEGAS\PLUGINS\Pro's 30K Ultimate Editing Pack\1500+Editing Presets\Download Link.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kdemjbnkfgdipdlndfkbmflkjgbecfkk ShortcutWithArgument: C:\Users\xanderusa\Desktop\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 28" --app-id=agimnkijcaahngcdmfeangaknmldooml ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/ ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/ ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/ ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/ ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 28" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 28" --app-id=agimnkijcaahngcdmfeangaknmldooml ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b13f4a9ad209f845\A - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 28" ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6b195629a2a33a3e\Google Chrome Canary.lnk -> C:\Users\xanderusa\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google LLC) -> --profile-directory=Default ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6651d0a1cd059aa\Amigo - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 29" ShortcutWithArgument: C:\Users\xanderusa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2e23362dec6d287e\Miami - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 24" ==================== Loaded Modules (Whitelisted) ============= 2020-12-29 21:25 - 2020-12-29 21:25 - 000357376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll 2020-12-29 21:05 - 2020-12-29 21:05 - 000760832 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll 2020-12-29 21:05 - 2020-12-29 21:05 - 000744960 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll 2020-12-29 21:04 - 2020-12-29 21:04 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll 2020-12-29 21:05 - 2020-12-29 21:05 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll 2020-12-29 21:04 - 2020-12-29 21:04 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll 2020-12-29 21:04 - 2020-12-29 21:04 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll 2022-11-22 11:41 - 2021-08-16 11:17 - 000196096 _____ () [File not signed] C:\Program Files\BlueStacks_nxt\boost_json-vc142-mt-x64-1_76.dll 2020-04-18 15:10 - 2020-04-18 15:10 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll 2020-04-18 15:10 - 2020-04-18 15:10 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll 2020-11-15 15:51 - 2020-11-15 15:51 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll 2020-12-29 21:04 - 2020-12-29 21:04 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll 2020-12-29 21:04 - 2020-12-29 21:04 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhiqhqjmfh [0] AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`pgyjhiqhnhm [0] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2020-06-24] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-13] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\localhost -> localhost ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 06:47 - 2020-11-25 23:00 - 000000138 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 superantispyware.com 0.0.0.0 license.superantisypaware.com 127.0.0.1 xnxx.com 127.0.0.1 pornhub.com 127.0.0.1 xvideos.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\nodejs\;%SYSTEMROOT%\System32\OpenSSH\;C:\Users\xanderusa\Documents\IGTV\php;C:\ProgramData\ComposerSetup\bin;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\dotnet\;C:\Program Files (x86)\QuickTime\QTSystem\ HKU\S-1-5-21-897932974-2442178479-4115753467-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-897932974-2442178479-4115753467-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\xanderusa\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaper_pirelli_final.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BstHdAndroidSvc => 3 MSCONFIG\Services: BstHdLogRotatorSvc => 3 MSCONFIG\Services: BstHdPlusAndroidSvc => 3 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DDVCollectorSvcApi => 2 MSCONFIG\Services: DDVDataCollector => 2 MSCONFIG\Services: DDVRulesProcessor => 2 MSCONFIG\Services: Dell Customer Connect => 2 MSCONFIG\Services: Dell Help & Support => 2 MSCONFIG\Services: DellDigitalDelivery => 2 MSCONFIG\Services: ExpressVPNService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: paltalk_update_service => 2 MSCONFIG\Services: SDScannerService => 2 MSCONFIG\Services: SDUpdateService => 2 MSCONFIG\Services: SDWSCService => 2 MSCONFIG\Services: SupportAssistAgent => 2 MSCONFIG\Services: ZoomCptService => 2 HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "BtServer" HKLM\...\StartupApproved\Run: => "WavesSvc" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "ExpressVpnNotificationService" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKU\S-1-5-21-897932974-2442178479-4115753467-1002\...