Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2021 Ran by Joe (08-02-2021 23:07:47) Running from C:\Program Files\Farbar Microsoft Windows 10 Pro Version 20H2 19042.746 (X86) (2020-11-03 01:46:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-198903158-1304534811-4163729061-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-198903158-1304534811-4163729061-503 - Limited - Disabled) Guest (S-1-5-21-198903158-1304534811-4163729061-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-198903158-1304534811-4163729061-1002 - Limited - Enabled) Jo (S-1-5-21-198903158-1304534811-4163729061-1007 - Administrator - Enabled) => C:\Users\Jo Joe (S-1-5-21-198903158-1304534811-4163729061-1000 - Administrator - Enabled) => C:\Users\Joe WDAGUtilityAccount (S-1-5-21-198903158-1304534811-4163729061-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8} AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546} AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - ) 1001 Jigsaw - Earth Chronicles 7 (HKLM\...\1001 Jigsaw - Earth Chronicles 7_is1) (Version: 1.0 - MyPlayCity, Inc.) 4K Video Downloader (HKLM\...\{7820BD5B-FCF2-4A65-A08E-ECB884B1F399}) (Version: 4.13.4.3930 - Open Media LLC) Active Desktop Calendar 7.96 (HKLM\...\Active Desktop Calendar_is1) (Version: - XemiComputers) Actual Window Manager 8.14.4 (HKLM\...\Actual Windows Manager_is1) (Version: 8.14.4 - Actual Tools) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe) Aidfile recovery software professional version 3.6.6.0 (HKLM\...\{456B239A-C1E0-4178-810E-8E8F09B06877}_is1) (Version: 3.6.6.0 - Mitusoft, Inc.) AirDroid 3.6.9.0 (HKLM\...\AirDroid) (Version: 3.6.9.0 - Sand Studio) Aiseesoft HD Video Converter 8.1.18 (HKLM\...\{3039577D-975E-42fc-89FC-2F1FF42F3FCA}_is1) (Version: 8.1.18 - Aiseesoft Studio) Aiseesoft MP4 Video Converter 9.2.18 (HKLM\...\{75CE1C3D-5B84-4e3b-BC17-246607907E6B}_is1) (Version: 9.2.18 - Aiseesoft Studio) Aiseesoft Total Media Converter 6.2.86 (HKLM\...\{42087B24-ECD8-41d2-8053-E6EB99E5083F}_is1) (Version: 6.2.86 - Aiseesoft Studio) Aiseesoft Total Video Converter 9.2.38 (HKLM\...\Aiseesoft Total Video Converter_is1) (Version: 9.2.38 - Aiseesoft Studio) Aiseesoft Video Converter Ultimate 10.1.8 (HKLM\...\{BD446D04-7426-4a27-9B0B-33B0C386F71B}_is1) (Version: 10.1.8 - Aiseesoft Studio) Aiseesoft Video Converter Ultimate 9.2.62 (HKLM\...\Aiseesoft Video Converter Ultimate_is1) (Version: 9.2.62 - lrepacks.ru) Akamai NetSession Interface (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Allavsoft 3.17.7.7150 (HKLM\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) Allavsoft 3.22.7.7496 (HKLM\...\{6EBED4D8-13D9-4370-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) Altap Salamander 4.0 (x86) (HKLM\...\Altap Salamander 4.0 (x86)) (Version: 4.0 - ALTAP) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) AMP Calendar (HKLM\...\AMP Calendar) (Version: - ) ANT Drivers Installer x86 (HKLM\...\{873F3B3F-043C-488A-B07A-873393379469}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden ANT Drivers Installer x86 (HKLM\...\{D8E7F472-86F6-4E62-AAFB-283D238FEED0}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Any Video Converter Professional 6.3.7 (HKLM\...\Any Video Converter Professional_is1) (Version: 6.3.7 - Anvsoft) Any Video Converter Ultimate 6.3.8 (HKLM\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com) AnyMP4 MP4 Converter 7.2.28 (HKLM\...\{116DCE20-DA28-44fb-9C04-DDE2AD05AC8C}_is1) (Version: 7.2.28 - AnyMP4 Studio) AOMEI Backupper Professional (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.) AOMEI Partition Assistant 8.10 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI International Network Limited.) Apowersoft Streaming Audio Recorder 4.3.4.0 1.0.0 (HKLM\...\Apowersoft Streaming Audio Recorder 4.3.4.0 1.0.0) (Version: 1.0.0 - Crackingpatching.com Team) Apowersoft Video Converter Studio 4.8.4.24 (HKLM\...\Apowersoft Video Converter Studio 4.8.4.24) (Version: 1.0.0.1 - Crackingpatching.com Team) Apowersoft Video Converter Studio V4.8.4.24 (HKLM\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.8.4.24 - APOWERSOFT LIMITED) Audacity 2.4.2 (HKLM\...\Audacity_is1) (Version: 2.4.2 - Audacity Team) AutoHotkey 1.1.33.01 (HKLM\...\AutoHotkey) (Version: 1.1.33.01 - Lexikos) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software) Avira (HKLM\...\{30361B56-9FDE-41F7-9E9E-5F46D7C5BA9C}) (Version: 1.2.149.21141 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM\...\{34a7e780-9295-4863-9fe4-6c679faf7f44}) (Version: 1.2.149.21141 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.2101.2070 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM\...\Avira Phantom VPN) (Version: 2.35.1.21885 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM\...\Avira Security_is1) (Version: 1.0.36.11467 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;) Avira Software Updater (HKLM\...\{073825B9-FF06-4690-8CE4-3C0B72036122}) (Version: 2.0.6.37231 - Avira Operations GmbH & Co. KG) Hidden Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 6.6.0.10959 - Avira Operations GmbH & Co. KG) Hidden AVS Video Converter 12.1.4 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 12.1.4.672 - Online Media Technologies Ltd.) Belarc Advisor 9.0 (HKLM\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.) Bigasoft Video Downloader Pro 3.23.0.7627 (HKLM\...