Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by steve (11-03-2021 01:52:53)
Running from C:\Users\steve\Downloads
Windows 10 Home Version 1909 18363.1379 (X64) (2020-03-16 13:44:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2260596255-3006137883-4004939090-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2260596255-3006137883-4004939090-503 - Limited - Disabled)
Guest (S-1-5-21-2260596255-3006137883-4004939090-501 - Limited - Disabled)
steve (S-1-5-21-2260596255-3006137883-4004939090-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-2260596255-3006137883-4004939090-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20138 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{998DF7E5-262F-4391-A117-8D9E383B8C0A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
calibre (HKLM-x32\...\{0EC97EA4-BC70-4A1C-9FF0-2AC27AC0D3D0}) (Version: 5.8.1 - Kovid Goyal)
Elevated Installer (HKLM-x32\...\{5053832D-D695-4E6A-A777-8CC79DF61A85}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Hidden
EndNote X9 (HKLM-x32\...\{86B3F2D6-AC2B-0019-8AE1-F2F77F781B0C}) (Version: 19.2.0.13018 - Clarivate Analytics)
Garmin Express (HKLM-x32\...\{040c11a0-b209-4b21-b861-163f52e01d88}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{F8609938-A6C9-4796-87BC-471F62EA4F0E}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.82 - Google LLC)
Grammarly (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\GrammarlyForWindows) (Version: 1.5.72 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{D2F1E2C9-B416-40C6-BA64-67691276A56B}) (Version: 6.8.254 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\{2970deb0-0683-4d35-80ae-09b866d6bdd1}) (Version: 6.8.254 - Grammarly)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
LeapFrog Connect 2 (HKLM-x32\...\LeapFrogConnect2) (Version: 4.1.3.442 - LeapFrog)
LeapFrogConnect2 (HKLM-x32\...\{B7B653AF-D5EB-4A42-BC10-693413138807}) (Version: 4.1.3.442 - LeapFrog) Hidden
LeapStart (HKLM-x32\...\{1A9F9917-B0AC-40E9-A707-3AF14E2F9C3E}) (Version: 4.1.3.442 - LeapFrog) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13628.20448 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Teams) (Version: 1.3.00.9267 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 86.0 (x64 en-GB)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.1.151 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20448 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
QT5.10.1 (HKLM-x32\...\{D648CC39-D39C-445B-AEB7-213632704032}) (Version: 1.0.0.0 - LeapFrog) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: 1.0.21.3540 - Clarivate Analytics)
Samsung DeX (HKLM-x32\...\{0924F03B-F48D-445B-9302-43E86707EC8B}) (Version: 1.0.1.40 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{e539e534-854a-46d2-b8f8-f6a3405f782a}) (Version: 1.0.1.40 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.23.0 - Samsung Electronics Co., Ltd.)
Spotify (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Spotify) (Version: 1.1.53.608.g7ed9c03a - Spotify AB)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.9267 - Microsoft Corporation)
Use the entry named LeapFrog Connect2 to uninstall QT5.10.1 (HKLM-x32\...\QT5.10.1) (Version: - LeapFrog)
Use the entry named LeapFrogConnect2 to uninstall LeapStart (HKLM-x32\...\LeapStartPlugin) (Version: - LeapFrog)
Web Companion (HKLM-x32\...\{6f3dcc5c-6c99-4d28-a3f4-de4941722f68}) (Version: 6.0.2285.4135 - Lavasoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WordRake for Word (HKLM-x32\...\{AF060B53-1694-4439-823A-89567D490CE2}) (Version: 3.95.10218.01 - WordRake Holdings, LLC)
Zoom (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-06-04] (Amazon.com)
Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2021-02-09] (Priceline Partner Network)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.53.5.0_x86__kgqvnymyfvs32 [2021-03-01] (king.com)
Dropbox for S mode -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.4.0_x64__xbfy0k16fey96 [2020-07-02] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2020-03-16] (HP Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.55.1.0_x86__kgqvnymyfvs32 [2021-03-09] (king.com)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.7.197.0_x64__v10z8vjag6ke6 [2020-10-13] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6 [2020-12-21] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2020-09-29] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-02-25] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.238.0_x64__v10z8vjag6ke6 [2021-02-22] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2020-09-06] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-01-05] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-03-16] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.0.1017.0_x64__8j3eq9eme6ctt [2020-11-26] (INTEL CORP)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-02-25] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.0.0.0_x64__kx24dqmazqk8j [2020-12-21] (Random Salad Games LLC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{04271989-C4D2-D75D-B5E0-68B3DDB1879C} -> [OneDrive - University of Plymouth] => C:\Users\steve\OneDrive - University of Plymouth [2020-06-03 20:52]
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\steve\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\steve\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.254\CC1402A1D8\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\steve\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.254\CC1402A1D8\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{7602d92f-b925-58fa-c578-ae8cd30d51802}\InprocServer32 -> 0xC5EEC8D10116D7017FA8C9D10116D701010000000100000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{819bccaa-38ae-db48-6ec5-953c86fd99448}\InprocServer32 -> 0x3DB9BCD10116D701BF43BED10116D701010000000100000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\steve\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-09-09 07:13 - 2019-09-09 07:13 - 001364992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 001289216 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\cairo.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000230529 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libpng14-14.