Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-04-2020 Ran by channeal (20-04-2020 21:28:03) Running from C:\Users\channeal\Desktop Microsoft Windows 10 Home Version 1909 18363.778 (X86) (2020-04-15 15:55:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2559438547-1515831249-1651957702-500 - Administrator - Disabled) channeal (S-1-5-21-2559438547-1515831249-1651957702-1000 - Administrator - Enabled) => C:\Users\channeal DefaultAccount (S-1-5-21-2559438547-1515831249-1651957702-503 - Limited - Disabled) Guest (S-1-5-21-2559438547-1515831249-1651957702-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2559438547-1515831249-1651957702-1002 - Limited - Enabled) UpdatusUser (S-1-5-21-2559438547-1515831249-1651957702-1003 - Limited - Enabled) => C:\Users\TEMP WDAGUtilityAccount (S-1-5-21-2559438547-1515831249-1651957702-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AS: Avast Antivirus (Disabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12} FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe) Apple Application Support (32-bit) (HKLM\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{622FD6CC-2678-4164-A6D5-01521E492BDB}) (Version: 13.5.0.20 - Apple Inc.) Apple Software Update (HKLM\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 20.2.2401 - Avast Software) BlackBox ISO Burner v2.0 (HKLM\...\BlackBox ISO Burner v2.0) (Version: - ) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform) Creative ALchemy (HKLM\...\ALchemy) (Version: 1.45 - Creative Technology Limited) Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited) Creative Console Launcher (HKLM\...\Console Launcher) (Version: 2.61 - Creative Technology Limited) Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited) Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited) Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited) Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited) Dell C1765 Color MFP (HKLM\...\{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.) Hidden Dell C1765 Color MFP (HKLM\...\InstallShield_{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.) Dell System Detect (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell) Dropbox (HKLM\...\Dropbox) (Version: 95.4.441 - Dropbox, Inc.) Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden Facebook Gameroom 1.22.7235.32722 (HKLM\...\{2867E3AE-18BA-4BCF-8268-F797A401ED86}) (Version: 1.22.7235.32722 - Facebook) Fotor 2.0.3 (HKLM\...\Fotor) (Version: 2.0.3 - Everimaging Co., Ltd.) Ghostery (HKLM\...\Ghostery) (Version: - Ghostery Inc) Google Chrome (HKLM\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC) Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden Greeting Card Factory Deluxe 8.0 (HKLM\...\{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}) (Version: 8.0.2.1 - Nova Development) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iTunes (HKLM\...\{330052B8-4A6E-482E-906C-3AB6A83A6260}) (Version: 12.10.5.12 - Apple Inc.) Macrium Reflect Free Edition (HKLM\...\{94572F25-AB01-4EF7-A1FB-60A35C984F4F}) (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.) Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Media Go (HKLM\...\{60CDD65B-61AD-4BE4-BEA8-BB2D15534D4B}) (Version: 3.2.191 - Sony) Media Go Video Playback Engine 2.20.109.05220 (HKLM\...\{B48AA269-C017-875E-AE23-CE1DCEE07626}) (Version: 2.20.109.05220 - Sony) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Mozilla Firefox 75.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 75.0 (x86 en-GB)) (Version: 75.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0.0.7398 - Mozilla) Mozilla Thunderbird 68.7.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 68.7.0 (x86 en-GB)) (Version: 68.7.0 - Mozilla) NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - ) Nuance PaperPort 14 (HKLM\...\{08BCE67B-6305-4D8A-B749-F381E7E3DDA2}) (Version: 14.5.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.) NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) OpenAL (HKLM\...\OpenAL) (Version: - ) Opera Stable 67.0.3575.137 (HKLM\...\Opera 67.0.3575.137) (Version: 67.0.3575.137 - Opera Software) PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.) PCWinISOBurn (HKLM\...\{FB41FAC0-C8B4-4E24-B657-141E55862F78}) (Version: 1.3.0.0 - ) PDF Candy Desktop version 2.87 (HKLM\...\{9A8B6868-AA65-45DB-B055-18CCC462E6F5}_is1) (Version: 2.87 - Icecream Apps) Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.) Scansoft PDF Professional (HKLM\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1038 - SUPERAntiSpyware.com) Switch Sound File Converter (HKLM\...\Switch) (Version: 5.12 - NCH Software) TomTom Sports Connect (HKLM\...