\{C7056BA6-D954-43A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation) Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.) Boilsoft Video Splitter 6.33 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.) Brother HL-2040 (HKLM\...\{AF5BED47-32A2-4FAE-9706-8F0E0462E838}) (Version: 1.00 - Brother) BurnInTest v9.0 Pro (32-bit) (HKLM\...\BurnInTest_is1) (Version: 9.1.1001.0 - Passmark Software) CapsLord 1.0 (remove only) (HKLM\...\CapsLord) (Version: - ) Casper 8.0 (HKLM\...\{6A58EB2E-5883-4515-910D-699C4396797B}) (Version: 8.0.4422 - Future Systems Solutions, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform) Clipboard Magic version 5.05 (HKLM\...\Clipboard Magic_is1) (Version: 5.05 - CyberMatrix Corporation, Inc.) CloseAll (HKLM\...\CloseAll) (Version: 3.0 - NTWind Software) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) CPUID CPU-Z 1.95 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.95 - CPUID, Inc.) D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DiskGenius 5.3.0 (HKLM\...\{2661F2FA-56A7-415D-8196-C4CB3D3ACFFE}_is1) (Version: - Eassos Co., Ltd.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) EaseUS Partition Master 13.0 Trial Edition (HKLM\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS) EasiestSoft Video Converter 3.3.1 (HKLM\...\{62540757-EAF0-B027-F7F8-CD5A8A0DC9BA}_is1) (Version: 3.3.1 - EasiestSoft International LLC.) Eassos PartitionGuru 4.9.5 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.) Easy Video Splitter 1.28 (HKLM\...\Easy Video Splitter_is1) (Version: - DoEasier Tech Inc) Elevated Installer (HKLM\...\{C913E211-2AC5-4BA8-8AC3-4B2814371BD3}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden EmEditor (32-bit) (HKLM\...\{87E57ED7-E591-4DFD-8FD5-0F253EF425B3}) (Version: 19.0.0 - Emurasoft, Inc.) EmEditor Help (English) (HKLM\...\{613A955D-A807-4489-B423-1CEDE0676739}) (Version: 15.7.1 - Emurasoft, Inc.) Epic Pen (HKLM\...\Epic Pen_is1) (Version: v3.7.31.0 - TANK Studios LTD) Epic Pen Pro 3.7.28 (HKLM\...\Epic Pen Pro 3.7.28) (Version: 3.7.28 - Crackingpatching.com Team) Evaer Video Recorder for Skype 1.6.5.11 (HKLM\...\Evaer Video Recorder for Skype) (Version: 1.6.5.11 - Evaer Technology) Everyday Jigsaw (HKLM\...\Everyday Jigsaw) (Version: - ) Faasoft Video Converter 5.2.24.5621 (HKLM\...\{C6FE6897-0A65-4474-8EF7-E7AF11F8F239}_is1) (Version: - Faasoft Corporation) FileSeek 6.4 (HKLM\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 6.4.0.0 - Binary Fortress Software) Firefox Preloader (HKLM\...\Firefox Preloader_is1) (Version: 1.0.366.0 - 6XGate Incorporated) Folder Size Explorer (HKLM\...\{7C3E7EA4-DCEC-4E49-8459-B6F15DBD9795}) (Version: 1.7.1 - Bazwise) FormatFactory 4.10.0.0 (HKLM\...\FormatFactory) (Version: 4.10.0.0 - Free Time) FotoTagger 2.13.0.1 (HKLM\...\FotoTagger) (Version: 2.13.0.1 - Cogitum) Free Launch Bar (HKLM\...\{1574CBD4-1656-420c-B553-E16F01E74C0F}) (Version: 2.0 - Tordex) Free M4a to MP3 Converter 9.7 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free MPG Player (HKLM\...\{254E7ACE-402F-4CA4-951F-9C5F0B00AF1A}) (Version: 1.0.0 - Free MPG Player) Free Video Flip and Rotate version 2.1.6.128 (HKLM\...\Free Video Flip and Rotate_is1) (Version: 2.1.6.128 - DVDVideoSoft Ltd.) Free Video Joiner (HKLM\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com) Free WebM to MP3 Converter (32-bit) 1.2 (HKLM\...\{E359DE7A-892A-4E9F-B2D6-7487C4AA7FB6}_is1) (Version: 1.2 - Jacek Pazera) Freemake Video Converter version 4.2.0 (HKLM\...\Freemake Video Converter_is1) (Version: 4.2.0 - Ellora Assets Corporation) Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.8.4 - Ellora Assets Corporation) Garmin City Navigator Aus and NZ NT 2017.20 (HKLM\...\{3E711870-B474-4277-AE21-481DEAD361B3}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin City Navigator Australia And New Zealand NT 2012.40 Update (HKLM\...\{5E34337E-9BE4-4D72-9C61-77769BD72855}) (Version: 12.40.0.0 - Garmin Ltd or its subsidiaries) Garmin City_Navigator_Aus_and_NZ_NT_2021_10___HERE (HKLM\...\{80FF9FD3-4A72-4D01-8157-AEB60C92303D}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM\...\{3EF3A6E8-CCBF-492E-B179-28838182B8F0}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express (HKLM\...\{e174e9f0-1f1d-4284-b0d1-238b43f8ac1b}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{E31435FE-F0B7-4A62-BE46-BD166A1EEFFB}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{5EF98E1C-3912-40EA-A8C1-25772D9F1762}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Hidden Garmin WebUpdater (HKLM\...\{f1c8f03d-88bd-432d-80d1-782d4fac96b2}) (Version: 2.5.7 - Garmin Ltd or its subsidiaries) Glary Utilities PRO 5.158 (HKLM\...\Glary Utilities 5) (Version: 5.158.0.184 - Glarysoft Ltd) GOM Player (HKLM\...\GOM Player) (Version: 2.3.42.5304 - GOM & Company) Google Chrome (HKLM\...\Google Chrome) (Version: 88.0.4324.146 - Google LLC) Google Earth Pro (HKLM\...\{59F21DFB-6977-434B-9CB9-67783D6E7B6B}) (Version: 7.3.3.7786 - Google) Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GoTo Opener (HKLM\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.) Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot) HandBrake 1.0.7 (HKLM\...