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000100352 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\zlib1.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 000656896 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\LogicNP.Crya4ccf6c6#\ce73cfe044124be80be9a74fbef8240f\LogicNP.CryptoLicensing.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 000368128 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Coeaa20892#\971d4437a6fd2662f7c429420175ac17\WordRake.Core.Word.Windows.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 005232128 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Cofdffbf32#\dd3308d739692078271486fdcd7718d1\WordRake.Core.Windows.ni.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2020-08-27 13:51 - 2020-08-27 13:51 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 012968974 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avcodec-58.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 002427918 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avfilter-7.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 002538510 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avformat-58.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000557582 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avutil-56.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000126478 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swresample-3.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000557582 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swscale-5.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2020-06-21 19:00 - 2020-06-21 19:00 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2019-11-29 04:44 - 2019-11-29 04:44 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2019-11-29 04:44 - 2019-11-29 04:44 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000055808 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\pthreadVC2.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 001420800 _____ (Pizzolato Davide -
www.xdp.it) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\cximageu.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000217600 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000404480 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000504320 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000218624 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll
2020-03-04 15:35 - 2020-03-04 15:35 - 004451328 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\NativeSamsungDexFramework.dll
2020-03-04 15:35 - 2020-03-04 15:35 - 002630144 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SCommon.dll
2020-03-04 15:34 - 2020-03-04 15:34 - 006057472 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SLocales.dll
2020-08-27 13:47 - 2020-08-27 13:47 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2019-07-27 08:57 - 2019-07-27 08:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2018-09-14 10:29 - 2018-09-14 10:29 - 021529088 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icudt53.dll
2018-09-14 10:26 - 2018-09-14 10:26 - 001603584 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icuin53.dll
2018-09-14 10:24 - 2018-09-14 10:24 - 001102848 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icuuc53.dll
2018-09-24 18:44 - 2018-09-24 18:44 - 001160704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\plugins\platforms\qwindows.dll
2018-09-24 18:53 - 2018-09-24 18:53 - 000121344 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\plugins\styles\qwindowsvistastyle.dll
2018-11-19 16:47 - 2018-11-19 16:47 - 004381696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Core.dll
2018-09-24 18:03 - 2018-09-24 18:03 - 005141504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Gui.dll
2018-09-24 18:26 - 2018-09-24 18:26 - 004477952 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Widgets.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASS.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000019008 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASSCD.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000017472 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASSWMA.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 001620992 _____ (WordRake Holdings LLC) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Core.Word\76eabfc3cc26813ce305858257ea8b19\WordRake.Core.Word.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 002068480 _____ (WordRake Holdings LLC) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Core\f7c84f7c53f49d511c77d31293d35162\WordRake.Core.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 020550144 _____ (WordRake Holdings LLC) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Engine\97859ff5fbbe37279a60c29f8e7943d5\WordRake.Engine.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 000039424 _____ (WordRake Holdings LLC) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Word\3a53d59cd2bc6166684de4915251735b\WordRake.Word.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
SearchScopes: HKLM -> {EDAF8742-BB95-4DAD-9999-071C7AA6559A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EDAF8742-BB95-4DAD-9999-071C7AA6559A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.20.2.57&locale=GB_en&guid=31881C58-BFFC-49E9-808D-E8CE65C16C99&doi=2016-09-01&o=APN11913&cmpgn=may20&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2020-06-04] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2020-06-04] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\sharepoint.com -> hxxps://liveplymouthac-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 04:49 - 2019-03-19 04:49 - 000000824 ____N