Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01 Ran by RRRIO (27-02-2024 11:54:16) Running from C:\Users\EMI\Desktop Microsoft Windows 10 Home Version 22H2 19045.3570 (X64) (2021-05-26 10:20:40) Boot Mode: Safe Mode (minimal) ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3082767965-3652706906-2016044323-500 - Administrator - Disabled) ASPNET (S-1-5-21-3082767965-3652706906-2016044323-1002 - Limited - Enabled) DefaultAccount (S-1-5-21-3082767965-3652706906-2016044323-503 - Limited - Disabled) Guest (S-1-5-21-3082767965-3652706906-2016044323-501 - Limited - Disabled) RRRIO (S-1-5-21-3082767965-3652706906-2016044323-1001 - Administrator - Enabled) => C:\Users\EMI WDAGUtilityAccount (S-1-5-21-3082767965-3652706906-2016044323-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 20.02 alpha (x64) (HKLM\...\7-Zip) (Version: 20.02 alpha - Igor Pavlov) Ableton Live 10 Suite (HKLM\...\{A45CB0BA-6E31-43EE-AF47-7D90886874AB}) (Version: 10.0.0.0 - Ableton) Adapter (HKLM-x32\...\{86085790-0A1A-4098-8CA9-579DB8F2771D}_is1) (Version: - Macroplant, LLC) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated) Alienware Command Center (HKLM\...\{5DBA5090-EAB9-4E1C-8F92-C71A1423F14C}) (Version: 3.6.4.0 - Alienware Corp.) Hidden Alienware Command Center (HKLM-x32\...\InstallShield_{5DBA5090-EAB9-4E1C-8F92-C71A1423F14C}) (Version: 3.6.4.0 - Alienware Corp.) Alienware SupportAssist OS Recovery Plugin for Alienware Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden Alienware SupportAssist OS Recovery Plugin for Alienware Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.) ArtnetTimecodeSender 2.1 (HKLM-x32\...\ArtnetTimecodeSender) (Version: 2.1 - www.s-jaekel.de) Autodesk DWG TrueView 2022 - English (HKLM\...\{D7A6621A-1A6A-3DAC-BBD2-9EB566035195}) (Version: 24.1.51.0 - Autodesk, Inc.) Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version: - Bome Software GmbH & Co. KG) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 5.6.4.1 - Byte Technologies LLC) <==== ATTENTION CAST Software PDF Printer (HKLM\...\CAST Software PDF Printer) (Version: - ) Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project) Congo (HKLM-x32\...\{23D8A1D1-6C90-4C6D-B291-FCA4BF922DE9}) (Version: 6.4.1.9.0.36 - ETC) Dell SupportAssist (HKLM\...\{DB6164FC-CD98-471C-BD5B-5B14CAFA3186}) (Version: 3.14.2.45116 - Dell Inc.) Duplicate Cleaner Free 4.1.2 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 4.1.2 - DigitalVolcano Software Ltd) FilmoTV (HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\FilmoTV) (Version: - FILMOLINE) Folder Marker Free (HKLM\...\Folder Marker Free_is1) (Version: 4.3 - ArcticLine Software) Free Convert MP3 To WAV (remove only) (HKLM\...\Free Convert MP3 To WAV) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 118.0.5993.70 - Google LLC) grandMA - WYSIWYG Protocol Driver (HKLM-x32\...\grandMA - WYSIWYG Protocol) (Version: - ) grandMA onPC 6.808 (HKLM-x32\...\grandMA onPC 6.808) (Version: - ) grandMA Show Converter [2.9.1][6801][1.3] (HKLM-x32\...\grandMA_Show_Converter_2.9.1_6.808_V1.3) (Version: 1.3.0.0 - MA Lighting Technologies) grandMA2 onPC 3.7.0.5 (HKLM-x32\...\grandMA2 onPC 3.7.0.5) (Version: - ) grandMA2 onPC 3.9.60.3 (HKLM-x32\...\grandMA2 onPC 3.9.60.3) (Version: - ) grandMA2 onPC 3.9.60.38 (HKLM-x32\...\grandMA2 onPC 3.9.60.38) (Version: - ) grandMA2 onPC 3.9.60.4 (HKLM-x32\...\grandMA2 onPC 3.9.60.4) (Version: - ) grandMA3 onPC 1.7.2.2 (HKLM-x32\...\MA Lighting Technology GmbH grandMA3 onPC 1.7.2.2) (Version: - "MA Lighting Technology GmbH") grandMA3 onPC 1.8.8.2 (HKLM-x32\...\MA Lighting Technology GmbH grandMA3 onPC 1.8.8.2) (Version: - "MA Lighting Technology GmbH") HFSExplorer 0.23.1 (HKLM-x32\...\HFSExplorer) (Version: 0.23.1 - Catacombae Software) HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HWiNFO64 Version 5.70 (HKLM\...\HWiNFO64_is1) (Version: 5.70 - Martin Malík - REALiX) IK Multimedia Authorization Manager version 1.0.26 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.26 - IK Multimedia) IK Product Manager 1.0.2 (HKLM\...\a401809f-3509-5ed7-a6dc-34dc618bf372) (Version: 1.0.2 - IK Multimedia) Intel Driver && Support Assistant (HKLM-x32\...\{E051A413-9853-4901-AF60-176ED50E7329}) (Version: 20.10.42.5 - Intel) Hidden Intel(R) Computing Improvement Program (HKLM\...\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}) (Version: 2.4.04755 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{6f610581-f2d3-4d65-9c20-3627d30f5572}) (Version: 20.10.42.5 - Intel) Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation) K-Lite Mega Codec Pack 15.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.3.0 - KLCP) loopMIDI (HKLM-x32\...\{6b220f45-42ca-435c-95fd-1764cb849122}) (Version: 1.0.16.27 - Tobias Erichsen) loopMIDI (HKLM-x32\...\{DF96DB4C-DB0F-4CCF-9769-464BC9EA859F}) (Version: 1.0.16.27 - Tobias Erichsen) Hidden loopMIDIBlockLegacy (HKLM-x32\...\{AEAF7978-3204-451D-8593-BC53EBDDA31D}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden MA 3D v3.7.0.5 (HKLM-x32\...\MA3D_V3.7.0) (Version: 3.7.0.5 - MA Lighting Technologies) MA 3D v3.9.60.4 (HKLM-x32\...\MA3D_V3.9.60) (Version: 3.9.60.4 - MA Lighting Technologies) MacDrive 10 Standard (HKLM\...\{E683EA04-6880-4E28-9882-C24C78E40BCD}) (Version: 10.5.4.9 - Mediafour Corporation) Hidden MacDrive 10 Standard (HKLM-x32\...\{6a01eda0-48cb-4c14-bf17-f54a88aabd49}) (Version: 10.5.4.9 - Other World Computing, Inc.) Master PDF Editor 5.7.20 (HKLM\...\Master PDF Editor 5.7.20_is1) (Version: 5.7.20 - Code Industry Ltd.) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Host - 6.0.20 (x64) (HKLM\...\{217B2755-3BAD-486B-9606-CCD0E6CF3BE8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.20 (x64) (HKLM\...\{76FA02FF-603F-48BB-9E3F-17ED5DB861E8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.20 (x64) (HKLM\...\{6CE8AD8C-E6D5-4BF7-91C3-7F8106A5CD93}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.20 (x64) (HKLM-x32\...\{403b0cfe-5969-462d-8eb2-aafde344360e}) (Version: 6.0.20.32620 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 118.0.2088.46 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 118.0.2088.46 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\OneDriveSetup.exe) (Version: 23.199.0924.0001 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden myCANAL (HKLM-x32\...\myCANAL) (Version: - UCAYA) myCANAL (HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\3136374039.player.canalplus.fr) (Version: - player.canalplus.fr) Native Instruments Astral Flutter (HKLM-x32\...\Native Instruments Astral Flutter) (Version: 2.0.0.1 - Native Instruments) Native Instruments Blocks Base (HKLM-x32\...