\HandBrake) (Version: 1.0.7 - ) Hard Disk Sentinel PRO (HKLM\...\Hard Disk Sentinel_is1) (Version: 5.61 - Janos Mathe) HD Video Converter Factory Pro 17.1 (HKLM\...\HD Video Converter Factory Pro_is1) (Version: 17.1 - lrepacks.ru) HD Video Converter Factory Pro 19.2 (HKLM\...\HD Video Converter Factory Pro) (Version: 19.2 - WonderFox Soft, Inc.) Helium Audio Joiner (build 331) (HKLM\...\{1C7BCE67-6479-4D56-AD92-E50479028171}_is1) (Version: 1.9.0.331 - Imploded Software) Ico Converter 1.3 (HKLM\...\IcoConverter) (Version: - Tomatosoft) IcoFX 2.0 (HKLM\...\IcoFX_is1) (Version: - ) ICQ (version 10.0.12417) (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\icq.desktop) (Version: 10.0.12417 - ICQ) iDealshare VideoGo 7.0.4.6443 (HKLM\...\{CC4C06C4-7C78-4AAB-B5AF-33FB11CCD860}_is1) (Version: - iDealshare Corporation) ImTOO Video Converter Ultimate (HKLM\...\ImTOO Video Converter Ultimate) (Version: 7.8.24.20200219 - ImTOO) Ink2Go (HKLM\...\{6F884302-FE97-4024-ADE3-6415E0F3D372}) (Version: 1.6.0 - EyePower Games) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: 6.32.8 - Tonek Inc.) IrfanView 4.57 (32-bit) (HKLM\...\IrfanView) (Version: 4.57 - Irfan Skiljan) iSkysoft Helper Compact 2.5.2 (HKLM\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft) iSkysoft Video Converter Ultimate(Build 11.5.0.24) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 11.5.0.24 - iSkysoft Software) ISO2Disc 1.10 (HKLM\...\ISO2Disc_is1) (Version: - Top Password Software, Inc.) JPG to PDF Converter 1.1 (HKLM\...\JPG to PDF Converter) (Version: 1.1 - ) Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kleptomania version 5.0 (HKLM\...\{59C08933-1E83-4A8B-A2A9-FD895CFCC95D}_is1) (Version: 5.0 - StructuRise) K-Lite Codec Pack 15.9.5 Standard (HKLM\...\KLiteCodecPack_is1) (Version: 15.9.5 - KLCP) KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.2.2.44 - PandoraTV) KraiSoft Games Launcher (HKLM\...\KraiSoft Games Launcher) (Version: - ) Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1 (HKLM\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.) Macro Express Pro (HKLM\...\Macro Express Pro) (Version: 4.3.0.1 - Insight Software Solutions, Inc.) Malware Hunter 1.117.0.710 (HKLM\...\Malware Hunter) (Version: 1.117.0.710 - Glarysoft Ltd) Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes) MediaHuman Audio Converter version 1.9.7 (HKLM\...\MHAudioConverter_is1) (Version: 1.9.7 - MediaHuman) MediaInfo 19.09 (HKLM\...\MediaInfo) (Version: 19.09 - MediaArea.net) Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation) Microsoft Edge Update (HKLM\...\Microsoft Edge Update) (Version: 1.3.139.71 - ) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Teams) (Version: 1.3.00.13565 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Debugging Symbols (HKLM\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft) Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) MightyText (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\MightyText) (Version: 5.3.1 - MightyText) MKV to MP3 Converter 5.0.1 (HKLM\...\MKV to MP3 Converter) (Version: 5.0.1 - FreeStar) Movavi Video Editor Plus v21.0.0 (HKLM\...\Movavi Video Editor 21 Plus_is1) (Version: 21.0.0 - Movavi (RePack by Dodakaedr)) Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 50.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla) Mp3tag v3.05 (HKLM\...\Mp3tag) (Version: 3.05 - Florian Heidenreich) MP4 Downloader Pro 3 (HKLM\...\MP4 Downloader Pro_is1) (Version: - Tomabo) NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect) NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - ) NirSoft RegScanner (HKLM\...\NirSoft RegScanner) (Version: - ) NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version: - ) Nitro Pro (HKLM\...\{0D8F26C8-A908-4877-9788-001C0BDE3240}) (Version: 13.24.1.467 - Nitro) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) PicPick (HKLM\...\PicPick) (Version: 5.1.3 - NGWIN) Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden Point Position 1.0 (HKLM\...\Point Position 1.0) (Version: 1.0 - Vasilios Applications) PowerISO (HKLM\...\PowerISO) (Version: 6.3 - Power Software Ltd) Presentation Assistant V3.0.1 (HKLM\...\Presentation Assistant_is1) (Version: - www.presentation-assistant.com) Pushbullet version 338 (HKLM\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc) Rainmeter (HKLM\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter) Readiris 17 (HKLM\...\{8ACAE85F-B250-4543-9AD8-734474B3BA20}) (Version: 17.01.11945 - I.R.I.S.) RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Recover My Files (HKLM\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd) Registrar Registry Manager 9.01 (HKLM\...\Registrar32_is1) (Version: - Resplendence Software Projects Sp.) Registrar Registry Manager 9.01 build 901.30525 Retail (HKLM\...\Registrar Registry Manager 9.01 build 901.30525 Retail) (Version: 1.0.01 - Crackingpatching.com Team) Revo Uninstaller Pro 4.3.3 (HKLM\...\Revo Uninstaller Pro_is1) (Version: 4.3.3 - lrepacks.ru) Revo Uninstaller Pro 4.4.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.0 - VS Revo Group, Ltd.) Screenpresso (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Screenpresso) (Version: 1.7.0.0 - Learnpulse) Security Task Manager 2.4 (HKLM\...