\StartupApproved\Run: => "OneDriveSetup" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\StartupFolder: => "EvernoteTray.lnk" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\StartupFolder: => "Telegram.lnk" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D223B0B71088DC7A9235D3285DDF8A97" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "Jing" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "HP Deskjet 3510 series (NET)" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "cdloader" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "ipts" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_3C7AF888E7F34374D0F0B87106A30C50" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "Paltalk" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "SandboxieControl" HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\StartupApproved\Run: => "Zello" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{69F68F60-1ADC-41FF-849F-FCC34175247A}C:\program files\vegas\vegas pro 16.0\vegas160.exe] => (Allow) C:\program files\vegas\vegas pro 16.0\vegas160.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) FirewallRules: [TCP Query User{E947FD7F-65E8-4EBA-8B49-98ADB3646DAA}C:\program files\vegas\vegas pro 16.0\vegas160.exe] => (Allow) C:\program files\vegas\vegas pro 16.0\vegas160.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) FirewallRules: [UDP Query User{ECCBD5E7-BB40-4AFB-A1AC-FDD5DDB9A7BD}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS) FirewallRules: [TCP Query User{711323C0-FADF-4BB3-A9B7-42FE22A915EA}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS) FirewallRules: [{BEA8E45E-FEA6-44A4-BFCD-23E928E72B41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{2C1CA1C9-D5C9-4AEC-A36D-6138E25BE5A6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{0FEAB2AF-3F0E-4055-B396-B61A64AE89EE}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => (Allow) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed] FirewallRules: [TCP Query User{1B87D212-C3D2-4107-B1D1-3F7F2DEF92A4}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => (Allow) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed] FirewallRules: [UDP Query User{24BA8811-F2CB-4685-8364-FC7F22D34E7F}C:\users\xanderusa\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\xanderusa\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.) FirewallRules: [TCP Query User{842DA833-F92E-43E2-9267-868A9C33C53F}C:\users\xanderusa\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\xanderusa\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.) FirewallRules: [{D54C7784-7113-42E6-AD50-9AEB0C93DC97}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{925E4254-F3D2-4F92-ADDD-4E821BA0BF07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{6ADAF78E-7FE1-4802-98BA-27BB24077372}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{6CFFA7E9-0FE4-42A5-9E1E-E03DAF82B8B1}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{62F46F7E-CFF0-4AF0-9641-5950B8C02F7B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{6A1D7A87-AC4F-4A5B-B4DD-6C2A59044725}] => (Allow) LPort=8318 FirewallRules: [{122F4DD8-EF67-4644-8817-152D49E3C3CA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{324005A1-AD74-464D-B2F5-7EB417CEA913}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{D1EE62D5-4898-4882-BAEB-A0C8AFCE6A67}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [TCP Query User{856001E3-79A2-4B9F-BAAF-CFB359F710F7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{27A59DA0-8731-4C6B-ABC9-EE49F52705B9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D3DEBCE1-2AF8-47F4-B5A9-9925598ABE2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{790E0271-8A16-4944-A5D3-7153D27F2732}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{FE03E295-7744-4908-AC51-38CC1F8EBFB0}C:\users\xanderusa\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\xanderusa\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) FirewallRules: [UDP Query User{F753D218-04D5-4934-B971-FBE66548EB4C}C:\users\xanderusa\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\xanderusa\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) FirewallRules: [{79769368-A254-4249-9BD2-439034C8B322}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform) FirewallRules: [{3F4FA6D8-E8DC-496B-ACFA-50130CCD4A55}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform) FirewallRules: [TCP Query User{8BBD02E5-F0D9-4819-B93A-67E9ADE132DD}C:\users\xanderusa\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\xanderusa\appdata\local\google\chrome sxs\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{F625AA91-42D2-4DB0-B846-24F025380DF6}C:\users\xanderusa\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\xanderusa\appdata\local\google\chrome sxs\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{414DAD31-4961-4609-8C14-AADA12ECEA91}C:\users\xanderusa\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\xanderusa\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{00B341B8-4B3A-42C5-B159-045AF0AC87C6}C:\users\xanderusa\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\xanderusa\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FD8C9C47-DF43-437C-AB60-855ED7EDCE57}] => (Allow) C:\Program Files (x86)\Zello\Zello.exe (Zello Inc -> Zello Inc) FirewallRules: [{F3DA4CC0-AAAC-4F0E-B01F-39B6F0BB1871}] => (Allow) C:\Program Files (x86)\Zello\Zello.exe (Zello Inc -> Zello Inc) FirewallRules: [{5C0E5EC3-0113-4B23-B9E6-1774388E09F4}] => (Allow) C:\Program Files (x86)\Zello\Zello.exe (Zello Inc -> Zello Inc) FirewallRules: [{532E5F12-F9C6-4332-A45A-2D3806F9EA40}] => (Allow) C:\Program Files (x86)\Zello\Zello.exe (Zello Inc -> Zello Inc) FirewallRules: [TCP Query