Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2021 01 Ran by Joe (09-02-2021 21:41:50) Running from C:\Program Files\Farbar Microsoft Windows 10 Pro Version 20H2 19042.746 (X86) (2020-11-03 01:46:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-198903158-1304534811-4163729061-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-198903158-1304534811-4163729061-503 - Limited - Disabled) Guest (S-1-5-21-198903158-1304534811-4163729061-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-198903158-1304534811-4163729061-1002 - Limited - Enabled) Jo (S-1-5-21-198903158-1304534811-4163729061-1007 - Administrator - Enabled) => C:\Users\Jo Joe (S-1-5-21-198903158-1304534811-4163729061-1000 - Administrator - Enabled) => C:\Users\Joe WDAGUtilityAccount (S-1-5-21-198903158-1304534811-4163729061-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8} AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - ) 1001 Jigsaw - Earth Chronicles 7 (HKLM\...\1001 Jigsaw - Earth Chronicles 7_is1) (Version: 1.0 - MyPlayCity, Inc.) 4K Video Downloader (HKLM\...\{7820BD5B-FCF2-4A65-A08E-ECB884B1F399}) (Version: 4.13.4.3930 - Open Media LLC) Active Desktop Calendar 7.96 (HKLM\...\Active Desktop Calendar_is1) (Version: - XemiComputers) Actual Window Manager 8.14.4 (HKLM\...\Actual Windows Manager_is1) (Version: 8.14.4 - Actual Tools) Aidfile recovery software professional version 3.6.6.0 (HKLM\...\{456B239A-C1E0-4178-810E-8E8F09B06877}_is1) (Version: 3.6.6.0 - Mitusoft, Inc.) AirDroid 3.6.9.0 (HKLM\...\AirDroid) (Version: 3.6.9.0 - Sand Studio) Aiseesoft HD Video Converter 8.1.18 (HKLM\...\{3039577D-975E-42fc-89FC-2F1FF42F3FCA}_is1) (Version: 8.1.18 - Aiseesoft Studio) Aiseesoft MP4 Video Converter 9.2.18 (HKLM\...\{75CE1C3D-5B84-4e3b-BC17-246607907E6B}_is1) (Version: 9.2.18 - Aiseesoft Studio) Aiseesoft Total Media Converter 6.2.86 (HKLM\...\{42087B24-ECD8-41d2-8053-E6EB99E5083F}_is1) (Version: 6.2.86 - Aiseesoft Studio) Aiseesoft Total Video Converter 9.2.38 (HKLM\...\Aiseesoft Total Video Converter_is1) (Version: 9.2.38 - Aiseesoft Studio) Aiseesoft Video Converter Ultimate 10.1.8 (HKLM\...\{BD446D04-7426-4a27-9B0B-33B0C386F71B}_is1) (Version: 10.1.8 - Aiseesoft Studio) Aiseesoft Video Converter Ultimate 9.2.62 (HKLM\...\Aiseesoft Video Converter Ultimate_is1) (Version: 9.2.62 - lrepacks.ru) Akamai NetSession Interface (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Allavsoft 3.17.7.7150 (HKLM\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) Allavsoft 3.22.7.7496 (HKLM\...\{6EBED4D8-13D9-4370-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) Altap Salamander 4.0 (x86) (HKLM\...\Altap Salamander 4.0 (x86)) (Version: 4.0 - ALTAP) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) AMP Calendar (HKLM\...\AMP Calendar) (Version: - ) ANT Drivers Installer x86 (HKLM\...\{873F3B3F-043C-488A-B07A-873393379469}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden ANT Drivers Installer x86 (HKLM\...\{D8E7F472-86F6-4E62-AAFB-283D238FEED0}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Any Video Converter Professional 6.3.7 (HKLM\...\Any Video Converter Professional_is1) (Version: 6.3.7 - Anvsoft) Any Video Converter Ultimate 6.3.8 (HKLM\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com) AnyMP4 MP4 Converter 7.2.28 (HKLM\...\{116DCE20-DA28-44fb-9C04-DDE2AD05AC8C}_is1) (Version: 7.2.28 - AnyMP4 Studio) AOMEI Backupper Professional (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.) AOMEI Partition Assistant 8.10 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI International Network Limited.) Apowersoft Streaming Audio Recorder 4.3.4.0 1.0.0 (HKLM\...\Apowersoft Streaming Audio Recorder 4.3.4.0 1.0.0) (Version: 1.0.0 - Crackingpatching.com Team) Apowersoft Video Converter Studio 4.8.4.24 (HKLM\...\Apowersoft Video Converter Studio 4.8.4.24) (Version: 1.0.0.1 - Crackingpatching.com Team) Apowersoft Video Converter Studio V4.8.4.24 (HKLM\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.8.4.24 - APOWERSOFT LIMITED) Audacity 2.4.2 (HKLM\...\Audacity_is1) (Version: 2.4.2 - Audacity Team) AutoHotkey 1.1.33.01 (HKLM\...\AutoHotkey) (Version: 1.1.33.01 - Lexikos) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software) AVS Video Converter 12.1.4 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 12.1.4.672 - Online Media Technologies Ltd.) Belarc Advisor 9.0 (HKLM\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.) Bigasoft Video Downloader Pro 3.23.0.7627 (HKLM\...\{C7056BA6-D954-43A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation) Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.) Boilsoft Video Splitter 6.33 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.) Brother HL-2040 (HKLM\...