\Security Task Manager) (Version: 2.4 - Neuber Software) SiSoftware Sandra Business 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware) Skype version 8.67 (HKLM\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.) SMPlayer 21.1.0 (HKLM\...\SMPlayer) (Version: 21.1.0 - Ricardo Villalba) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Spotify (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Spotify) (Version: 1.1.48.625.g1c87c7f7 - Spotify AB) Spybot - Search & Destroy (32-bit) (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.) Spybot Anti-Beacon (HKLM\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.) Stellar Repair for Video (HKLM\...\Stellar Repair for Video_is1) (Version: 4.0.0.0 - Stellar Information Technology Pvt Ltd.) Streaming Audio Recorder V4.3.4.0 (32-bit) (HKLM\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 4.3.4.0 - Apowersoft LIMITED) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1214 - SUPERAntiSpyware.com) Tame version 6.0d (remove only) (HKLM\...\Tame 6.0d) (Version: - ) TeamViewer (HKLM\...\TeamViewer) (Version: 15.14.3 - TeamViewer) Telegram Desktop version 2.5.8 (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.8 - Telegram FZ-LLC) TeraCopy 3.0 RC (HKLM\...\TeraCopy_is1) (Version: - Code Sector) TeraCopy v3.0 (HKLM\...\TeraCopy v3.0) (Version: v3.0 - Code Sector) Text Monkey Lite (HKLM\...\Text Monkey Lite) (Version: - ) TreeSize V7.1.3 (HKLM\...\TreeSize_is1) (Version: 7.1.3 - JAM Software) Ultra Video Joiner 6.4.1010 (HKLM\...\Ultra Video Joiner_is1) (Version: - Aone Software) Ultra Video Splitter 6.4.1010 (HKLM\...\Ultra Video Splitter_is1) (Version: - Aone Software) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) vDosWP (HKLM\...\{49883946-559B-4FE0-866F-7674B9516A75}_is1) (Version: 2018.10.14 - wpdos.org) VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden Viber (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.) Video Downloader (HKLM\...\{8B6202FD-3790-4DD4-B343-51736F7FF4E5}) (Version: 1.2.0 - RealNetworks) Hidden VideoProc (HKLM\...\VideoProc) (Version: 3.5 - Digiarty, Inc.) VideoProc 3.6 (HKLM\...\VideoProc_is1) (Version: 3.6 - lrepacks.ru) VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN) VSDC Free Video Editor version 6.6.4.264 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.6.4.264 - Flash-Integro LLC) VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.40 - VSO Software) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.16.1.0 - Winaero) WinAVI Video Converter (HKLM\...\WinAVI Video Converter) (Version: 11.5.1.4360 - ZJMedia Digital Technology Ltd.) Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Winja version 4.1.0 (HKLM\...\Winja_is1) (Version: 4.1.0 - Phrozen SAS) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 6.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) WinX HD Video Converter Deluxe 5.16.2 (HKLM\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.) WinX YouTube Downloader (HKLM\...\WinX YouTube Downloader) (Version: 5.5 - Digiarty, Inc.) Wireless-G PCI Adapter (HKLM\...\{88742616-A6E9-4C7E-9665-B625799541FB}) (Version: - ) Wise Duplicate Finder 1.3.4.42 (HKLM\...\Wise Duplicate Finder_is1) (Version: 1.3.4.42 - lrepacks.ru) WonderFox DVD Video Converter 21.3 (HKLM\...\WonderFox DVD Video Converter) (Version: 21.3 - WonderFox Soft, Inc.) Wondershare AllMyTube(Build 7.4.9.2) (HKLM\...\AllMyTube_is1) (Version: 7.4.9.2 - Wondershare) Wondershare Filmora(Build 7.8.9) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.3 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare) Wondershare UniConverter(Build 11.7.4.2) (HKLM\...\UniConverter_is1) (Version: 11.7.4.2 - Wondershare Software) Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.8.23.20180925 - Xilisoft) Xperia Companion (HKLM\...\{5b7c1b25-5fb6-442c-a1b5-cb8dfc2267bf}) (Version: 2.8.3.0 - Sony) Xperia Companion (HKLM\...\{66EABD35-6233-4926-9AB1-AB31CC6BC7D9}) (Version: 2.8.3.0 - Sony) Hidden Xperia Companion Service (HKLM\...\{E41065E8-67E2-448F-940C-FF9D7C51E4E3}) (Version: 2.8.3.0 - Sony) Hidden Zoom (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Corporation) FreeCell Solitaire Classic Free -> C:\Program Files\WindowsApps\9785PokerCardGames.FreeCellSolitaireClassicFree_1.0.1.0_x86__8mnangg4fsb1t [2020-09-22] (Poker Card Games) IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [2019-04-01] (Tonec Inc.) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2018-12-09] (Instagram) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2020-11-03] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Studios) [MS Ad] mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x86__c9d6r4qvva5x8 [2019-12-22] (Up to Eleven Digital Solutions GmbH) Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x86__kzf8qxf38zg5c [2021-01-29] (Skype) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.9.49.0_x86__43tkc6nmykmb6 [2019-12-24] (Ookla) Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.13242.0_x86__8wekyb3d8bbwe [2018-12-09] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x86\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{C78B614F-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx86.dll (Fine spol. s r.o. -> ALTAP) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x86\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57}\InprocServer32 -> C:\Users\Joe\AppData\Local\Programs\EmEditor\emedshl.dll (Emurasoft, Inc. -> Emurasoft, Inc.) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> no filepath ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => -> No File ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] () [File not signed] ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers5: [Actual Window Manager] -> {CE577978-3FCA-430D-B0CE-D637788F9C5A} => C:\Program Files\Actual Window Manager\ActualWindowManagerShellExtension.dll [2020-10-11] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2020-08-22] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers6: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files\Tomabo\MP4 Downloader Pro\MP4C_WS.dll [2015-07-21] (Tomabo) [File not signed] ContextMenuHandlers6: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files\Tomabo\MP4 Downloader Pro\MP4P_WS.dll [2015-07-21] (Tomabo) [File not signed] ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] () [File not signed] ContextMenuHandlers1_S-1-5-21-198903158-1304534811-4163729061-1000: [EmEditor] -> {DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57} => C:\Users\Joe\AppData\Local\Programs\EmEditor\emedshl.dll [2019-07-30] (Emurasoft, Inc. -> Emurasoft, Inc.) ContextMenuHandlers2_S-1-5-21-198903158-1304534811-4163729061-1000: [EmEditor] -> [CC]{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57} => -> No File ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [msacm.divxa32] => C:\WINDOWS\system32\msaud32_divx.acm [186368 2003-02-03] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MPG4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed] HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed] HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed] HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed] HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed] HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed] HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [File not signed] HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Joe\Desktop\Chrome BookMarks.lnk -> C:\Data\Batch Files\Macro Express\ExportChromeBookMarks.bat () Shortcut: C:\Users\Joe\Desktop\DeskTopView.lnk -> C:\Data\Batch Files\Macro Express\DeskTopView.bat () Shortcut: C:\Users\Joe\Desktop\EmptyIDM.lnk -> C:\Data\Batch Files\Macro Express\EmptyIDM.bat () Shortcut: C:\Users\Joe\Desktop\FFB'kMarks.lnk -> C:\Data\Batch Files\Macro Express\SaveFFBookMarks.bat () Shortcut: C:\Users\Joe\Desktop\Quicklaunch.lnk -> C:\Data\Batch Files\DOS or CMD\QuickLaunch.bat () Shortcut: C:\Users\Joe\Desktop\Restart.lnk -> C:\Data\Batch Files\DOS or CMD\Restart.bat () Shortcut: C:\Users\Joe\Desktop\Shutdown.lnk -> C:\Data\Batch Files\DOS or CMD\Shutdown.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autohotkey.lnk -> C:\Data\Batch Files\Autohotkey\autohotkey.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ADC close & copy.lnk -> C:\Data\Batch Files\Autohotkey\close & copy ADC.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Greenshot.lnk -> C:\Data\Batch Files\Macro Express\Greenshot.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KillGreenshot.lnk -> C:\Data\Batch Files\DOS or CMD\KillGreenshot.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MultiLaunch.lnk -> C:\Data\Batch Files\DOS or CMD\MultiLaunch.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Rare\StartUps - backing up.lnk -> C:\Data\Batch Files\DOS or CMD\StartUps.bat () ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\(20+) Messenger _ Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jjkeojnabmnhemlflkpnpfggneahjkjn ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Creating an internet shortcut fails _.._.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=djcnpbhjfgpighcllplapphngaaockbd ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hangouts (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=deigijodonbmdapahgkdjljmcngipaab ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hangouts.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=deigijodonbmdapahgkdjljmcngipaab ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Messenger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cikmbkiaomfbeknnagjbfgfckhlbnjnj ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MightyText.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pambkebinhmagehedjcpghjfbcociiak ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MightyTextTest.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=andmpiilbgodiefijhcneadhegcolaoe ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pushbullet Settings.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jinnpgkhgbkooiphbamlonfpcedokdah ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pushbullet.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ogpfcbagkcllmmkfdceimppcikancjan ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sendleap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\sydney time.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dahalpfpibpddfpdcfgmpjelnldolich ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\12acfffc61da8ee6\SendLeap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Comms\Messenger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cikmbkiaomfbeknnagjbfgfckhlbnjnj ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Comms\Sendleap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Rare\MightyText Test.