\Native Instruments Blocks Base) (Version: 1.0.1.1 - Native Instruments) Native Instruments Bumpin Flava (HKLM-x32\...\Native Instruments Bumpin Flava) (Version: 1.0.0.8 - Native Instruments) Native Instruments Burnt Hues (HKLM-x32\...\Native Instruments Burnt Hues) (Version: 1.0.0.13 - Native Instruments) Native Instruments Caribbean Current (HKLM-x32\...\Native Instruments Caribbean Current) (Version: 2.0.0.1 - Native Instruments) Native Instruments Chromatic Fire (HKLM-x32\...\Native Instruments Chromatic Fire) (Version: 1.0.0.9 - Native Instruments) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.7.6.0 - Native Instruments) Native Instruments Deep Matter (HKLM-x32\...\Native Instruments Deep Matter) (Version: 2.0.1.1 - Native Instruments) Native Instruments Drum Lab (HKLM-x32\...\Native Instruments Drum Lab) (Version: 1.2.0.6 - Native Instruments) Native Instruments Expansions Selection (HKLM-x32\...\Native Instruments Expansions Selection) (Version: 1.0.0.10 - Native Instruments) Native Instruments Free Form (HKLM-x32\...\Native Instruments Free Form) (Version: 1.0.0.8 - Native Instruments) Native Instruments Global Shake (HKLM-x32\...\Native Instruments Global Shake) (Version: 1.0.2.1 - Native Instruments) Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments) Native Instruments Halcyon Sky (HKLM-x32\...\Native Instruments Halcyon Sky) (Version: 2.0.1.3 - Native Instruments) Native Instruments Kinetic Treats (HKLM-x32\...\Native Instruments Kinetic Treats) (Version: 1.1.0.4 - Native Instruments) Native Instruments Komplete Kontrol (HKLM-x32\...\Native Instruments Komplete Kontrol) (Version: 2.8.1.0 - Native Instruments) Native Instruments Komplete Kontrol Driver (HKLM-x32\...\Native Instruments Komplete Kontrol Driver) (Version: - Native Instruments) Native Instruments Komplete Kontrol MK2 Driver (HKLM-x32\...\Native Instruments Komplete Kontrol MK2 Driver) (Version: - Native Instruments) Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.7.1.0 - Native Instruments) Native Instruments Kontakt 7 (HKLM-x32\...\Native Instruments Kontakt 7) (Version: 7.2.0.0 - Native Instruments) Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.2.1 - Native Instruments) Native Instruments Maschine 2 (HKLM-x32\...\Native Instruments Maschine 2) (Version: 2.16.1.0 - Native Instruments) Native Instruments Maschine 2 Factory Library (HKLM-x32\...\Native Instruments Maschine 2 Factory Library) (Version: 1.3.9.4 - Native Instruments) Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version: - Native Instruments) Native Instruments Maschine Jam Driver (HKLM-x32\...\Native Instruments Maschine Jam Driver) (Version: - Native Instruments) Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version: - Native Instruments) Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version: - Native Instruments) Native Instruments Maschine MK3 Driver (HKLM-x32\...\Native Instruments Maschine MK3 Driver) (Version: - Native Instruments) Native Instruments Maschine Studio Driver (HKLM-x32\...\Native Instruments Maschine Studio Driver) (Version: - Native Instruments) Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.12.31 - Native Instruments) Native Instruments Mikro Prism (HKLM-x32\...\Native Instruments Mikro Prism) (Version: 1.1.0.14 - Native Instruments) Native Instruments Monark (HKLM-x32\...\Native Instruments Monark) (Version: 1.3.1.3 - Native Instruments) Native Instruments Mother Board (HKLM-x32\...\Native Instruments Mother Board) (Version: 1.0.0.11 - Native Instruments) Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.14.1.156 - Native Instruments) Native Instruments Neo Boogie (HKLM-x32\...\Native Instruments Neo Boogie) (Version: 1.0.0.6 - Native Instruments) Native Instruments Neon Drive (HKLM-x32\...\Native Instruments Neon Drive) (Version: 2.0.1.1 - Native Instruments) Native Instruments NIHostIntegrationAgent (HKLM-x32\...\Native Instruments NIHostIntegrationAgent) (Version: 1.12.0.0 - Native Instruments) Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 1.1.0.96 - Native Instruments) Native Instruments Play Series Selection (HKLM-x32\...\Native Instruments Play Series Selection) (Version: 1.0.0.6 - Native Instruments) Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.4.3.0 - Native Instruments) Native Instruments Reaktor Blocks Wired (HKLM-x32\...\Native Instruments Reaktor Blocks Wired) (Version: 1.0.2.1 - Native Instruments) Native Instruments Reaktor Factory Selection R2 (HKLM-x32\...\Native Instruments Reaktor Factory Selection R2) (Version: 1.0.1.7 - Native Instruments) Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version: 1.6.1.1 - Native Instruments) Native Instruments Replika (HKLM-x32\...\Native Instruments Replika) (Version: 1.6.1.34474 - Native Instruments) Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: 1.3.0.4 - Native Instruments) Native Instruments Rising Crescent (HKLM-x32\...\Native Instruments Rising Crescent) (Version: 2.0.0.4 - Native Instruments) Native Instruments Satin Looks (HKLM-x32\...\Native Instruments Satin Looks) (Version: 1.0.0.10 - Native Instruments) Native Instruments Scarbee Mark I (HKLM-x32\...\Native Instruments Scarbee Mark I) (Version: 1.4.0.15 - Native Instruments) Native Instruments Solid Bus Comp FX (HKLM-x32\...\Native Instruments Solid Bus Comp FX) (Version: 1.4.5.34474 - Native Instruments) Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.4.5.34474 - Native Instruments) Native Instruments The Gentleman (HKLM-x32\...\Native Instruments The Gentleman) (Version: 1.2.0.3 - Native Instruments) Native Instruments Traktor DJ 2 (HKLM-x32\...\Native Instruments Traktor DJ 2) (Version: 2.4.1.478 - Native Instruments) Native Instruments TRK-01 Bass (HKLM-x32\...\Native Instruments TRK-01 Bass) (Version: 1.0.0.10 - Native Instruments) Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: 1.5.0.1 - Native Instruments) Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version: 1.4.1.4 - Native Instruments) OpenOffice 4.1.10 (HKLM-x32\...\{3EEBF9B9-FBD1-4717-8FFC-57E28D441132}) (Version: 4.110.9807 - Apache Software Foundation) PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 4.0.24.1356 - RedSoftware) PDFescape Desktop Asian Fonts Pack (HKLM\...\{D81F9B76-24DE-4DFF-8869-B31289B36FAC}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Convert Module (HKLM\...\{CC6DC81A-06C1-4933-8117-794710375AD3}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Create Module (HKLM\...\{CCBE3E06-E721-410C-8D36-EDEF37F56743}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Edit Module (HKLM\...\{00CEFC51-9626-4E7E-920B-4757DF0B9491}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Forms Module (HKLM\...