\{AF5BED47-32A2-4FAE-9706-8F0E0462E838}) (Version: 1.00 - Brother) BurnInTest v9.0 Pro (32-bit) (HKLM\...\BurnInTest_is1) (Version: 9.1.1001.0 - Passmark Software) CapsLord 1.0 (remove only) (HKLM\...\CapsLord) (Version: - ) Casper 8.0 (HKLM\...\{6A58EB2E-5883-4515-910D-699C4396797B}) (Version: 8.0.4422 - Future Systems Solutions, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform) Clipboard Magic version 5.05 (HKLM\...\Clipboard Magic_is1) (Version: 5.05 - CyberMatrix Corporation, Inc.) CloseAll (HKLM\...\CloseAll) (Version: 3.0 - NTWind Software) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) CPUID CPU-Z 1.95 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.95 - CPUID, Inc.) D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DiskGenius 5.3.0 (HKLM\...\{2661F2FA-56A7-415D-8196-C4CB3D3ACFFE}_is1) (Version: - Eassos Co., Ltd.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) EaseUS Partition Master 13.0 Trial Edition (HKLM\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS) EasiestSoft Video Converter 3.3.1 (HKLM\...\{62540757-EAF0-B027-F7F8-CD5A8A0DC9BA}_is1) (Version: 3.3.1 - EasiestSoft International LLC.) Eassos PartitionGuru 4.9.5 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.) Easy Video Splitter 1.28 (HKLM\...\Easy Video Splitter_is1) (Version: - DoEasier Tech Inc) Elevated Installer (HKLM\...\{C913E211-2AC5-4BA8-8AC3-4B2814371BD3}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden EmEditor (32-bit) (HKLM\...\{87E57ED7-E591-4DFD-8FD5-0F253EF425B3}) (Version: 19.0.0 - Emurasoft, Inc.) EmEditor Help (English) (HKLM\...\{613A955D-A807-4489-B423-1CEDE0676739}) (Version: 15.7.1 - Emurasoft, Inc.) Epic Pen (HKLM\...\Epic Pen_is1) (Version: v3.7.31.0 - TANK Studios LTD) Epic Pen Pro 3.7.28 (HKLM\...\Epic Pen Pro 3.7.28) (Version: 3.7.28 - Crackingpatching.com Team) Evaer Video Recorder for Skype 1.6.5.11 (HKLM\...\Evaer Video Recorder for Skype) (Version: 1.6.5.11 - Evaer Technology) Everyday Jigsaw (HKLM\...\Everyday Jigsaw) (Version: - ) Faasoft Video Converter 5.2.24.5621 (HKLM\...\{C6FE6897-0A65-4474-8EF7-E7AF11F8F239}_is1) (Version: - Faasoft Corporation) FileSeek 6.4 (HKLM\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 6.4.0.0 - Binary Fortress Software) Firefox Preloader (HKLM\...\Firefox Preloader_is1) (Version: 1.0.366.0 - 6XGate Incorporated) Folder Size Explorer (HKLM\...\{7C3E7EA4-DCEC-4E49-8459-B6F15DBD9795}) (Version: 1.7.1 - Bazwise) FormatFactory 4.10.0.0 (HKLM\...\FormatFactory) (Version: 4.10.0.0 - Free Time) FotoTagger 2.13.0.1 (HKLM\...\FotoTagger) (Version: 2.13.0.1 - Cogitum) Free Launch Bar (HKLM\...\{1574CBD4-1656-420c-B553-E16F01E74C0F}) (Version: 2.0 - Tordex) Free M4a to MP3 Converter 9.7 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free MPG Player (HKLM\...\{254E7ACE-402F-4CA4-951F-9C5F0B00AF1A}) (Version: 1.0.0 - Free MPG Player) Free Video Flip and Rotate version 2.1.6.128 (HKLM\...\Free Video Flip and Rotate_is1) (Version: 2.1.6.128 - DVDVideoSoft Ltd.) Free Video Joiner (HKLM\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com) Free WebM to MP3 Converter (32-bit) 1.2 (HKLM\...\{E359DE7A-892A-4E9F-B2D6-7487C4AA7FB6}_is1) (Version: 1.2 - Jacek Pazera) Freemake Video Converter version 4.2.0 (HKLM\...\Freemake Video Converter_is1) (Version: 4.2.0 - Ellora Assets Corporation) Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.8.4 - Ellora Assets Corporation) Garmin City Navigator Aus and NZ NT 2017.20 (HKLM\...\{3E711870-B474-4277-AE21-481DEAD361B3}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin City Navigator Australia And New Zealand NT 2012.40 Update (HKLM\...\{5E34337E-9BE4-4D72-9C61-77769BD72855}) (Version: 12.40.0.0 - Garmin Ltd or its subsidiaries) Garmin City_Navigator_Aus_and_NZ_NT_2021_10___HERE (HKLM\...\{80FF9FD3-4A72-4D01-8157-AEB60C92303D}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM\...\{3EF3A6E8-CCBF-492E-B179-28838182B8F0}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express (HKLM\...\{e174e9f0-1f1d-4284-b0d1-238b43f8ac1b}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{E31435FE-F0B7-4A62-BE46-BD166A1EEFFB}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{5EF98E1C-3912-40EA-A8C1-25772D9F1762}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Hidden Garmin WebUpdater (HKLM\...\{f1c8f03d-88bd-432d-80d1-782d4fac96b2}) (Version: 2.5.7 - Garmin Ltd or its subsidiaries) Glary Utilities PRO 5.158 (HKLM\...\Glary Utilities 5) (Version: 5.158.0.184 - Glarysoft Ltd) GOM Player (HKLM\...\GOM Player) (Version: 2.3.42.5304 - GOM & Company) Google Chrome (HKLM\...