User{76D66AEE-73AB-4E80-B280-9946C276251A}C:\users\xanderusa\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\xanderusa\appdata\local\google\chrome sxs\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{658507E1-B84D-4B7A-8C0A-38EA75560B1E}C:\users\xanderusa\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\xanderusa\appdata\local\google\chrome sxs\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{6AAB1F6E-54F4-4529-8648-9E13B3C2DD27}C:\program files\vegas\vegas pro 19.0\vegas190.exe] => (Allow) C:\program files\vegas\vegas pro 19.0\vegas190.exe (MAGIX Computer Products Intl. Co.) [File not signed] FirewallRules: [UDP Query User{B50C2D0C-C7B7-4559-9F1B-8C6AF040FB66}C:\program files\vegas\vegas pro 19.0\vegas190.exe] => (Allow) C:\program files\vegas\vegas pro 19.0\vegas190.exe (MAGIX Computer Products Intl. Co.) [File not signed] FirewallRules: [{8119E152-0532-4A2D-91C4-DF01517A32E7}] => (Allow) C:\Users\xanderusa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{E0F50DCC-8FE6-4154-97E4-263B9612DD29}] => (Allow) C:\Users\xanderusa\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{247D09C0-6C1C-4040-96C4-E46456A10F53}] => (Allow) C:\Users\xanderusa\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{3205D7E2-DA55-43A0-9D4E-FECFD2CEC031}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8301C937-D4FD-459A-B6EB-D4FB1F0669B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0F7ACCAB-335C-430C-9CBA-82018C2F4614}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{F214751F-CD06-4CB7-9017-95EBBF578341}C:\users\xanderusa\appdata\local\programs\python\python310\python.exe] => (Allow) C:\users\xanderusa\appdata\local\programs\python\python310\python.exe (Python Software Foundation -> Python Software Foundation) FirewallRules: [UDP Query User{8E19010C-5C14-487A-964D-D5E63BC8056A}C:\users\xanderusa\appdata\local\programs\python\python310\python.exe] => (Allow) C:\users\xanderusa\appdata\local\programs\python\python310\python.exe (Python Software Foundation -> Python Software Foundation) FirewallRules: [{F64DD2FA-BB5C-41DB-92AD-B14D7CB4B525}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.) FirewallRules: [{B17A09BF-1075-44CB-B80D-E34A4EC93515}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc -> COMPANY NAME) FirewallRules: [{4DDBF4BC-CF8D-470A-BFE4-8701D4CD85D2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{06345DB6-F616-488D-B459-BA485BE7536B}C:\program files\vegas\vegas pro 19.0\vegascapture\vegas capture.exe] => (Block) C:\program files\vegas\vegas pro 19.0\vegascapture\vegas capture.exe (MAGIX Software GmbH -> MAGIX Software GmbH) FirewallRules: [UDP Query User{AC5243CB-D769-478B-BC87-9D13FD4E7463}C:\program files\vegas\vegas pro 19.0\vegascapture\vegas capture.exe] => (Block) C:\program files\vegas\vegas pro 19.0\vegascapture\vegas capture.exe (MAGIX Software GmbH -> MAGIX Software GmbH) FirewallRules: [TCP Query User{3E86F698-88E2-4ADC-B860-1C4CED6CBD8E}C:\users\xanderusa\appdata\roaming\telegram desktop - 2\telegram.exe] => (Allow) C:\users\xanderusa\appdata\roaming\telegram desktop - 2\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) FirewallRules: [UDP Query User{5F14DE2D-090C-42A3-AA35-2652923A6314}C:\users\xanderusa\appdata\roaming\telegram desktop - 2\telegram.exe] => (Allow) C:\users\xanderusa\appdata\roaming\telegram desktop - 2\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) FirewallRules: [{4B1583EA-F3FB-41FE-9F7A-902696200B67}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D8C62D87-66D7-401E-A243-00A09C23E7A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{85B73029-CA52-4130-834C-380A75372C2A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F7AC9AB1-6274-4CA2-BE6C-464C9ABC070E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8CEDB509-A0AC-4948-AF99-71283F915086}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems) FirewallRules: [{742D8E50-476E-46C1-9260-44AE9A37E6EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{DDBEC4C8-96E6-4FDD-A4EC-50FECA71FC08}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 22-12-2022 13:15:05 Scheduled Checkpoint 26-12-2022 17:32:54 ZHPcleaner ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/01/2023 04:01:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: firefox.exe, version: 108.0.1.8384, time stamp: 0x639b715d Faulting module name: xul.dll, version: 108.0.1.8384, time stamp: 0x639b727e Exception code: 0x80000003 Fault offset: 0x000000000476b154 Faulting process id: 0x2668 Faulting application start time: 0x01d91e2418ed70e7 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll Report Id: 1696097f-0e54-45a7-a95a-6e2825461889 Faulting package full name: Faulting package-relative application ID: Error: (01/01/2023 10:16:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVDisplay.Container.exe, version: 1.37.3103.4323, time stamp: 0x621dbda6 Faulting module name: NVDisplay.Container.exe, version: 1.37.3103.4323, time stamp: 0x621dbda6 Exception code: 0xc0000409 Fault offset: 0x0000000000070c55 Faulting process id: 0x3aa0 Faulting application start time: 0x01d91d9435c91312 Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\NVDisplay.Container.exe Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\NVDisplay.Container.exe Report Id: 392daaed-7cda-4a07-8a62-0718ff2467b5 Faulting package full