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=andmpiilbgodiefijhcneadhegcolaoe ==================== Loaded Modules (Whitelisted) ============= 2021-02-08 18:32 - 2021-02-08 18:32 - 000470016 _____ () [File not signed] \\?\C:\Users\Joe\AppData\Local\Temp\9cdb2c56-1a39-4b91-9a17-6efa2f02c74f.tmp.node 2017-12-03 09:37 - 2017-10-16 01:21 - 003420672 _____ () [File not signed] C:\Program Files\Kleptomania\TextractSmart.dll 2017-01-02 17:19 - 2016-09-19 12:08 - 000622080 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll 2010-07-05 08:32 - 2010-07-05 08:32 - 000010752 _____ () [File not signed] C:\Program Files\Unlocker\UnlockerCOM.dll 2019-12-22 09:23 - 2019-12-22 09:26 - 010191360 _____ () [File not signed] C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x86__c9d6r4qvva5x8\mysms.dll 2012-01-10 08:22 - 2011-11-23 15:59 - 000035840 _____ () [File not signed] C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 001990144 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\ffmpeg.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 000115712 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\libegl.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 006668800 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\libglesv2.dll 2020-07-03 01:38 - 2011-06-28 07:35 - 000072192 _____ (Insight Software Solutions, Inc.) [File not signed] C:\Program Files\Macro Express Pro\mexhook.dll 2019-12-22 09:23 - 2019-12-22 09:26 - 001229312 _____ (SQLite Development Team) [File not signed] C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x86__c9d6r4qvva5x8\sqlite3.dll 2016-02-13 03:17 - 2016-02-13 03:17 - 001170944 _____ (TameDOS) [File not signed] C:\WINDOWS\System32\TameVdd.Dll 2009-04-14 09:14 - 2009-04-14 09:14 - 001527808 _____ (TrueSoft) [File not signed] C:\Program Files\FreeLaunchBar\flb.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation) BHO: No Name -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> No File DPF: {9732FB42-C321-11D1-836F-00A0C993F125} hxxp://www.pcpitstop.com/mhLbl.cab Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.) Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7942 more sites. IE trusted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\garmin.com -> hxxps://my.garmin.com IE trusted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\localhost -> localhost IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123simsen.com -> www.123simsen.com There are 7947 more sites. IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123simsen.com -> www.123simsen.com There are 7942 more sites. ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-05-17 14:17 - 2020-07-16 12:54 - 000455813 ____N C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15652 more lines. ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Deskshare\My Screen Recorder Pro 3\;C:\Program Files\Windows Live\Shared;C:\Program Files\AMD\ATI.ACE\Core-Static;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\AOMEI Backupper HKU\S-1-5-21-198903158-1304534811-4163729061-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\XEMICO~1\ACTIVE~1\Desktop\ACTIVE~1.BMP HKU\S-1-5-21-198903158-1304534811-4163729061-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: BthHFSrv => 3 MSCONFIG\Services: CS_AutoUpdate => 2 MSCONFIG\Services: CS_BandwidthGuard => 2 MSCONFIG\Services: CS_SysMsgProxy => 2 MSCONFIG\Services: EaseUS Agent => 2 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: MacriumService => 2 MSCONFIG\Services: NitroDriverReadSpool10 => 2 MSCONFIG\Services: NitroUpdateService => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: XboxNetApiSvc => 3 HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk" HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "StartCN" HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "SDTray" HKLM\...\StartupApproved\Run: => "Brdefprn" HKLM\...\StartupApproved\Run: => "Reflect UI" HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run: => "DelaypluginInstall" HKLM\...\StartupApproved\Run: => "UnlockerAssistant" HKLM\...\StartupApproved\Run: => "EaseUS EPM Tray Agent" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "iSkysoft Helper Compact.exe" HKLM\...\StartupApproved\Run: => "MalTray" HKLM\...\StartupApproved\Run: => "Avira SystrayStartTrigger" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "Capture2Text.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "EmEditor.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "WP.EXE.pif" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "Hangouts.