\Google Chrome) (Version: 88.0.4324.146 - Google LLC) Google Earth Pro (HKLM\...\{59F21DFB-6977-434B-9CB9-67783D6E7B6B}) (Version: 7.3.3.7786 - Google) Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GoTo Opener (HKLM\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.) Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot) HandBrake 1.0.7 (HKLM\...\HandBrake) (Version: 1.0.7 - ) Hard Disk Sentinel PRO (HKLM\...\Hard Disk Sentinel_is1) (Version: 5.61 - Janos Mathe) HD Video Converter Factory Pro 17.1 (HKLM\...\HD Video Converter Factory Pro_is1) (Version: 17.1 - lrepacks.ru) HD Video Converter Factory Pro 19.2 (HKLM\...\HD Video Converter Factory Pro) (Version: 19.2 - WonderFox Soft, Inc.) Helium Audio Joiner (build 331) (HKLM\...\{1C7BCE67-6479-4D56-AD92-E50479028171}_is1) (Version: 1.9.0.331 - Imploded Software) Ico Converter 1.3 (HKLM\...\IcoConverter) (Version: - Tomatosoft) IcoFX 2.0 (HKLM\...\IcoFX_is1) (Version: - ) ICQ (version 10.0.12417) (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\icq.desktop) (Version: 10.0.12417 - ICQ) iDealshare VideoGo 7.0.4.6443 (HKLM\...\{CC4C06C4-7C78-4AAB-B5AF-33FB11CCD860}_is1) (Version: - iDealshare Corporation) ImTOO Video Converter Ultimate (HKLM\...\ImTOO Video Converter Ultimate) (Version: 7.8.24.20200219 - ImTOO) Ink2Go (HKLM\...\{6F884302-FE97-4024-ADE3-6415E0F3D372}) (Version: 1.6.0 - EyePower Games) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: 6.32.8 - Tonek Inc.) IrfanView 4.57 (32-bit) (HKLM\...\IrfanView) (Version: 4.57 - Irfan Skiljan) iSkysoft Helper Compact 2.5.2 (HKLM\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft) iSkysoft Video Converter Ultimate(Build 11.5.0.24) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 11.5.0.24 - iSkysoft Software) ISO2Disc 1.10 (HKLM\...\ISO2Disc_is1) (Version: - Top Password Software, Inc.) JPG to PDF Converter 1.1 (HKLM\...\JPG to PDF Converter) (Version: 1.1 - ) Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kleptomania version 5.0 (HKLM\...\{59C08933-1E83-4A8B-A2A9-FD895CFCC95D}_is1) (Version: 5.0 - StructuRise) K-Lite Codec Pack 15.9.5 Standard (HKLM\...\KLiteCodecPack_is1) (Version: 15.9.5 - KLCP) KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.2.2.44 - PandoraTV) KraiSoft Games Launcher (HKLM\...\KraiSoft Games Launcher) (Version: - ) Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1 (HKLM\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.) Macro Express Pro (HKLM\...\Macro Express Pro) (Version: 4.3.0.1 - Insight Software Solutions, Inc.) Malware Hunter 1.117.0.710 (HKLM\...\Malware Hunter) (Version: 1.117.0.710 - Glarysoft Ltd) Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes) MediaHuman Audio Converter version 1.9.7 (HKLM\...\MHAudioConverter_is1) (Version: 1.9.7 - MediaHuman) MediaInfo 19.09 (HKLM\...\MediaInfo) (Version: 19.09 - MediaArea.net) Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation) Microsoft Edge Update (HKLM\...\Microsoft Edge Update) (Version: 1.3.139.71 - ) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Teams) (Version: 1.3.00.13565 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Debugging Symbols (HKLM\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft) Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) MightyText (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\MightyText) (Version: 5.3.1 - MightyText) MKV to MP3 Converter 5.0.1 (HKLM\...\MKV to MP3 Converter) (Version: 5.0.1 - FreeStar) Movavi Video Editor Plus v21.0.0 (HKLM\...\Movavi Video Editor 21 Plus_is1) (Version: 21.0.0 - Movavi (RePack by Dodakaedr)) Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 50.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla) Mp3tag v3.05 (HKLM\...\Mp3tag) (Version: 3.05 - Florian Heidenreich) MP4 Downloader Pro 3 (HKLM\...\MP4 Downloader Pro_is1) (Version: - Tomabo) NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect) NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - ) NirSoft RegScanner (HKLM\...\NirSoft RegScanner) (Version: - ) NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version: - ) Nitro Pro (HKLM\...\{0D8F26C8-A908-4877-9788-001C0BDE3240}) (Version: 13.24.1.467 - Nitro) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) PicPick (HKLM\...\PicPick) (Version: 5.1.3 - NGWIN) Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden Point Position 1.0 (HKLM\...\Point Position 1.0) (Version: 1.0 - Vasilios Applications) PowerISO (HKLM\...\PowerISO) (Version: 6.3 - Power Software Ltd) Presentation Assistant V3.0.1 (HKLM\...