\{87391E47-A919-4E89-8D07-EA259AD63DB8}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Insert Module (HKLM\...\{8B686E57-76A7-4330-A981-4AB69DF7A568}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Review Module (HKLM\...\{42EF2557-7C52-40EE-81CF-B658B64C7095}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Secure Module (HKLM\...\{B9EB4384-5195-4ED6-BAB0-661FC5B36E14}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop View Module (HKLM\...\{F108BACE-2CE0-447B-A953-68E2019F7B66}) (Version: 4.0.24.4617 - Red Software) Hidden Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.1 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.28144 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) rtpMIDIBlockLegacy (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden Sentinel Protection Installer 7.6.9 (HKLM-x32\...\{FF9C78D7-858D-4B49-A4B6-847638353AFE}) (Version: 7.6.9 - SafeNet, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated) Syntronik version 1.2.0 (HKLM\...\{F4F8EE56-65A3-480C-A0CD-5CCA567A5673}_is1) (Version: 1.2.0 - IK Multimedia) teVirtualMIDI64 (HKLM\...\{2F802731-3731-453E-B30B-4381BEED22AC}) (Version: 1.3.0.43 - Tobias Erichsen) Hidden TimecodeSender 2.3 (HKLM-x32\...\TimecodeSender) (Version: 2.3 - www.s-jaekel.de) TransMac version 12.5 (HKLM-x32\...\TransMac_is1) (Version: 12.5 - Acute Systems) UFS Explorer Standard Access (HKLM\...\ufsxa5) (Version: 5.27 - LLC SysDev Laboratories) UFS Explorer Standard Recovery (HKLM\...\ufsx_s) (Version: 7.16 - LLC SysDev Laboratories) Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN) Web Search (Yahoo! Provided) (HKLM-x32\...\{6E4E868E-3ECE-570E-8F4E-278E5FCEF40E}) (Version: - ) <==== ATTENTION Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) WinRAR 6.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) WinZip 25.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412C}) (Version: 25.0.14245 - Corel Corporation) Wondershare Filmora9(Build 9.3.2) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare) WYSIWYG (HKLM-x32\...\{AB2D8AC8-1CEE-4AF9-9CCE-E5BB0875A384}) (Version: 1.44.40.22 - CAST Group of Companies, Inc.) Chrome apps: ============ myCANAL (HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\8906c08b353398abb43b29c71143ea01) (Version: 1.0 - Google\Chrome) Packages: ========= Composant additionnel Photos Media Engine -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-16] (Microsoft Corporation) Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.13.0_x64__htrsf667h5kn2 [2023-10-15] (Dell Inc) Dell Touchpad Assistant -> C:\Program Files\WindowsApps\C1E561A0.DellTouchpadAssistant_1.1.9.0_x64__ay1pycd334gd6 [2019-08-20] (ALPS Comm. Devices Tech. (SH) Co., Ltd) Dell Touchpad Settings -> C:\Program Files\WindowsApps\C1E561A0.DellTouchpadSettings_10.1.11.0_x64__ay1pycd334gd6 [2019-08-20] (ALPS Comm. Devices Tech. (SH) Co., Ltd) Extension Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-08] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-26] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-26] (Microsoft Corporation) [MS Ad] Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2023-10-21] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0 [2023-10-11] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{07CA83F0-DF06-4E67-89DD-E80924A49512}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{0827D883-485C-4D62-BA2C-A332DBF3D4B0}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel) CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2022 - English\dwgviewr.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2022 - English\en-US\dwgviewrficn.dll (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\Microsoft.SharePoint.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\Microsoft.SharePoint.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) CustomCLSID: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001_Classes\CLSID\{F37369D9-1C22-40A0-A997-0B4D5F7B6637}\localserver32 -> "C:\Users\EMI\AppData\Local\Microsoft\OneDrive\23.199.0924.0001\FileCoAuth.exe" => No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2021-01-29] (Autodesk, Inc. -> Autodesk, Inc.) ShellIconOverlayIdentifiers: [MacDrive10VolumeIcon] -> {2D8107D0-B8BD-4517-A467-D1816FBB29CB} => C:\Program Files\Mediafour\MacDrive 10\MDVolumeIcons.dll [2017-09-28] (Mediafour Corporation) [File not signed] ShellIconOverlayIdentifiers: [MacDrive10VolumeIconReadOnly] -> {34916EDE-C357-419A-BD17-AB27153474E1} => C:\Program Files\Mediafour\MacDrive 10\MDVolumeIcons.dll [2017-09-28] (Mediafour Corporation) [File not signed] ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2021-01-29] (Autodesk, Inc. -> Autodesk) ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2019-07-01] (PDFescape -> Red Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2020-08-19] (Corel Corporation -> WinZip Computing) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2020-08-19] (Corel Corporation -> WinZip Computing) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-06] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [FMMenuExt] -> {47C91696-894C-46A1-B196-2C7CA1952F45} => C:\Program Files (x86)\Folder Marker\ShellExt64.dll [2017-04-26] (ArcticLine Software -> ArcticLine Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2020-08-19] (Corel Corporation -> WinZip Computing) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [310784 2019-12-04] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-04] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\EMI\Desktop\myCANAL.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=enaibefmjkdnhcbldaccphajjoallbom ShortcutWithArgument: C:\Users\EMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myCANAL.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=enaibefmjkdnhcbldaccphajjoallbom --app-run-on-os-login-mode=windowed ShortcutWithArgument: C:\Users\EMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\myCANAL.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=enaibefmjkdnhcbldaccphajjoallbom ==================== Loaded Modules (Whitelisted) ============= 2019-12-24 18:35 - 2020-08-08 20:00 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2015-06-09 12:12 - 2015-06-09 12:12 - 000093184 _____ (Mediafour Corporation) [File not signed] C:\Program Files\Mediafour\MacDrive 10\MACDRAPI.DLL 2017-09-28 13:47 - 2017-09-28 13:47 - 000280576 _____ (Mediafour Corporation) [File not signed] C:\Program Files\Mediafour\MacDrive 10\MDVolumeIcons.