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "Sidebar" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08BC2BD8F1B6BE4ACC60C8748C6E102" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "WinPatrol" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "movavi_videoconverter_agent" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GarminExpress" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GUDelayStartup" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "Opera Browser Assistant" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B556209A-36FE-478C-BF05-62D82AC5CC97}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{DDB5508A-F54E-45AF-AFDB-4A9E2DBF5A49}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{C98057C4-C004-4F9B-8873-6A67ED196A97}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{28925ED5-09D0-4EC9-A346-B0A4D1AA9A3E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{E8C9A1B0-47A6-4F62-8A46-D465CF4D93C3}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{FD9E605F-D3B6-4DF8-8B06-0425F231C116}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{62093499-5548-461D-BD5B-87202DDC614E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{D90CFB49-AA8A-4CEC-9EA7-6EEAB63915EB}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{600C3D93-A2D1-4BC7-96B9-433FF8CE5628}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{124B68D4-70C4-40A4-BFEA-68B66571B712}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{76853AFE-D283-497C-82E0-C1BBDAD063D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F9118A2E-AB5F-4D35-842B-9A319101F423}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{27268B28-B4BD-4E57-AD8B-B1C394B6E94F}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{8716BF26-62D9-4E5C-9614-D372215A5C9C}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{974ADDF1-3D2C-4876-ACFA-21E0A9C11639}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5CF94C9D-0AC4-4FF9-AA7E-E8904C425C4C}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DE116F64-59E4-42C2-ADA5-A9C757C3679E}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{3F7ACDD1-26BA-4E48-B793-F59E307EC654}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{3C4F92F0-9561-4B22-AEB4-6B14CE2AFA59}] => (Block) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{FD609144-6454-4F6D-B079-D0AF05F3EEBB}] => (Allow) LPort=1900 FirewallRules: [{9D022D4F-A97E-4D8C-A7F7-19FFDA484A5F}] => (Allow) LPort=2869 FirewallRules: [{350821B3-5E57-454C-BFA5-D10526632D17}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{96329BFC-08DB-43C1-9DEE-D1A68B1EACD2}C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> MightyText) FirewallRules: [TCP Query User{872D03CB-52E1-4B43-ADDE-B0423EC5ACD7}C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> MightyText) FirewallRules: [{EDD5C10C-1D2E-4CD0-9F32-5E1229423B3B}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{B1435707-5F84-470D-BA50-6608147CC8B0}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [TCP Query User{70CC872C-4D2B-4D4F-8DFE-619A6C2108EB}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [UDP Query User{301491AE-FA03-42DD-808E-B984FA414B9D}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [TCP Query User{A8CB4212-1C86-4249-BA25-03AD562B62A5}C:\program files\utorrent\utorrent.exe] => (Allow) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [UDP Query User{8CA7331B-BF15-4754-9E44-A003E64AE505}C:\program files\utorrent\utorrent.exe] => (Allow) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [TCP Query User{AF5EC40D-8225-47F5-A4AB-EA43EC721C10}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{BF3DEE44-EC79-4424-82C1-B2E13D890B45}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{76E50CB4-491D-4404-9EAB-F6576CFA5FAE}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{38BDED24-3647-4FAC-A122-D563C7EC6ECF}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{F0BF3433-9606-4D62-A95A-66DC6D6D0DCD}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll () [File not signed] FirewallRules: [{5DA517D1-B16B-480D-9BC8-F94A32230640}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll () [File not signed] FirewallRules: [TCP Query User{FDBB0FAD-F4F1-4DA5-A779-6A8BD63DF475}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{3E514C03-5B9C-41BE-9DA0-D8A81900DC72}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{AF568467-AAE6-490F-A8D8-472AFAFCF5F1}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio) FirewallRules: [UDP Query User{6FE2E8FE-E370-42D8-AC11-337649CDCCBC}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio) FirewallRules: [{E66B7B91-F430-4BEF-91DC-A33A915C07E2}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E6BB0410-FA8C-4B32-8E24-E45751DD0AB4}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F4EFF175-6AEE-4EA3-9539-0C7002CA1EFA}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{5F42FD6D-C2F5-4E15-9538-0435792657C2}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{36E12D92-F0BF-4424-8D18-01901ADC05D8}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{4A0EEB64-25A8-4610-A523-0D6E0E11D2ED}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{36E22BDE-6A19-4AA4-920A-5F58C7AF8AB4}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{BA6D2789-98DB-43F7-A73C-2FDD716789DE}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{B5032685-1E18-4C5D-A5D0-6FAEA921B862}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B243945F-F122-4395-BCC0-63EC184CBF91}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{1D1A4C4C-EB8C-4A06-928A-5CF7D665C279}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E4A8FE02-A2F7-4DEE-BA9B-978638D57668}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{1BFA5FB8-AC11-47CA-80D1-8B7B9B96130E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) StandardProfile\AuthorizedApplications: [C:\Program Files\Tomabo\MP4 Downloader Pro\MP4DownloaderPro.exe] => Enabled:MP4 Downloader Pro StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:111.79 GB) (Free:36.35 GB) (33%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/08/2021 06:30:51 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (02/08/2021 06:30:51 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (02/08/2021 04:55:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: firefox.exe, version: 50.0.0.6152, time stamp: 0x581d78ba Faulting module name: msaud32_divx.acm, version: 8.0.0.4487, time stamp: 0x3dd50000 Exception code: 0xc0000005 Fault offset: 0x00052170 Faulting process ID: 0xdc8 Faulting application start time: 0x01d6fdd960c9f7fb Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\WINDOWS\SYSTEM32\msaud32_divx.acm Report ID: c6e2e440-cb76-4dbc-9d1e-f823a338b48c Faulting package full name: Faulting package-relative application ID: Error: (02/07/2021 07:50:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchApp.exe, version: 10.0.19041.546, time stamp: 0x030dd797 Faulting module name: Windows.UI.dll, version: 10.0.19041.746, time stamp: 0x05b3f1f6 Exception code: 0xc0000409 Fault offset: 0x0006114d Faulting process ID: 0x70c Faulting application start time: 0x01d6fd2c28822dde Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\Windows\System32\Windows.UI.dll Report ID: cc7f446a-b6c6-498e-badc-350e5ac37e44 Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Error: (02/06/2021 10:05:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d Faulting module name: npdf.dll, version: 13.24.1.467, time stamp: 0x5f23061c Exception code: 0xc00000fd Fault offset: 0x00640259 Faulting process ID: 0x20a4 Faulting application start time: 0x01d6fc65b883d9e4 Faulting application path: C:\WINDOWS\system32\DllHost.exe Faulting module path: C:\Program Files\Nitro\Pro\13\npdf.dll Report ID: 6fbbed7d-8471-432f-850d-b05e7f3ff9cd Faulting package full name: Faulting package-relative application ID: Error: (02/06/2021 09:40:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program TeamViewer.exe version 15.14.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1a10 Start Time: 01d6fc6d87887cf5 Termination Time: 4294967295 Application Path: C:\Program Files\TeamViewer\TeamViewer.exe Report Id: 1e15d724-6cd0-4b82-8e39-c32dc5aaaede Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (02/06/2021 05:22:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: express.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 13715D4E Stack: Error: (02/06/2021 10:35:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "S:\Process Explorer\procexp64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (02/08/2021 09:32:09 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error. Error: (02/08/2021 09:32:07 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error. Error: (02/08/2021 09:32:07 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error. Error: (02/08/2021 09:32:07 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error. Error: (02/08/2021 09:32:07 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error. Error: (02/08/2021 09:32:07 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error. Error: (02/08/2021 09:32:06 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error. Error: (02/08/2021 09:32:06 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error. CodeIntegrity: =================================== Date: 2021-02-08 23:07:54.6580000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-02-08 23:07:30.3820000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-02-08 23:02:53.5510000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-02-08 22:57:52.4470000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-02-08 22:57:30.1550000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-02-08 22:52:51.3510000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-02-08 22:47:50.2130000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-02-08 22:47:30.2440000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Award Software International, Inc. FD 02/01/2011 Motherboard: Gigabyte Technology Co., Ltd. X58A-UD5 Processor: Intel(R) Core(TM) i7 CPU X 990 @ 3.47GHz Percentage of memory in use: 87% Total physical RAM: 3582.42 MB Available physical RAM: 452.18 MB Total Virtual: 7166.42 MB Available Virtual: 2004.61 MB ==================== Drives ================================ Drive a: (BACKUP) (Removable) (Total:14.83 GB) (Free:3.58 GB) FAT32 Drive c: (Blaze) (Fixed) (Total:111.79 GB) (Free:36.34 GB) NTFS ==>[system with boot components (obtained from drive)] Drive t: (Downloads) (Fixed) (Total:111.79 GB) (Free:25.09 GB) NTFS Drive x: (MyDox) (Fixed) (Total:111.79 GB) (Free:57.94 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows XP) (Size: 14.8 GB) (Disk ID: 74A96E33) Partition 1: (Active) - (Size=14.8 GB) - (Type=0C) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 456B9985) Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (Size: 111.8 GB) (Disk ID: 4116466D) Partition: GPT. ========================================================== Disk: 3 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 7F90DAF7) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================