Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2020 Ran by roger (29-05-2020 17:17:30) Running from C:\Users\roger\Downloads Windows 10 Pro Version 1909 18363.836 (X64) (2020-05-13 07:08:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3932148723-1632299578-2436860547-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3932148723-1632299578-2436860547-503 - Limited - Disabled) Guest (S-1-5-21-3932148723-1632299578-2436860547-501 - Limited - Disabled) roger (S-1-5-21-3932148723-1632299578-2436860547-1001 - Administrator - Enabled) => C:\Users\roger WDAGUtilityAccount (S-1-5-21-3932148723-1632299578-2436860547-504 - Limited - Disabled) _ashbackuppb_ (S-1-5-21-3932148723-1632299578-2436860547-1004 - Administrator - Enabled) => C:\Users\_ashbackuppb_ ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20065 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Premiere Elements 11 (HKLM\...\{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Ashampoo Backup Pro 11 (HKLM\...\{DF972766-3CEA-0FEC-AD7D-0A1791430C35}_is1) (Version: 11.12 - Ashampoo GmbH & Co. KG) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS) AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 20.3.3120 - AVG Technologies) AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.7.671 - AVG) AVS Audio Converter 9.1.3 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 9.1.3.601 - Online Media Technologies Ltd.) AVS Audio Editor 9.1.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 9.1.3.541 - Online Media Technologies Ltd.) AVS Disc Creator 6.1.9 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 6.1.9.559 - Online Media Technologies Ltd.) AVS Document Converter 4.2.4 (HKLM-x32\...\AVS Document Converter_is1) (Version: 4.2.4.269 - Online Media Technologies Ltd.) AVS Image Converter 5.2.4 (HKLM-x32\...\AVS Image Converter_is1) (Version: 5.2.4.303 - Online Media Technologies Ltd.) AVS Media Player 5.1.4 (HKLM-x32\...\AVS Media Player_is1) (Version: 5.1.4.137 - Online Media Technologies Ltd.) AVS Photo Editor 3.2.4 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 3.2.4.168 - Online Media Technologies Ltd.) AVS Registry Cleaner 4.1.5 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 4.1.5.291 - Online Media Technologies Ltd.) AVS Video Converter 12.0.3 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 12.0.3.654 - Online Media Technologies Ltd.) AVS Video Editor 9.3.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 9.3.1.354 - Online Media Technologies Ltd.) AVS Video ReMaker 6.3.4 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 6.3.4.238 - Online Media Technologies Ltd.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.0.1 - Canon Inc.) Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.) Canon MG3600 series On-screen Manual (HKLM-x32\...\Canon MG3600 series On-screen Manual) (Version: 7.8.0 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 97.4.467 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden FileZilla Client 3.46.3 (HKLM-x32\...\FileZilla Client) (Version: 3.46.3 - Tim Kosse) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden Handy Address Book (HKLM-x32\...\Handy Address Book) (Version: - Beiley Software) IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan) iTunes (HKLM\...\{0963AC13-C9C4-4989-918A-B59A690732EF}) (Version: 12.9.4.102 - Apple Inc.) K-Lite Codec Pack 15.2.6 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.6 - KLCP) Lukas Ara (HKLM-x32\...\{E59C270C-1D8C-477E-843C-060F85AC1139}) (Version: 1.8.7 - Lukas) Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 2.0.0.26 (HKLM-x32\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 2.0.0.26 - © Wondershare Corporation. All rights reserved.) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3932148723-1632299578-2436860547-1001\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MiVue Manager (HKLM-x32\...\{F9E03BA4-CB0E-4937-B1B0-851FFF5909E1}) (Version: 1.0.33.18 - Navman) Momento 7.8.2 (HKLM-x32\...\Momento) (Version: - ) PRE11 STI 64Installer (HKLM-x32\...\{B614E5FA-6DA4-45A1-845C-52F870240A89}) (Version: 11.0 - Adobe Systems Incorporated) Hidden PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.) Remind-Me (HKLM-x32\...\Remind-Me) (Version: - Beiley Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Swann Player (HKLM-x32\...\{5C35D4F8-EC8E-4173-B7DE-0A54B3A39D4F}) (Version: 1.8.12 - Swann Player) TAT Viewer 5G 2.1.14 (HKLM-x32\...\TAT Viewer 5G) (Version: 2.1.14 - ESV) Wondershare UniConverter(Build 11.7.5.1) (HKLM-x32\...\UniConverter_is1) (Version: 11.7.5.1 - Wondershare Software) Zoom (HKU\S-1-5-21-3932148723-1632299578-2436860547-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-06] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-06] (Microsoft Corporation) [MS Ad] Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-17] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3932148723-1632299578-2436860547-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) CustomCLSID: HKU\S-1-5-21-3932148723-1632299578-2436860547-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\roger\Dropbox [2019-01-19 20:18] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-05-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2017-12-18] (Online Media Technologies Ltd. -> Online Media Technologies Ltd.) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-05-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-05-13 11:16 - 2019-03-12 10:49 - 000256512 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\jsoncpp.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000052224 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\lzma.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000111616 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\minizip.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000250880 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\party.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000581632 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\sqlite.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000083456 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\zdll.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000080896 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\ziputil.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000026112 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\zlibutil.dll 2019-01-25 15:59 - 2017-12-07 10:25 - 000123904 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJPLM\CNMPU.DLL 2019-01-25 15:59 - 2017-12-07 10:25 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJPLM\cnmpu2.dll 2019-01-25 16:06 - 2015-03-17 07:51 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL 2011-09-13 00:06 - 2011-09-13 00:06 - 003214056 _____ (Microsoft Corporation (Internal Use Only) -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Office\OFFICE14\PROOF\1033\MSGR3EN.DLL 2020-05-13 14:15 - 2020-05-13 14:15 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.DLL 2019-01-19 20:50 - 2019-01-19 20:50 - 000434176 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\AVG\Secure VPN\chrome_elf.dll 2019-05-13 11:16 - 2018-06-27 09:58 - 002135040 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\ash_libcurl.