C:\windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2874397C-CC1B-4942-8651-0F8744F1A601}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8635664D-EA25-4AEB-92F1-A76E9A7AC12D}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F2C4B34F-394B-4327-A6E4-5CB65AC14AC6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06146399-5B8F-4A35-AB6B-38F992B2EBE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B8824FF-A366-4467-AF27-9B221858D191}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAA2CD41-B542-4E88-9CE9-3EC9ED35416F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1489D8A-3315-4B9B-8C88-E1FBDA460E35}] => (Allow) C:\Users\steve\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D22F1F73-F410-4522-9317-6D0FFE4089D4}] => (Allow) C:\Users\steve\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{ABD5A0D4-1779-460E-9FE6-825A7F2E9082}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{208175EA-2ABC-4DA8-9B9F-31E184D4C280}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E494FA6E-8B1A-4438-A0EB-F7740F24B6A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52927286-A7DF-4747-8AB8-D42C9BD72FFB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BDB82434-FBEC-42C2-A6A2-B1DC8D76E886}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D915C28-6903-4F64-8E94-4CFA359519C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E262CF9-E72A-4D99-B409-2EC99FB71E46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E7BBC67-CFB1-4869-8EDB-924837D2538C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30597C98-6FE7-44F5-A9DE-24EFAE473CAC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D930333-B974-4BA5-9745-DEFE6933D7B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:118.48 GB) (Free:46.32 GB) (39%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/25/2021 02:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YourPhone.exe, version: 1.21011.127.0, time stamp: 0x60148b42
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.18362.1350, time stamp: 0xe38b3b0e
Exception code: 0xc000027b
Fault offset: 0x000000000040dc80
Faulting process ID: 0x1430
Faulting application start time: 0x01d70b1ef17f5097
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21011.127.0_x64__8wekyb3d8bbwe\YourPhone.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: ff8d4037-e0fe-40d1-bda0-c78488f44923
Faulting package full name: Microsoft.YourPhone_1.21011.127.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (02/20/2021 07:19:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 16.0.13628.20380, time stamp: 0x601eeb3c
Faulting module name: KERNELBASE.dll, version: 10.0.18362.1350, time stamp: 0x9ccf9e81
Exception code: 0xe0434352
Fault offset: 0x0000000000043b29
Faulting process ID: 0x46f4
Faulting application start time: 0x01d706306093244f
Faulting application path: C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report ID: ec8e0db8-3704-4e66-b4d3-e5ee3ced5385
Faulting package full name:
Faulting package-relative application ID:
Error: (02/10/2021 08:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: biwinrt.dll, version: 10.0.18362.1316, time stamp: 0xbe673169
Exception code: 0xc000027b
Fault offset: 0x0000000000013fc7
Faulting process ID: 0x35a8
Faulting application start time: 0x01d6ffebe377bd1c
Faulting application path: C:\windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report ID: 28fe7b7b-f944-43f4-885c-c79cd11697a8
Faulting package full name: AD2F1837.HPPrinterControl_122.2.830.0_x64__v10z8vjag6ke6
Faulting package-relative application ID: AD2F1837.HPPrinterControl
Error: (02/09/2021 08:06:09 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007
Error: (02/09/2021 08:06:09 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/01/2021 09:28:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.13530.20440, time stamp: 0x60086a17
Faulting module name: OLEAUT32.dll, version: 10.0.18362.1110, time stamp: 0xd9673f48
Exception code: 0xc0000005
Fault offset: 0x000000000008cceb
Faulting process ID: 0x48e4
Faulting application start time: 0x01d6f87c324d74b3
Faulting application path: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\windows\System32\OLEAUT32.dll
Report ID: 7cd9ab3a-443c-40a7-89c4-c8e144fbd0f5
Faulting package full name:
Faulting package-relative application ID:
Error: (01/24/2021 07:43:00 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007
Error: (01/24/2021 07:43:00 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (03/10/2021 03:24:52 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/10/2021 09:39:59 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/09/2021 03:25:20 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/09/2021 02:11:42 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/09/2021 10:52:05 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/08/2021 03:25:43 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 03:25:13 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 03:25:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2021-03-11 00:52:17.907
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-03-11 00:51:46.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-03-11 00:51:46.103
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-03-11 00:51:44.093
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-03-11 00:34:48.318
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-03-11 00:34:48.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-03-11 00:32:59.519
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-03-10 09:40:19.747
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-03-10 09:40:19.712
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-03-10 09:40:19.693
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Event[10]:
Date: 2021-03-10 09:40:19.648
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Event[11]:
Date: 2021-03-10 09:40:19.517
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2020-06-03 20:27:39.791
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-06-03 16:20:54.833
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
==================== Memory info ===========================
BIOS: AMI F.09 12/20/2019
Motherboard: HP 864E
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 90%
Total physical RAM: 3986.09 MB
Available physical RAM: 385.87 MB
Total Virtual: 16272.78 MB
Available Virtual: 1633.17 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:118.48 GB) (Free:46.41 GB) NTFS
\\?\Volume{5861e75a-b3b6-443b-bf7b-8eb381773eb0}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{aed7e95b-57c5-4889-9e62-5bf60d27040d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FDD2E99E)
Partition: GPT.
==================== End of Addition.txt =======================