\Presentation Assistant_is1) (Version: - www.presentation-assistant.com) Pushbullet version 338 (HKLM\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc) Rainmeter (HKLM\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter) Readiris 17 (HKLM\...\{8ACAE85F-B250-4543-9AD8-734474B3BA20}) (Version: 17.01.11945 - I.R.I.S.) RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Recover My Files (HKLM\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd) Registrar Registry Manager 9.01 (HKLM\...\Registrar32_is1) (Version: - Resplendence Software Projects Sp.) Registrar Registry Manager 9.01 build 901.30525 Retail (HKLM\...\Registrar Registry Manager 9.01 build 901.30525 Retail) (Version: 1.0.01 - Crackingpatching.com Team) Revo Uninstaller Pro 4.3.3 (HKLM\...\Revo Uninstaller Pro_is1) (Version: 4.3.3 - lrepacks.ru) Revo Uninstaller Pro 4.4.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.0 - VS Revo Group, Ltd.) Screenpresso (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Screenpresso) (Version: 1.7.0.0 - Learnpulse) Security Task Manager 2.4 (HKLM\...\Security Task Manager) (Version: 2.4 - Neuber Software) SiSoftware Sandra Business 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware) Skype version 8.67 (HKLM\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.) SMPlayer 21.1.0 (HKLM\...\SMPlayer) (Version: 21.1.0 - Ricardo Villalba) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Spotify (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Spotify) (Version: 1.1.48.625.g1c87c7f7 - Spotify AB) Stellar Repair for Video (HKLM\...\Stellar Repair for Video_is1) (Version: 4.0.0.0 - Stellar Information Technology Pvt Ltd.) Streaming Audio Recorder V4.3.4.0 (32-bit) (HKLM\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 4.3.4.0 - Apowersoft LIMITED) Tame version 6.0d (remove only) (HKLM\...\Tame 6.0d) (Version: - ) TeamViewer (HKLM\...\TeamViewer) (Version: 15.14.3 - TeamViewer) Telegram Desktop version 2.5.8 (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.8 - Telegram FZ-LLC) TeraCopy 3.0 RC (HKLM\...\TeraCopy_is1) (Version: - Code Sector) TeraCopy v3.0 (HKLM\...\TeraCopy v3.0) (Version: v3.0 - Code Sector) Text Monkey Lite (HKLM\...\Text Monkey Lite) (Version: - ) TreeSize V7.1.3 (HKLM\...\TreeSize_is1) (Version: 7.1.3 - JAM Software) Ultra Video Joiner 6.4.1010 (HKLM\...\Ultra Video Joiner_is1) (Version: - Aone Software) Ultra Video Splitter 6.4.1010 (HKLM\...\Ultra Video Splitter_is1) (Version: - Aone Software) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) vDosWP (HKLM\...\{49883946-559B-4FE0-866F-7674B9516A75}_is1) (Version: 2018.10.14 - wpdos.org) VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden Viber (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.) Video Downloader (HKLM\...\{8B6202FD-3790-4DD4-B343-51736F7FF4E5}) (Version: 1.2.0 - RealNetworks) Hidden VideoProc (HKLM\...\VideoProc) (Version: 3.5 - Digiarty, Inc.) VideoProc 3.6 (HKLM\...\VideoProc_is1) (Version: 3.6 - lrepacks.ru) VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN) VSDC Free Video Editor version 6.6.4.264 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.6.4.264 - Flash-Integro LLC) VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.40 - VSO Software) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.16.1.0 - Winaero) WinAVI Video Converter (HKLM\...\WinAVI Video Converter) (Version: 11.5.1.4360 - ZJMedia Digital Technology Ltd.) Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Winja version 4.1.0 (HKLM\...\Winja_is1) (Version: 4.1.0 - Phrozen SAS) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 6.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) WinX HD Video Converter Deluxe 5.16.2 (HKLM\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.) WinX YouTube Downloader (HKLM\...\WinX YouTube Downloader) (Version: 5.5 - Digiarty, Inc.) Wireless-G PCI Adapter (HKLM\...\{88742616-A6E9-4C7E-9665-B625799541FB}) (Version: - ) Wise Duplicate Finder 1.3.4.42 (HKLM\...\Wise Duplicate Finder_is1) (Version: 1.3.4.42 - lrepacks.ru) WonderFox DVD Video Converter 21.3 (HKLM\...\WonderFox DVD Video Converter) (Version: 21.3 - WonderFox Soft, Inc.) Wondershare AllMyTube(Build 7.4.9.2) (HKLM\...\AllMyTube_is1) (Version: 7.4.9.2 - Wondershare) Wondershare Filmora(Build 7.8.9) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.3 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare) Wondershare UniConverter(Build 11.7.4.2) (HKLM\...\UniConverter_is1) (Version: 11.7.4.2 - Wondershare Software) Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.8.23.20180925 - Xilisoft) Xperia Companion (HKLM\...\{5b7c1b25-5fb6-442c-a1b5-cb8dfc2267bf}) (Version: 2.8.3.0 - Sony) Xperia Companion (HKLM\...