\TomTom Sports Connect) (Version: 3.3.9.0 - TomTom International B.V.) Touro Cloud Backup (HKLM\...\Touro Cloud Backup) (Version: 4.0.0 - Touro Cloud Backup) TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Vivaldi (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\Vivaldi) (Version: 2.5.1525.48 - Vivaldi Technologies AS.) Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation) Xperia Companion (HKLM\...\{234b8fcc-726f-4746-b00f-f987f4290cb9}) (Version: 2.2.5.0 - Sony) Xperia Companion (HKLM\...\{36B6CE92-327C-485C-A0D3-4460BE30AB7A}) (Version: 2.2.5.0 - Sony) Hidden Xperia Companion Service (HKLM\...\{C530A679-C5D7-48E5-8958-E09E4207AE8B}) (Version: 2.2.5.0 - Sony) Hidden Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) Zoom (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.) Packages: ========= Dell Document Hub -> C:\Program Files\WindowsApps\DellPrinter.DellDocumentHub_1.7.0.6_x86__nmdn7k89bxsn6 [2020-04-15] (DELL GLOBAL B.V. (SINGAPORE BRANCH)) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-17] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x86__8wekyb3d8bbwe [2020-04-16] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-04-17] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\channeal\AppData\Local\Vivaldi\Application\2.5.1525.48\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\channeal\Dropbox [2018-01-29 14:50] CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\System32\ComDlg32.ocx (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-10] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ShellIconOverlayIdentifiers: [04MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-10] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MemopalShell] -> {723F4F64-AB80-46AF-9FF3-09D8C46C0746} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-10] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MemopalShell] -> {723F4F64-AB80-46AF-9FF3-09D8C46C0746} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] (HGST, Inc. -> ) ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-01-31] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-10] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\channeal\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/windows/review.htm Shortcut: C:\Users\channeal\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm ==================== Loaded Modules (Whitelisted) ============= 2009-10-20 11:13 - 2009-10-20 11:13 - 000147456 _____ () [File not signed] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll 2014-10-13 20:35 - 2014-10-13 20:35 - 000964096 _____ () [File not signed] C:\Program Files\Touro Cloud Backup\NativeControls7.dll 2014-10-24 17:01 - 2014-10-24 17:01 - 001827328 _____ () [File not signed] C:\Program Files\Touro Cloud Backup\OnlineBackupFacade.dll 2019-10-23 18:12 - 2019-10-23 18:12 - 001184256 _____ () [File not signed] C:\Users\channeal\AppData\Local\Facebook\Games\CefSharp.Core.dll 2019-10-23 18:12 - 2019-10-23 18:12 - 071641088 _____ () [File not signed] C:\Users\channeal\AppData\Local\Facebook\Games\libcef.dll 2017-02-05 21:18 - 2009-03-26 14:46 - 000148480 _____ () [File not signed] C:\WINDOWS\SYSTEM32\APOMngr.DLL 2012-12-05 13:29 - 2012-12-05 13:29 - 004883456 _____ (BCGSoft Ltd) [File not signed] C:\Program Files\Nuance\PaperPort\BCGCBPRO1100u100.dll 2012-12-05 13:29 - 2012-12-05 13:29 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files\Nuance\PaperPort\blicectr.dll 2012-03-13 18:01 - 2012-03-13 18:01 - 000245760 _____ (Dell Inc.) [File not signed] C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1net.dll 2017-06-29 17:27 - 2008-05-22 22:57 - 000020992 _____ (MagicISO, Inc.) [File not signed] C:\Program Files\MagicISO\misosh.dll 2020-04-16 01:12 - 2020-04-16 01:12 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL 2019-10-23 18:12 - 2019-10-23 18:12 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\channeal\AppData\Local\Facebook\Games\chrome_elf.dll 2014-10-20 15:24 - 2014-10-20 15:24 - 001174528 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Touro Cloud Backup\LIBEAY32.dll 2014-10-20 15:24 - 2014-10-20 15:24 - 000273920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Touro Cloud Backup\SSLEAY32.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\dell.com -> dell.