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\Software\Classes\.scr: DWGTrueViewScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKLM -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_6aa672e42e194c2edc¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITAbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE3vqYUwVQ4ICoUvFE4J6k3NVQ9JCIVvFM9JmIYNVQ9GqYVNUI3wGYGwVU9ISoXwVM9GqUNNos3wCoVwVA9J6ITwVI9ImoVwVI9GqUNNFM3wCILNFdcIaUXNEBcGqQANFdcFCk8NoM4IWYYwVQ9JaYVNVM4JaYVwVw4J6IWwVU4J6ISwVI9JmoWNVE9I6IWvFJdJCoUwVxdImIWvFRdJCoVvmk3vqYTNVE9J6oWvFFbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVNEI4J6k4wVI4ISoUvFQ9I6k3NF03vCoUwVw4ICoWvFJcFSISNEJcFmIXvFE9I6IYwVRcEWUJwVQ4IWUIvmk4JqUGwVRcFaQIwV5dJGYNvmE4ICILNFRbDqUDNEJcFaULvmE9GqUINolcJqUJNEQ3wCIWvFI3vCIVvFQ3vmoUwVQ4ICk4QGR7B6RoN9JcMWZ8LWV6NqF4QGR7BHFaISopzU0jCaRdCaRbC7kfvE0ay6AoxnkuNqYuNGJoNqAex807ACRoN9JcNX5dQGR7y6NoN9ICzD4py6waQGQXNGZoNpQRy78o¶m2=NGB8LGxbNWt7Mt%3D%3D&p={searchTerms} SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_2b690f9cb351a35698¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITAbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE3vqYUwVQ4ICoUvFE4J6k3NVQ9JCIVvFM9JmIYNVQ9GqYVNUI3wGYGwVU9ISk3vFI9GqUNNos3wCoVwVA9J6ITwVI9ImoWwVQ9GqUNNFM3wCILNFdcIaUXNEBcGqQANFdcFCk8NoM9JmIXvFQ9ISk3vmk4JmIWwVw9JaYUwVI3vCISvFQ4IWYTwVQ9I6IVvFQ3vqYXwVxdJ6oXNVA4J6IXNVM3vqYYwVI9JaYVwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVNEI4J6k4wVI4ISoUvFQ9I6k3NF03vCoUwVw4ICoWvFJcFSISNEJcFmIXvFE9I6IYwVRcEWUJwVQ4IWUIvmk4JqUGwVRcFaQIwV5dJGYNvmE4ICILNFRbDqUDNEJcFaULvmE9GqUINolcJqUJNEQ3wCIWvFI3vCIWvmo4ISoVvmo3vmoXQGR7B6RoN9J7NGx5Nqp5MqZoNqAsQGMVvDIlC7kuNqYuNqIuzn44C6MewnEbzo1bNU1cMXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D¶m2=NqZ7NaRbNGNdNZ%3D%3D&p={searchTerms} SearchScopes: HKLM-x32 -> {e5badea7-e1c2-fbf1-87ac-061d1440d15b} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_6aa672e42e194c2edc¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITAbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE3vqYUwVQ4ICoUvFE4J6k3NVQ9JCIVvFM9JmIYNVQ9GqYVNUI3wGYGwVU9ISoXwVM9GqUNNos3wCoVwVA9J6ITwVI9ImoVwVI9GqUNNFM3wCILNFdcIaUXNEBcGqQANFdcFCk8NoM4IWYYwVQ9JaYVNVM4JaYVwVw4J6IWwVU4J6ISwVI9JmoWNVE9I6IWvFJdJCoUwVxdImIWvFRdJCoVvmk3vqYTNVE9J6oWvFFbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVNEI4J6k4wVI4ISoUvFQ9I6k3NF03vCoUwVw4ICoWvFJcFSISNEJcFmIXvFE9I6IYwVRcEWUJwVQ4IWUIvmk4JqUGwVRcFaQIwV5dJGYNvmE4ICILNFRbDqUDNEJcFaULvmE9GqUINolcJqUJNEQ3wCIWvFI3vCIVvFQ3vmoUwVQ4ICk4QGR7B6RoN9JcMWZ8LWV6NqF4QGR7BHFaISopzU0jCaRdCaRbC7kfvE0ay6AoxnkuNqYuNGJoNqAex807ACRoN9JcNX5dQGR7y6NoN9ICzD4py6waQGQXNGZoNpQRy78o¶m2=NGB8LGxbNWt7Mt%3D%3D&p={searchTerms} SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_2b690f9cb351a35698¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITAbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE3vqYUwVQ4ICoUvFE4J6k3NVQ9JCIVvFM9JmIYNVQ9GqYVNUI3wGYGwVU9ISk3vFI9GqUNNos3wCoVwVA9J6ITwVI9ImoWwVQ9GqUNNFM3wCILNFdcIaUXNEBcGqQANFdcFCk8NoM9JmIXvFQ9ISk3vmk4JmIWwVw9JaYUwVI3vCISvFQ4IWYTwVQ9I6IVvFQ3vqYXwVxdJ6oXNVA4J6IXNVM3vqYYwVI9JaYVwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVNEI4J6k4wVI4ISoUvFQ9I6k3NF03vCoUwVw4ICoWvFJcFSISNEJcFmIXvFE9I6IYwVRcEWUJwVQ4IWUIvmk4JqUGwVRcFaQIwV5dJGYNvmE4ICILNFRbDqUDNEJcFaULvmE9GqUINolcJqUJNEQ3wCIWvFI3vCIWvmo4ISoVvmo3vmoXQGR7B6RoN9J7NGx5Nqp5MqZoNqAsQGMVvDIlC7kuNqYuNqIuzn44C6MewnEbzo1bNU1cMXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D¶m2=NqZ7NaRbNGNdNZ%3D%3D&p={searchTerms} SearchScopes: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_2b690f9cb351a35698¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITAbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE3vqYUwVQ4ICoUvFE4J6k3NVQ9JCIVvFM9JmIYNVQ9GqYVNUI3wGYGwVU9ISk3vFI9GqUNNos3wCoVwVA9J6ITwVI9ImoWwVQ9GqUNNFM3wCILNFdcIaUXNEBcGqQANFdcFCk8NoM9JmIXvFQ9ISk3vmk4JmIWwVw9JaYUwVI3vCISvFQ4IWYTwVQ9I6IVvFQ3vqYXwVxdJ6oXNVA4J6IXNVM3vqYYwVI9JaYVwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVNEI4J6k4wVI4ISoUvFQ9I6k3NF03vCoUwVw4ICoWvFJcFSISNEJcFmIXvFE9I6IYwVRcEWUJwVQ4IWUIvmk4JqUGwVRcFaQIwV5dJGYNvmE4ICILNFRbDqUDNEJcFaULvmE9GqUINolcJqUJNEQ3wCIWvFI3vCIWvmo4ISoVvmo3vmoXQGR7B6RoN9J7NGx5Nqp5MqZoNqAsQGMVvDIlC7kuNqYuNqIuzn44C6MewnEbzo1bNU1cMXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D¶m2=NqZ7NaRbNGNdNZ%3D%3D&p={searchTerms} SearchScopes: HKU\S-1-5-21-3082767965-3652706906-2016044323-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c110d6b1701317b6b52e815f83a¶m1=IE¶m2=4¶m3=campaignID%3D279%26UserID%3D1468099519¶m4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmNrtoK+cRCilHQTNOPcYzQtjKwH8eE/RPJn2bGK3tg5DslyXnuEoWYCEaGywhqXq5yxp0zQI2qlSLeBlWZ7q6dRqXFXe5U9sBbTnz1NVaafO1aDYM5lQZZZnUdXabyEGVcRIaeUGl/W+JReDaW0zrc/WT/dWjcZkOE1JxLW6RcF/GuuTd4BL9X+Q4DKt1W4chVVYDeuTgWiykXQ4QadRH0EKZAg3buq8VSwnfIbsQUAEs/yGK66WH6Q1/8G5lJek6ZK0dnvQsjlq2W/27+G9wiiV8J2J/gi9hMerKf4e6KgRyElo11LIcoWPqxm13JLmlH6z38f0uY+OdQVamT4GzPjKmS6c60wxaLfkgMDkvcZC4t83W2TYAO8VbUTkWUQEpCG0nCCHVAAcxTM+I4Zj/5H9e2LX4QrPO5py40CizJpft0GjECU6ocJDckNpQCdEsRk42CyA7re2z/uYompZVOsGvIUQezXRKb1rKTiwkuMD4cYzAOCQjiA2MRRNDWEoZrUyqmgcV+C1JLOoRGR35vmNovT71/TARcfK/SLV1VRr4a80vsyjhVfjUbEnYD1kGrMqgDlUhCJQMNGRt8CX4a7vLrUVaL66Go6XjSLv9WAn&p={searchTerms} BHO: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-07-01] (PDFescape -> Red Software) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-04] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-07-01] (PDFescape -> Red Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-04] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-07-01] (PDFescape -> Red Software) Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-07-01] (PDFescape -> Red Software) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-10-14 17:10 - 2020-11-20 22:29 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 2023-09-26 20:25 - 2023-10-18 11:18 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\ HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\EMI\Pictures\IMG_8861.JPG DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: AlienFusionService => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: DSAService => 2 MSCONFIG\Services: DSAUpdateService => 3 MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 3 MSCONFIG\Services: FilmoTV Server => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: Intel(R) SUR QC SAM => 3 MSCONFIG\Services: ioloEnergyBooster => 3 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: PDFescape Desktop => 3 MSCONFIG\Services: PDFescape Desktop Creator => 3 MSCONFIG\Services: PDFescape Desktop Update Service => 2 MSCONFIG\Services: RtkAudioService => 2 MSCONFIG\Services: rtop => 2 MSCONFIG\Services: SynTPEnhService => 2 MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2 MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 3 MSCONFIG\Services: WsAppService => 2 HKLM\...