\{66EABD35-6233-4926-9AB1-AB31CC6BC7D9}) (Version: 2.8.3.0 - Sony) Hidden Xperia Companion Service (HKLM\...\{E41065E8-67E2-448F-940C-FF9D7C51E4E3}) (Version: 2.8.3.0 - Sony) Hidden Zoom (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Corporation) FreeCell Solitaire Classic Free -> C:\Program Files\WindowsApps\9785PokerCardGames.FreeCellSolitaireClassicFree_1.0.1.0_x86__8mnangg4fsb1t [2020-09-22] (Poker Card Games) IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [2019-04-01] (Tonec Inc.) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2018-12-09] (Instagram) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2020-11-03] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Studios) [MS Ad] mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x86__c9d6r4qvva5x8 [2019-12-22] (Up to Eleven Digital Solutions GmbH) Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x86__kzf8qxf38zg5c [2021-01-29] (Skype) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.9.49.0_x86__43tkc6nmykmb6 [2019-12-24] (Ookla) Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.13242.0_x86__8wekyb3d8bbwe [2018-12-09] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x86\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{C78B614F-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx86.dll (Fine spol. s r.o. -> ALTAP) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x86\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57}\InprocServer32 -> C:\Users\Joe\AppData\Local\Programs\EmEditor\emedshl.dll (Emurasoft, Inc. -> Emurasoft, Inc.) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> no filepath ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] () [File not signed] ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers5: [Actual Window Manager] -> {CE577978-3FCA-430D-B0CE-D637788F9C5A} => C:\Program Files\Actual Window Manager\ActualWindowManagerShellExtension.dll [2020-10-11] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2020-08-22] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers6: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files\Tomabo\MP4 Downloader Pro\MP4C_WS.dll [2015-07-21] (Tomabo) [File not signed] ContextMenuHandlers6: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files\Tomabo\MP4 Downloader Pro\MP4P_WS.dll [2015-07-21] (Tomabo) [File not signed] ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] () [File not signed] ContextMenuHandlers1_S-1-5-21-198903158-1304534811-4163729061-1000: [EmEditor] -> {DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57} => C:\Users\Joe\AppData\Local\Programs\EmEditor\emedshl.dll [2019-07-30] (Emurasoft, Inc. -> Emurasoft, Inc.) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [msacm.divxa32] => C:\WINDOWS\system32\msaud32_divx.acm [186368 2003-02-03] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MPG4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed] HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed] HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed] HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed] HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed] HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed] HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [File not signed] HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Joe\Desktop\Chrome BookMarks.lnk -> C:\Data\Batch Files\Macro Express\ExportChromeBookMarks.bat () Shortcut: C:\Users\Joe\Desktop\DeskTopView.lnk -> C:\Data\Batch Files\Macro Express\DeskTopView.bat () Shortcut: C:\Users\Joe\Desktop\EmptyIDM.lnk -> C:\Data\Batch Files\Macro Express\EmptyIDM.bat () Shortcut: C:\Users\Joe\Desktop\FFB'kMarks.lnk -> C:\Data\Batch Files\Macro Express\SaveFFBookMarks.bat () Shortcut: C:\Users\Joe\Desktop\Quicklaunch.lnk -> C:\Data\Batch Files\DOS or CMD\QuickLaunch.bat () Shortcut: C:\Users\Joe\Desktop\Restart.lnk -> C:\Data\Batch Files\DOS or CMD\Restart.bat () Shortcut: C:\Users\Joe\Desktop\Shutdown.lnk -> C:\Data\Batch Files\DOS or CMD\Shutdown.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autohotkey.lnk -> C:\Data\Batch Files\Autohotkey\autohotkey.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ADC close & copy.lnk -> C:\Data\Batch Files\Autohotkey\close & copy ADC.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Greenshot.lnk -> C:\Data\Batch Files\Macro Express\Greenshot.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KillGreenshot.lnk -> C:\Data\Batch Files\DOS or CMD\KillGreenshot.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MultiLaunch.lnk -> C:\Data\Batch Files\DOS or CMD\MultiLaunch.