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2019-04-23 16:33 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\channeal\Desktop\atheras.jpg HKU\S-1-5-21-2559438547-1515831249-1651957702-1003\Control Panel\Desktop\\Wallpaper -> DNS Servers: 194.168.4.100 - 194.168.8.100 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Local Area Connection: Avast Firewall NDIS6 Helper -> aswNetNd6 (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{32AD8136-A76E-4742-81DF-B5B56DC7A36B}] => (Allow) C:\Program Files\Opera\67.0.3575.137\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{CAC69192-359D-45D8-ADBA-4714DEA35A9E}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DBDEB0A2-A98B-4AD3-9CCD-6CBDF1852FA1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{C62DBA68-C388-4160-9D0F-8E7653FDE448}] => (Allow) C:\Program Files\Opera\67.0.3575.115\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{16C884FA-23D5-4F23-B112-4F3F1ED1A68C}] => (Allow) C:\Users\channeal\AppData\Roaming\Zoom\bin\airhost.exe No File FirewallRules: [{1B2113AE-43BF-4D99-A547-E649F1293104}] => (Allow) C:\Users\channeal\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{BF833C06-5791-4FAF-9C2B-808753AA1991}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{3C7223FE-9464-44E3-817E-E86B056E83AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B063D5F6-1839-4747-837A-B9CD9DC17778}] => (Allow) C:\Program Files\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony) FirewallRules: [{25575CB8-A43B-4A19-8FBE-FC25853A715A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{F4C4B9E0-0637-4AF3-8EA9-AC62ED8DE935}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{B42ECC89-D8B9-40A2-B815-0BA854F073E0}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B4F5D869-8772-4EF7-B8BD-C312F222B969}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe No File FirewallRules: [{6F73EBE6-8D3C-4502-93B9-455C0DF00EC2}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe No File FirewallRules: [{1A778C12-1689-4794-8D78-6C94C9AD3BCF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C0A7752C-5BE3-4370-A1D4-8B76C80905A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{53B2E896-6F70-44A9-B389-03EDCE450C61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8623E712-26D6-4B66-A9BD-BCE472267DEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{6A316F54-A462-497C-854E-320040254714}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D525697B-91DE-41E7-92B4-3EE5B593C858}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) ==================== Restore Points ========================= 18-04-2020 12:59:35 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/20/2020 09:20:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2208, ProfSvc PID: 1204. Error: (04/20/2020 09:20:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2208, ProfSvc PID: 1204. Error: (04/20/2020 09:20:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 1264, ProfSvc PID: 1204. Error: (04/20/2020 09:20:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2208, ProfSvc PID: 1204. Error: (04/20/2020 08:32:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: NEAL1-DELL) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. System errors: ============= CodeIntegrity: =================================== Date: 2020-04-20 20:32:31.944 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-04-20 20:32:31.872 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-04-20 20:32:31.772 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-04-20 20:30:54.937 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-04-20 20:30:20.060 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-04-20 20:30:19.977 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-04-20 20:30:19.899 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-04-20 20:30:19.803 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. DELL - 7 01/08/2007 Motherboard: Dell Inc. 0FJ030 Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz Percentage of memory in use: 62% Total physical RAM: 3582.16 MB Available physical RAM: 1360.43 MB Total Virtual: 7166.16 MB Available Virtual: 5042.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.57 GB) (Free:71.31 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Cloned Files) (Fixed) (Total:65.76 GB) (Free:33.6 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (Data) (Fixed) (Total:400 GB) (Free:267.08 GB) NTFS Drive k: (TOURO Mobile) (Fixed) (Total:931.51 GB) (Free:758.59 GB) NTFS \\?\Volume{3758cd02-0000-0000-0000-402425000000}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: 3758CD02) Partition 1: (Active) - (Size=148.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=453 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 092D3660) Partition 1: (Active) - (Size=65.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=400 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B873C38B) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================