\StartupApproved\StartupFolder: => "WinZip Préchargeur.lnk" HKLM\...\StartupApproved\StartupFolder: => "Wondershare PEToolbox.lnk" HKLM\...\StartupApproved\StartupFolder: => "Wondershare PEScreenshot.lnk" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "CNAP2 Launcher" HKLM\...\StartupApproved\Run: => "Fences" HKLM\...\StartupApproved\Run: => "MacDrive 10 helper" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "WinZip UN" HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk" HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\StartupApproved\StartupFolder: => "myCANAL.lnk" HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\StartupApproved\Run: => "Fences" HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\StartupApproved\Run: => "loopMIDI" HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\StartupApproved\Run: => "Native Instruments Maschine MK3 Control Panel" HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_915AF156048C6E34903DA16F370929C0" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{E3DFEE29-97EC-417B-B77E-CF78568FCEB8}C:\program files (x86)\cast software\wysiwyg release 38\bin\wyg_orig.exe] => (Block) C:\program files (x86)\cast software\wysiwyg release 38\bin\wyg_orig.exe (CAST Software Ltd.) [File not signed] FirewallRules: [TCP Query User{7B71902E-D331-4461-AE6D-12641E2BC516}C:\program files (x86)\cast software\wysiwyg release 38\bin\wyg_orig.exe] => (Block) C:\program files (x86)\cast software\wysiwyg release 38\bin\wyg_orig.exe (CAST Software Ltd.) [File not signed] FirewallRules: [UDP Query User{7055F4E2-5B5D-4221-AFB4-CF262C0D0401}C:\program files\ma lighting technologies\ma 3d\v_3.7.0\ma3d.exe] => (Allow) C:\program files\ma lighting technologies\ma 3d\v_3.7.0\ma3d.exe (MA Lighting Technology GmbH) [File not signed] FirewallRules: [TCP Query User{FDAA6BE2-E28A-43C0-863F-2BD3B2159C99}C:\program files\ma lighting technologies\ma 3d\v_3.7.0\ma3d.exe] => (Allow) C:\program files\ma lighting technologies\ma 3d\v_3.7.0\ma3d.exe (MA Lighting Technology GmbH) [File not signed] FirewallRules: [{78F279D5-97A7-4D4A-A9D3-44DF11946CF0}] => (Block) C:\ProgramData\Ableton\Live 10 Suite\Program\Ableton Live 10 Suite.exe (Ableton) [File not signed] FirewallRules: [{376E5655-26A4-4A39-AC16-0ED66DB42625}] => (Block) C:\ProgramData\Ableton\Live 10 Suite\Program\Ableton Live 10 Suite.exe (Ableton) [File not signed] FirewallRules: [TCP Query User{401A100B-6956-4335-A55C-0F5B212732B1}C:\users\emi\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\emi\appdata\roaming\utorrent\utorrent.exe => No File FirewallRules: [UDP Query User{6EF03AB9-965F-456F-9C50-01E213A8C7E2}C:\users\emi\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\emi\appdata\roaming\utorrent\utorrent.exe => No File FirewallRules: [TCP Query User{F4FBEDC4-3BC4-41DF-817C-ADEFCB10F2E6}C:\users\emi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\emi\appdata\roaming\utorrent\utorrent.exe => No File FirewallRules: [UDP Query User{E554C8B6-F6AF-4459-9B39-2290B5633A08}C:\users\emi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\emi\appdata\roaming\utorrent\utorrent.exe => No File FirewallRules: [{F9603EAE-5E4C-4E02-A56D-A45C053F10CE}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{37187137-41E9-4E5A-B50D-E2F4E10EF956}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{2C7EE308-B706-4CF6-A4BB-94EFBFC3365D}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{F1B6DF6B-E2AE-499A-9F22-275A87908D14}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [TCP Query User{2346B31F-EB3C-4162-90C6-D1211CCE0655}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.7.0.5\gma2onpc.exe] => (Block) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.7.0.5\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [UDP Query User{57E578CD-7CB2-428B-A49E-8921D352925B}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.7.0.5\gma2onpc.exe] => (Block) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.7.0.5\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [TCP Query User{A46B4E82-C7DB-474C-8C63-9C2EBF7809DC}C:\program files\ma lighting technologies\ma 3d\v_3.7.0\ma3d.exe] => (Block) C:\program files\ma lighting technologies\ma 3d\v_3.7.0\ma3d.exe (MA Lighting Technology GmbH) [File not signed] FirewallRules: [UDP Query User{12519EAF-9A28-43F0-95BC-D96FE1A60C00}C:\program files\ma lighting technologies\ma 3d\v_3.7.0\ma3d.exe] => (Block) C:\program files\ma lighting technologies\ma 3d\v_3.7.0\ma3d.exe (MA Lighting Technology GmbH) [File not signed] FirewallRules: [TCP Query User{14A9FFC8-12A3-497F-9135-DD2739C2E3EB}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.7.0.5\gma2onpc.exe] => (Allow) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.7.0.5\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [UDP Query User{5356F732-35F5-4901-832F-9C6DC3297C18}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.7.0.5\gma2onpc.exe] => (Allow) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.7.0.5\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [{8AD98A6D-407D-4259-B012-CD9233D61E37}] => (Block) C:\ProgramData\Ableton\Live 10 Suite\Program\Ableton Live 10 Suite.exe (Ableton) [File not signed] FirewallRules: [{39E4F1CD-E7E1-4752-9F1B-C701B7D2BBE4}] => (Block) C:\ProgramData\Ableton\Live 10 Suite\Program\Ableton Live 10 Suite.exe (Ableton) [File not signed] FirewallRules: [{C158502B-E6D9-4A66-94D9-E51C8F9ACE7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{4DE5D218-B1C8-4562-8C88-626D1EECB08D}] => (Allow) C:\Users\EMI\AppData\Local\Programs\Opera\71.0.3770.284\opera.exe => No File FirewallRules: [{279E72DD-24F2-4A9A-94F6-4C97255C3E7B}] => (Allow) C:\Users\EMI\AppData\Local\Programs\Opera\72.0.3815.186\opera.exe => No File FirewallRules: [TCP Query User{F38956B0-F4BA-4567-A826-B5360DE7DBE7}C:\program files (x86)\artnettimecodesender\artnettimecodesender.exe] => (Allow) C:\program files (x86)\artnettimecodesender\artnettimecodesender.exe (www.s-jaekel.de) [File not signed] FirewallRules: [UDP Query User{14458AFE-72E1-4588-A94A-A17C88BF1297}C:\program files (x86)\artnettimecodesender\artnettimecodesender.exe] => (Allow) C:\program files (x86)\artnettimecodesender\artnettimecodesender.exe (www.s-jaekel.de) [File not signed] FirewallRules: [TCP Query User{E8055A01-9BD3-4438-8DB1-D638D6401128}C:\program files (x86)\timecodesender\timecodesender.exe] => (Allow) C:\program files (x86)\timecodesender\timecodesender.exe (www.s-jaekel.de) [File not signed] FirewallRules: [UDP Query User{ECE6ABB8-9A8D-4AEA-B1B4-12187249085C}C:\program files (x86)\timecodesender\timecodesender.exe] => (Allow) C:\program files (x86)\timecodesender\timecodesender.exe (www.s-jaekel.de) [File not signed] FirewallRules: [TCP Query User{80E820E0-91DD-4855-82E7-F5E366791C24}C:\program files\ma lighting technologies\ma 3d\v_3.9.60\ma3d.exe] => (Allow) C:\program files\ma lighting technologies\ma 3d\v_3.9.60\ma3d.exe (MA Lighting Technology GmbH) [File not signed] FirewallRules: [UDP Query User{9156770B-9535-4650-A8DB-7ABCC0638562}C:\program files\ma lighting technologies\ma 3d\v_3.9.60\ma3d.exe] => (Allow) C:\program files\ma lighting technologies\ma 3d\v_3.9.60\ma3d.exe (MA Lighting Technology GmbH) [File not signed] FirewallRules: [TCP Query User{8AD221AC-1EB2-400A-B34F-7B5A0054BE0F}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.4\gma2onpc.exe] => (Allow) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.4\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [UDP Query User{E7DE6152-2245-404F-8E94-E053DDCF3D2B}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.4\gma2onpc.exe] => (Allow) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.4\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [TCP Query User{2307DF73-4DFE-439F-BAF1-0321F5AB8D67}C:\program files (x86)\cast software\wysiwyg release 38\bin\wyg_orig.exe] => (Block) C:\program files (x86)\cast software\wysiwyg release 38\bin\wyg_orig.exe (CAST Software Ltd.) [File not signed] FirewallRules: [UDP Query User{62347F37-9901-47EA-9ED9-3054115DCBD3}C:\program files (x86)\cast software\wysiwyg release 38\bin\wyg_orig.exe] => (Block) C:\program files (x86)\cast software\wysiwyg release 38\bin\wyg_orig.exe (CAST Software Ltd.) [File not signed] FirewallRules: [TCP Query User{0784F6DB-25FF-42E1-A36E-C06D71428041}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.4\gma2onpc.exe] => (Block) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.4\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [UDP Query User{557C1F72-47B3-4A59-A238-6FCDA0B3A533}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.4\gma2onpc.exe] => (Block) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.4\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [TCP Query User{C3EF6477-3831-4B10-9BFF-BE632AC55C25}C:\program files\ma lighting technologies\ma 3d\v_3.9.60\ma3d.exe] => (Block) C:\program files\ma lighting technologies\ma 3d\v_3.9.60\ma3d.exe (MA Lighting Technology GmbH) [File not signed] FirewallRules: [UDP Query User{50A3E853-12C7-407F-9F1F-CDB29DD962F6}C:\program files\ma lighting technologies\ma 3d\v_3.9.60\ma3d.exe] => (Block) C:\program files\ma lighting technologies\ma 3d\v_3.9.60\ma3d.exe (MA Lighting Technology GmbH) [File not signed] FirewallRules: [{5826AFF2-C8B0-4FFC-9B65-B2A23AB443BD}] => (Allow) C:\WINDOWS\SysWOW64\slpd.exe () [File not signed] FirewallRules: [{D847501E-7C5D-4CFD-831B-16A4686A0CF9}] => (Allow) C:\WINDOWS\SysWOW64\slpd.exe () [File not signed] FirewallRules: [{87A983BF-ACA7-4B9A-A1EF-0C7314B1C4A3}] => (Allow) C:\WINDOWS\SysWOW64\slptool.exe () [File not signed] FirewallRules: [TCP Query User{2121DC2F-BB54-4CC0-B80F-180487FBCD03}C:\program files (x86)\etc\congo\congo.exe] => (Allow) C:\program files (x86)\etc\congo\congo.exe (Electronic Theatre Controls, Inc. -> ETC) FirewallRules: [UDP Query User{BE1AD4A5-B3AB-4085-9B53-C50E3E068672}C:\program files (x86)\etc\congo\congo.exe] => (Allow) C:\program files (x86)\etc\congo\congo.exe (Electronic Theatre Controls, Inc. -> ETC) FirewallRules: [TCP Query User{EA31F464-427E-46BD-8B7A-A732208BFDDE}C:\program files (x86)\etc\congo\congo.exe] => (Allow) C:\program files (x86)\etc\congo\congo.exe (Electronic Theatre Controls, Inc. -> ETC) FirewallRules: [UDP Query User{B8F1C8C3-15F9-4A9F-AF84-09937E3A3469}C:\program files (x86)\etc\congo\congo.exe] => (Allow) C:\program files (x86)\etc\congo\congo.exe (Electronic Theatre Controls, Inc. -> ETC) FirewallRules: [{83F5AD38-FD11-4846-876E-E2A3E654C8A5}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet Canada, Inc. -> SafeNet, Inc) FirewallRules: [{CD848475-072C-4D61-B346-08AE4483C35A}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet Canada, Inc. -> SafeNet, Inc) FirewallRules: [{3D7EC9DA-706C-4C65-8BAC-539426DB870E}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet Canada, Inc. -> SafeNet, Inc.) FirewallRules: [{11FD34AB-620B-4D38-9849-BA386BD234EC}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet Canada, Inc. -> SafeNet, Inc.) FirewallRules: [TCP Query User{99C88F47-B76C-44A9-84C5-09C7AE21113A}C:\program files\cast software\wysiwyg release 44\bin64\wyg.exe] => (Block) C:\program files\cast software\wysiwyg release 44\bin64\wyg.exe (CAST Group of Companies Inc. -> CAST Software Ltd.) FirewallRules: [UDP Query User{60125660-54B6-482E-B014-D3E2C7A3E763}C:\program files\cast software\wysiwyg release 44\bin64\wyg.exe] => (Block) C:\program files\cast software\wysiwyg release 44\bin64\wyg.exe (CAST Group of Companies Inc. -> CAST Software Ltd.) FirewallRules: [TCP Query User{08A5BAD8-EE26-4254-A001-02B23DE29D79}C:\program files (x86)\wysiwyg drivers\lxdlldriverloader2.exe] => (Block) C:\program files (x86)\wysiwyg drivers\lxdlldriverloader2.exe (CAST Group of Companies Inc. -> CAST Group of Companies Inc.) FirewallRules: [UDP Query User{112EB340-0DA3-43D3-96BB-F470047E38B0}C:\program files (x86)\wysiwyg drivers\lxdlldriverloader2.exe] => (Block) C:\program files (x86)\wysiwyg drivers\lxdlldriverloader2.exe (CAST Group of Companies Inc. -> CAST Group of Companies Inc.) FirewallRules: [TCP Query User{EC21F2A0-C87B-4661-B195-1617F50AD5B6}C:\program files\cast software\wysiwyg release 44\bin64\wyg.exe] => (Block) C:\program files\cast software\wysiwyg release 44\bin64\wyg.exe (CAST Group of Companies Inc. -> CAST Software Ltd.) FirewallRules: [UDP Query User{389CA6A4-AF12-4B29-A6BB-A90CA23F74CB}C:\program files\cast software\wysiwyg release 44\bin64\wyg.exe] => (Block) C:\program files\cast software\wysiwyg release 44\bin64\wyg.exe (CAST Group of Companies Inc. -> CAST Software Ltd.) FirewallRules: [TCP Query User{D3D61371-BE7C-4530-890A-582622C7975D}C:\program files (x86)\wysiwyg drivers\lxdlldriverloader2.exe] => (Block) C:\program files (x86)\wysiwyg drivers\lxdlldriverloader2.exe (CAST Group of Companies Inc. -> CAST Group of Companies Inc.) FirewallRules: [UDP Query User{4B6FD483-2400-45C8-A094-E609211552A5}C:\program files (x86)\wysiwyg drivers\lxdlldriverloader2.exe] => (Block) C:\program files (x86)\wysiwyg drivers\lxdlldriverloader2.exe (CAST Group of Companies Inc. -> CAST Group of Companies Inc.) FirewallRules: [{308E2CCC-165C-4725-AAA5-77B42BD177AB}] => (Block) C:\Program Files\CAST Software\WYSIWYG Release 44\Bin64\Wyg.exe (CAST Group of Companies Inc. -> CAST Software Ltd.) FirewallRules: [{69DA1081-7595-4FDA-B787-6AAC58D80DEA}] => (Block) C:\Program Files (x86)\CAST Software\WYSIWYG Release 44\Bin64\Wyg.exe (CAST Group of Companies Inc. -> CAST Software Ltd.) FirewallRules: [{E4BE28DB-4474-40AA-9FDF-E415083F0D2E}] => (Block) C:\Program Files (x86)\CAST Software\WYSIWYG Release 44\Bin64\Launcher.exe (CAST Group of Companies Inc. -> CAST Software Ltd.) FirewallRules: [{5463501D-C34D-4474-BD57-4C375AF7ECC3}] => (Block) C:\Program Files\CAST Software\WYSIWYG Release 44\Bin64\Launcher.exe (CAST Group of Companies Inc. -> CAST Software Ltd.) FirewallRules: [TCP Query User{5D2062F6-0C7A-400B-B940-F9F5A0C1D070}C:\program files\native instruments\maschine 2\maschine 2.exe] => (Block) C:\program files\native instruments\maschine 2\maschine 2.exe (Native Instruments GmbH -> Native Instruments GmbH) FirewallRules: [UDP Query User{083C8FCB-1EB6-4D28-99F8-29889BB6736C}C:\program files\native instruments\maschine 2\maschine 2.exe] => (Block) C:\program files\native instruments\maschine 2\maschine 2.exe (Native Instruments GmbH -> Native Instruments GmbH) FirewallRules: [TCP Query User{6E406EFF-717B-4983-9072-AF1423D268EE}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.38\gma2onpc.exe] => (Allow) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.38\gma2onpc.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [UDP Query User{0CB42581-2420-4302-8AF2-6E9A666140D3}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.38\gma2onpc.exe] => (Allow) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.38\gma2onpc.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [TCP Query User{AB5AD4B9-870F-48B0-A28D-2E300BD7C440}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.3\gma2onpc.exe] => (Allow) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.3\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [UDP Query User{97B7D8B8-08F0-4885-A979-2F0A8959D911}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.3\gma2onpc.exe] => (Allow) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.3\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [{1334B2E7-B905-494E-9ACD-8539001C8E8A}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.7.2\bin\app_updater.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{121F751A-0B95-40E4-B812-E98EC0327C1E}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.7.2\bin\app_terminal.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{D82295EB-6AE6-4E10-9CA1-A945DDE029AE}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.7.2\bin\app_system.exe (MA Lighting Technology GmbH. -> MA Lighting Technology) FirewallRules: [{F2A5944C-9884-440B-8B48-5A803EF785A9}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.7.2\bin\app_gma3.exe (MA Lighting Technology GmbH. -> MA Lighting Technology) FirewallRules: [{04F3FD5E-A204-444F-B3C3-370E7068C59E}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.7.2\bin\app_updater.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{B340C565-2710-4B34-B8E0-D53F1C99E097}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.7.2\bin\app_terminal.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [TCP Query User{72DA7198-DD79-4752-B9C7-DFC78690643D}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.3\gma2onpc.exe] => (Block) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.3\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [UDP Query User{CAF73917-224A-443B-A659-AE031E27682B}C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.3\gma2onpc.exe] => (Block) C:\program files\ma lighting technologies\grandma\grandma2 onpc 3.9.60.3\gma2onpc.exe (MA Lighting Technology GmbH -> ) FirewallRules: [{7C8528C7-4CD4-4683-A22B-60E73E64D3C1}] => (Block) OUTLOOK => No File FirewallRules: [{90DC0BC0-D4D8-48C7-8A0F-2F27BDC04F94}] => (Block) OUTLOOK => No File FirewallRules: [{690DDB11-051C-4580-A741-C7F717815D8E}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.8.8\bin\app_system.exe (MA Lighting Technology GmbH. -> MA Lighting Technology) FirewallRules: [{F335E825-AEE6-46D9-AC75-C8F605A711BB}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.8.8\bin\app_gma3.exe (MA Lighting Technology GmbH. -> MA Lighting Technology) FirewallRules: [{DA17D116-D569-41F8-947E-4CB34729E868}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.8.8\bin\app_updater.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{741E119E-E3FF-4793-8D0F-BE3334E6FF52}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.8.8\bin\app_terminal.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{8B1E46C0-CBE1-43CF-B467-DE23789F8D05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{EC7102D1-0604-450F-83F1-D217369833AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{737F5F06-8DF9-4177-9277-4C7E07F31C86}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{53036E04-4821-4122-A793-4CABD9A264BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{28AD3B27-5584-4698-846B-4E69BB35B685}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3E50FC57-7EA0-489C-856D-7C13058E44EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{96C2EC5F-6423-4738-9689-FE4C3D8E662D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F232ED84-2594-45D6-8DBD-4D5301C66E8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{EC5C341F-7481-4457-81B1-48EEA668E909}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{AFE22ECA-9FB8-4A79-91A0-62430F9745B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{BB3A5D80-16F6-457D-A5BE-132B1FE5ED6C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{90ACE898-52C4-47A1-B48B-CF66C965CB87}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D6EF28E8-00B7-455D-9920-606E99B619FD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{FA49C987-FCAE-43B5-8D91-F2A1C2126EE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{38B83554-AA04-4F3F-8419-C655B874A790}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7098234D-CFA1-422E-A53B-9FB15C47BD2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) DomainProfile\AuthorizedApplications: [C:\WINDOWS\System32\slpd.exe] => Enabled:Service Location Protocol DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\ETC\Congo\Congo.exe] => Enabled:Congo StandardProfile\AuthorizedApplications: [C:\WINDOWS\System32\slpd.exe] => Enabled:Service Location Protocol StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\ETC\Congo\Congo.exe] => Enabled:Congo ==================== Restore Points ========================= Check "VSS" service ==================== Faulty Device Manager Devices ============ Name: Intel(R) Display Audio Description: Intel(R) Display Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Intel(R) Corporation Service: IntcDAud Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft Hyper-V Virtualization Infrastructure Driver Description: Microsoft Hyper-V Virtualization Infrastructure Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: Vid Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: teVirtualMIDI - Virtual MIDI Driver x64 Description: teVirtualMIDI - Virtual MIDI Driver x64 Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Tobias Erichsen Service: teVirtualMIDI64 Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ======================== Application errors: ================== Error: (02/27/2024 11:32:32 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (02/27/2024 11:32:32 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (10/20/2023 07:43:20 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (10/20/2023 07:43:20 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (10/18/2023 11:19:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HxOutlook.exe, version: 16.0.14326.21624, time stamp: 0x6525f6af Faulting module name: Office.UI.Xaml.HxShared.dll, version: 16.0.14326.21624, time stamp: 0x6525f6f0 Exception code: 0xc000041d Fault offset: 0x0000000000125284 Faulting process ID: 0xca0 Faulting application start time: 0x01da01ac36f60b92 Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe\HxOutlook.exe Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.HxShared.dll Report ID: 7442bddd-125c-458f-9ad8-ec7dd1797935 Faulting package full name: microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: microsoft.windowslive.mail Error: (10/18/2023 11:19:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HxOutlook.exe, version: 16.0.14326.21624, time stamp: 0x6525f6af Faulting module name: Office.UI.Xaml.HxShared.dll, version: 16.0.14326.21624, time stamp: 0x6525f6f0 Exception code: 0xc0000005 Fault offset: 0x0000000000125284 Faulting process ID: 0xca0 Faulting application start time: 0x01da01ac36f60b92 Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe\HxOutlook.exe Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.HxShared.dll Report ID: 77bba819-1975-4fba-8978-39c7165b9eb2 Faulting package full name: microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: microsoft.windowslive.mail Error: (10/18/2023 10:20:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Dell.TechHub.Instrumentation.SubAgent.exe, version: 1.3.4.6103, time stamp: 0x63cf74d2 Faulting module name: coreclr.dll, version: 6.0.2023.32017, time stamp: 0x6491fccb Exception code: 0xc0000005 Fault offset: 0x00000000000c5b84 Faulting process ID: 0x2e54 Faulting application start time: 0x01da01a2e4149b40 Faulting application path: C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe Faulting module path: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.20\coreclr.dll Report ID: b9d0d90b-6872-49c4-83b7-8876ddeb432a Faulting package full name: Faulting package-relative application ID: Error: (10/18/2023 10:20:12 AM) (Source: .NET Runtime) (EventID: 1023) (User: ) Description: Application: Dell.TechHub.Instrumentation.SubAgent.exe CoreCLR Version: 6.0.2023.32017 .NET Version: 6.0.20 Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFF96D75B84 (00007FFF96CB0000) with exit code 80131506. System errors: ============= Error: (02/27/2024 11:55:15 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (02/27/2024 11:54:51 AM) (Source: DCOM) (EventID: 10005) (User: RRRIO) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (02/27/2024 11:54:51 AM) (Source: DCOM) (EventID: 10005) (User: RRRIO) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {F087771F-D74F-4C1A-BB8A-E16ACA9124EA} Error: (02/27/2024 11:54:51 AM) (Source: DCOM) (EventID: 10005) (User: RRRIO) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {6D18AD12-BDE3-4393-B311-099C346E6DF9} Error: (02/27/2024 11:54:51 AM) (Source: DCOM) (EventID: 10005) (User: RRRIO) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {03CA98D6-FF5D-49B8-ABC6-03DD84127020} Error: (02/27/2024 11:54:51 AM) (Source: DCOM) (EventID: 10005) (User: RRRIO) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {659CDEA7-489E-11D9-A9CD-000D56965251} Error: (02/27/2024 11:54:51 AM) (Source: DCOM) (EventID: 10005) (User: RRRIO) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {BB6DF56B-CACE-11DC-9992-0019B93A3A84} Error: (02/27/2024 11:54:51 AM) (Source: DCOM) (EventID: 10005) (User: RRRIO) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} Windows Defender: ================ Date: 2023-10-17 10:56:34 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-10-15 12:54:51 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-10-13 21:27:04 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-10-13 15:45:33 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-10-13 14:14:56 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2024-02-27 11:33:54 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2023-11-12 16:06:17 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2023-11-12 15:41:02 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2023-10-25 08:43:27 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2023-10-21 19:11:21 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.399.1055.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23090.2007 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode ==================== Memory info =========================== BIOS: Alienware A14 09/24/2014 Motherboard: Alienware 041W46 Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz Percentage of memory in use: 14% Total physical RAM: 16265.02 MB Available physical RAM: 13945.91 MB Total Virtual: 18697.02 MB Available Virtual: 16791.36 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.48 GB) (Free:11.22 GB) (Model: SK hynix SH920 mSATA 256GB) NTFS Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:174.66 GB) (Model: WDC WD10JPVX-75JC3T0) NTFS Drive h: (RRRIO GMA3) (Removable) (Total:3.74 GB) (Free:1.44 GB) FAT32 \\?\Volume{fec0723c-387d-447d-ba14-3ccf64114ba5}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.26 GB) NTFS \\?\Volume{d3839990-3e07-465b-9423-72bfabb8e6c4}\ () (Fixed) (Total:0.82 GB) (Free:0.18 GB) NTFS \\?\Volume{a9a84f6a-f6fc-4480-957d-68e769baa4ad}\ (PBR Image) (Fixed) (Total:8.78 GB) (Free:0.69 GB) NTFS \\?\Volume{b4319715-c038-4a41-aa03-a497a68c92b9}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: B53DD72F) Partition: GPT. ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 4F334458) Partition: GPT. ========================================================== Disk: 2 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=3.8 GB) - (Type=FAT32) ==================== End of Addition.txt =======================