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Rare\StartUps - backing up.lnk -> C:\Data\Batch Files\DOS or CMD\StartUps.bat () ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\(20+) Messenger _ Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jjkeojnabmnhemlflkpnpfggneahjkjn ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Creating an internet shortcut fails _.._.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=djcnpbhjfgpighcllplapphngaaockbd ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hangouts (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=deigijodonbmdapahgkdjljmcngipaab ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hangouts.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=deigijodonbmdapahgkdjljmcngipaab ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Messenger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cikmbkiaomfbeknnagjbfgfckhlbnjnj ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MightyText.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pambkebinhmagehedjcpghjfbcociiak ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MightyTextTest.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=andmpiilbgodiefijhcneadhegcolaoe ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pushbullet Settings.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jinnpgkhgbkooiphbamlonfpcedokdah ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pushbullet.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ogpfcbagkcllmmkfdceimppcikancjan ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sendleap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\sydney time.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dahalpfpibpddfpdcfgmpjelnldolich ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\12acfffc61da8ee6\SendLeap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Comms\Messenger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cikmbkiaomfbeknnagjbfgfckhlbnjnj ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Comms\Sendleap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Rare\MightyText Test.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=andmpiilbgodiefijhcneadhegcolaoe ==================== Loaded Modules (Whitelisted) ============= 2021-02-09 18:11 - 2021-02-09 18:11 - 000470016 _____ () [File not signed] \\?\C:\Users\Joe\AppData\Local\Temp\eb8cc16a-74f4-47ee-8ff0-39ff3caa9874.tmp.node 2017-12-03 09:37 - 2017-10-16 01:21 - 003420672 _____ () [File not signed] C:\Program Files\Kleptomania\TextractSmart.dll 2020-05-30 17:49 - 2008-07-04 10:41 - 000002048 _____ () [File not signed] C:\Program Files\Mahjong\slc.dll 2017-01-02 17:19 - 2016-09-19 12:08 - 000622080 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll 2010-07-05 08:32 - 2010-07-05 08:32 - 000010752 _____ () [File not signed] C:\Program Files\Unlocker\UnlockerCOM.dll 2012-01-10 08:22 - 2011-11-23 15:59 - 000035840 _____ () [File not signed] C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 001990144 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\ffmpeg.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 000115712 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\libegl.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 006668800 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\libglesv2.dll 2020-11-03 12:36 - 2020-11-03 12:36 - 008007680 _____ () [File not signed] C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll 2018-07-25 09:16 - 2003-03-25 05:49 - 000098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) [File not signed] C:\WINDOWS\system32\L3CODECX.AX 2020-07-03 01:38 - 2011-06-28 07:35 - 000072192 _____ (Insight Software Solutions, Inc.) [File not signed] C:\Program Files\Macro Express Pro\mexhook.dll 2021-01-03 23:59 - 2020-07-14 05:37 - 000612352 _____ (Tabibito Technology) [File not signed] C:\Program Files\K-Lite Codec Pack\Icaros\32-bit\IcarosPropertyHandler.dll 2016-02-13 03:17 - 2016-02-13 03:17 - 001170944 _____ (TameDOS) [File not signed] C:\WINDOWS\System32\TameVdd.Dll 2009-04-14 09:14 - 2009-04-14 09:14 - 001527808 _____ (TrueSoft) [File not signed] C:\Program Files\FreeLaunchBar\flb.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation) DPF: {9732FB42-C321-11D1-836F-00A0C993F125} hxxp://www.pcpitstop.com/mhLbl.cab Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.) Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.) (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7942 more sites. IE trusted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\garmin.com -> hxxps://my.garmin.com IE trusted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\localhost -> localhost IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123simsen.com -> www.123simsen.com There are 7947 more sites. IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123simsen.com -> www.123simsen.com There are 7942 more sites. ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-02-09 15:40 - 2021-02-09 15:40 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Deskshare\My Screen Recorder Pro 3\;C:\Program Files\Windows Live\Shared;C:\Program Files\AMD\ATI.ACE\Core-Static;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\AOMEI Backupper HKU\S-1-5-21-198903158-1304534811-4163729061-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\XEMICO~1\ACTIVE~1\Desktop\ACTIVE~1.BMP HKU\S-1-5-21-198903158-1304534811-4163729061-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: BthHFSrv => 3 MSCONFIG\Services: CS_AutoUpdate => 2 MSCONFIG\Services: CS_BandwidthGuard => 2 MSCONFIG\Services: CS_SysMsgProxy => 2 MSCONFIG\Services: EaseUS Agent => 2 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: MacriumService => 2 MSCONFIG\Services: NitroDriverReadSpool10 => 2 MSCONFIG\Services: NitroUpdateService => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: XboxNetApiSvc => 3 HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk" HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "StartCN" HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "SDTray" HKLM\...\StartupApproved\Run: => "Brdefprn" HKLM\...\StartupApproved\Run: => "Reflect UI" HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run: => "DelaypluginInstall" HKLM\...\StartupApproved\Run: => "UnlockerAssistant" HKLM\...\StartupApproved\Run: => "EaseUS EPM Tray Agent" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "iSkysoft Helper Compact.exe" HKLM\...\StartupApproved\Run: => "MalTray" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "Capture2Text.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "EmEditor.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "WP.EXE.pif" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "Hangouts.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08BC2BD8F1B6BE4ACC60C8748C6E102" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "WinPatrol" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "movavi_videoconverter_agent" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GarminExpress" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GUDelayStartup" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "Opera Browser Assistant" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B556209A-36FE-478C-BF05-62D82AC5CC97}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{DDB5508A-F54E-45AF-AFDB-4A9E2DBF5A49}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{C98057C4-C004-4F9B-8873-6A67ED196A97}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{28925ED5-09D0-4EC9-A346-B0A4D1AA9A3E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{E8C9A1B0-47A6-4F62-8A46-D465CF4D93C3}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{FD9E605F-D3B6-4DF8-8B06-0425F231C116}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{62093499-5548-461D-BD5B-87202DDC614E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{D90CFB49-AA8A-4CEC-9EA7-6EEAB63915EB}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{600C3D93-A2D1-4BC7-96B9-433FF8CE5628}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{124B68D4-70C4-40A4-BFEA-68B66571B712}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{76853AFE-D283-497C-82E0-C1BBDAD063D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F9118A2E-AB5F-4D35-842B-9A319101F423}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{27268B28-B4BD-4E57-AD8B-B1C394B6E94F}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{8716BF26-62D9-4E5C-9614-D372215A5C9C}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{974ADDF1-3D2C-4876-ACFA-21E0A9C11639}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> ) FirewallRules: [{5CF94C9D-0AC4-4FF9-AA7E-E8904C425C4C}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> ) FirewallRules: [{DE116F64-59E4-42C2-ADA5-A9C757C3679E}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{3F7ACDD1-26BA-4E48-B793-F59E307EC654}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{3C4F92F0-9561-4B22-AEB4-6B14CE2AFA59}] => (Block) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{FD609144-6454-4F6D-B079-D0AF05F3EEBB}] => (Allow) LPort=1900 FirewallRules: [{9D022D4F-A97E-4D8C-A7F7-19FFDA484A5F}] => (Allow) LPort=2869 FirewallRules: [{350821B3-5E57-454C-BFA5-D10526632D17}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{96329BFC-08DB-43C1-9DEE-D1A68B1EACD2}C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> ) FirewallRules: [TCP Query