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000353792 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\libcurl.dll 2019-01-19 20:50 - 2018-09-05 20:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AVG\Secure VPN\libcrypto-1_1.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 001966080 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\LIBEAY32.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000354816 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\SSLEAY32.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000172544 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxbase310u_net_vc_ox.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 002276352 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxbase310u_vc_ox.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000173056 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxbase310u_xml_vc_ox.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 001538560 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_adv_vc_ox.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 005491200 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_core_vc_ox.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000707584 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_html_vc_ox.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000122880 _____ (wxWidgets development team) [File not signed] C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_webview_vc_ox.dll 2019-05-13 11:16 - 2019-03-12 10:49 - 000866304 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_xrc_vc_ox.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 17:31 - 2018-09-15 17:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3932148723-1632299578-2436860547-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg HKU\S-1-5-21-3932148723-1632299578-2436860547-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKU\S-1-5-21-3932148723-1632299578-2436860547-1001\...\StartupApproved\StartupFolder: => "Handy Address Book.lnk" HKU\S-1-5-21-3932148723-1632299578-2436860547-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3932148723-1632299578-2436860547-1001\...\StartupApproved\Run: => "OfficeSyncProcess" HKU\S-1-5-21-3932148723-1632299578-2436860547-1001\...\StartupApproved\Run: => "CAHeadless" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8E08703A-22E1-4798-8EF7-979EBACFF57F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{5B83F1C5-A89D-4801-A752-3682305C95B2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{D88F4BD8-1AAF-42E0-9112-81F8C6573F43}] => (Allow) C:\Users\roger\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{2AB47407-3CDC-48D1-AC46-AABD42944437}] => (Allow) C:\Users\roger\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{1A736D2F-D58E-4FBE-8335-98182ACFA07C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CB219606-8D8B-412D-8C45-12BF3495E5E2}] => (Allow) C:\Program Files (x86)\AVG\Secure VPN\VpnUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) FirewallRules: [{A3ACD064-466C-45EE-9411-2487D188A2A0}] => (Allow) C:\Program Files (x86)\AVG\Secure VPN\VpnUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) FirewallRules: [{04E2CEDA-ED29-413B-89C8-40110659CF50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EDED177B-AD4E-4606-915B-A1420BE8FC33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8A771A42-5BF6-47AD-A761-12B68C8A1E38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FE4A8039-B6FF-4BB1-9073-2A26FC9CD8CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F123CFE7-6ADD-4858-B1E2-8459D256B2E2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) ==================== Restore Points ========================= 26-05-2020 19:17:13 Removed Adobe Photoshop Lightroom 4 64-bit. ==================== Faulty Device Manager Devices ============ Name: AVG TAP Adapter v3 Description: AVG TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: avgTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (05/29/2020 04:59:46 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7272,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/29/2020 04:47:04 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (892,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/29/2020 03:41:02 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5364,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/29/2020 02:55:13 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3204,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/29/2020 02:30:16 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (05/29/2020 02:30:16 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (05/29/2020 02:22:52 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2396,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/29/2020 02:05:58 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10320,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (05/29/2020 06:47:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_7f790 service. Error: (05/29/2020 06:47:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_7f790 service. Error: (05/29/2020 06:46:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_7f790 service. Error: (05/29/2020 05:19:13 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/29/2020 05:19:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_7f790 service. Error: (05/29/2020 05:18:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_7f790 service. Error: (05/29/2020 04:25:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_7f790 service. Error: (05/29/2020 04:25:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_7f790 service. CodeIntegrity: =================================== Date: 2020-05-29 14:45:48.032 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-05-29 14:45:48.008 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-05-29 14:45:47.260 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-05-29 14:37:46.780 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-29 14:37:46.747 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-29 14:37:46.714 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-29 14:37:46.681 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-29 14:37:46.644 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. X551CAP.209 01/23/2014 Motherboard: ASUSTeK COMPUTER INC. X551CAP Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz Percentage of memory in use: 88% Total physical RAM: 3981.73 MB Available physical RAM: 458.32 MB Total Virtual: 5965.73 MB Available Virtual: 1880.64 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.42 GB) (Free:107.72 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:243.46 GB) NTFS \\?\Volume{0c01494d-adf2-4e9f-a40f-43b471a8405b}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.44 GB) NTFS \\?\Volume{f1d68ef9-2c16-468e-bb26-f420f4c5221a}\ () (Fixed) (Total:0.89 GB) (Free:0.34 GB) NTFS \\?\Volume{4440628d-75ec-441a-9232-aa7d96ff2c7e}\ (Restore) (Fixed) (Total:20.01 GB) (Free:7.85 GB) NTFS \\?\Volume{ee46d80f-652e-45da-aa27-163d89dabf7d}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A) Partition: GPT. ==================== End of Addition.txt =======================