name: Faulting package-relative application ID: Error: (12/31/2022 03:57:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) Error: (12/30/2022 09:09:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program svchost.exe version 10.0.19041.1806 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: bb8 Start Time: 01d914e8823e16ad Termination Time: 4294967295 Application Path: C:\Windows\System32\svchost.exe Report Id: a61f2db0-065f-4a11-9f0b-1638da777d09 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (12/28/2022 08:33:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchApp.exe version 10.0.19041.2364 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 4298 Start Time: 01d91ac0b658ab03 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Report Id: a4623b60-0c14-484d-9b25-b5ccd64163b9 Faulting package full name: Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: ShellFeedsUI Hang type: Quiesce Error: (12/28/2022 08:32:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchApp.exe version 10.0.19041.2364 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2f80 Start Time: 01d91ac0c07dac8e Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Report Id: Faulting package full name: Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (12/24/2022 04:43:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) Error: (12/24/2022 11:45:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_DiagTrack, version: 10.0.19041.1806, time stamp: 0x7dcad237 Faulting module name: ntdll.dll, version: 10.0.19041.2130, time stamp: 0xb5ced1c6 Exception code: 0xcfffffff Fault offset: 0x000000000009d2a4 Faulting process id: 0x1340 Faulting application start time: 0x01d914e8832a9b7a Faulting application path: C:\WINDOWS\System32\svchost.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 704524f7-fb4d-4703-96a9-d76557b4e807 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (12/31/2022 10:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SALPFFM) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/31/2022 10:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SALPFFM) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/31/2022 10:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SALPFFM) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/31/2022 10:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SALPFFM) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/31/2022 10:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SALPFFM) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/31/2022 10:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SALPFFM) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/31/2022 10:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SALPFFM) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/31/2022 10:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SALPFFM) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Windows Defender: ================ Date: 2022-12-20 10:55:17 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-12-19 13:08:30 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-12-17 11:53:24 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-12-17 11:47:53 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-12-14 13:15:30 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2023-01-01 16:02:24 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.1526.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2023-01-01 16:02:24 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.1526.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2023-01-01 16:02:24 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.1526.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2022-11-27 18:33:08 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.379.591.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19800.4 Error code: 0x80240022 Error description: The program can't check for definition updates. Date: 2022-11-27 18:33:08 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.379.591.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19800.4 Error code: 0x80240022 Error description: The program can't check for definition updates. CodeIntegrity: =============== Date: 2023-01-01 15:52:14 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. 2.9.1 12/22/2020 Motherboard: Dell Inc. 0XJ8C4 Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz Percentage of memory in use: 63% Total physical RAM: 16322.72 MB Available physical RAM: 5996.32 MB Total Virtual: 19258.72 MB Available Virtual: 4526.09 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1850.05 GB) (Free:1549.19 GB) (Model: ST2000DM001-1ER164) NTFS Drive h: (OS) (RAMDisk) (Total:1850.05 GB) (Free:1546.31 GB) (Model: ST2000DM001-1ER164) NTFS Drive i: (New Volume) (Fixed) (Total:29.37 GB) (Free:29.26 GB) (Model: KingDian S100 32GB) NTFS \\?\Volume{109f42fb-e088-4943-8207-13d944aea76f}\ () (Fixed) (Total:0.51 GB) (Free:0.07 GB) NTFS \\?\Volume{40760646-07f7-42ff-aa31-f4be849fa28e}\ (Image) (Fixed) (Total:11.84 GB) (Free:0.54 GB) NTFS \\?\Volume{4211994a-0582-4528-bac9-0996cbb65414}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 7BF13D1C) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 29.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================