User{872D03CB-52E1-4B43-ADDE-B0423EC5ACD7}C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> ) FirewallRules: [{EDD5C10C-1D2E-4CD0-9F32-5E1229423B3B}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{B1435707-5F84-470D-BA50-6608147CC8B0}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [TCP Query User{70CC872C-4D2B-4D4F-8DFE-619A6C2108EB}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [UDP Query User{301491AE-FA03-42DD-808E-B984FA414B9D}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [TCP Query User{A8CB4212-1C86-4249-BA25-03AD562B62A5}C:\program files\utorrent\utorrent.exe] => (Allow) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [UDP Query User{8CA7331B-BF15-4754-9E44-A003E64AE505}C:\program files\utorrent\utorrent.exe] => (Allow) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [TCP Query User{AF5EC40D-8225-47F5-A4AB-EA43EC721C10}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{BF3DEE44-EC79-4424-82C1-B2E13D890B45}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{76E50CB4-491D-4404-9EAB-F6576CFA5FAE}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{38BDED24-3647-4FAC-A122-D563C7EC6ECF}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{F0BF3433-9606-4D62-A95A-66DC6D6D0DCD}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll () [File not signed] FirewallRules: [{5DA517D1-B16B-480D-9BC8-F94A32230640}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll () [File not signed] FirewallRules: [TCP Query User{FDBB0FAD-F4F1-4DA5-A779-6A8BD63DF475}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{3E514C03-5B9C-41BE-9DA0-D8A81900DC72}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{AF568467-AAE6-490F-A8D8-472AFAFCF5F1}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio) FirewallRules: [UDP Query User{6FE2E8FE-E370-42D8-AC11-337649CDCCBC}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio) FirewallRules: [{E66B7B91-F430-4BEF-91DC-A33A915C07E2}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> ) FirewallRules: [{E6BB0410-FA8C-4B32-8E24-E45751DD0AB4}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> ) FirewallRules: [{F4EFF175-6AEE-4EA3-9539-0C7002CA1EFA}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{5F42FD6D-C2F5-4E15-9538-0435792657C2}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{36E12D92-F0BF-4424-8D18-01901ADC05D8}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{4A0EEB64-25A8-4610-A523-0D6E0E11D2ED}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{36E22BDE-6A19-4AA4-920A-5F58C7AF8AB4}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{BA6D2789-98DB-43F7-A73C-2FDD716789DE}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{B5032685-1E18-4C5D-A5D0-6FAEA921B862}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B243945F-F122-4395-BCC0-63EC184CBF91}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{1D1A4C4C-EB8C-4A06-928A-5CF7D665C279}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E4A8FE02-A2F7-4DEE-BA9B-978638D57668}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{1BFA5FB8-AC11-47CA-80D1-8B7B9B96130E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) StandardProfile\AuthorizedApplications: [C:\Program Files\Tomabo\MP4 Downloader Pro\MP4DownloaderPro.exe] => Enabled:MP4 Downloader Pro ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:111.79 GB) (Free:37.21 GB) (33%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/09/2021 09:36:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Farbar.exe version 8.2.2021.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3d4 Start Time: 01d6fece9b69c632 Termination Time: 4294967295 Application Path: C:\Program Files\Farbar\Farbar.exe Report Id: 2856bb73-df2e-4cf5-9114-1d352140eff1 Faulting package full name: Faulting package-relative application ID: Hang type: Cross-process System errors: ============= Error: (02/09/2021 09:37:05 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x0 for Disk 4 (PDO name: \Device\0000008a) failed due to a hardware error. Error: (02/09/2021 09:37:05 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x0 for Disk 4 (PDO name: \Device\0000008a) failed due to a hardware error. Error: (02/09/2021 09:37:05 PM) (Source: disk) (EventID: 154) (User: ) Description: The IO operation at logical block address 0x0 for Disk 4 (PDO name: \Device\0000008a) failed due to a hardware error. Error: (02/09/2021 06:10:58 PM) (Source: SNMP) (EventID: 1500) (User: ) Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error: (02/09/2021 06:10:51 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume T: encountered a non-retryable error and could not start. The data contains the error code. Error: (02/09/2021 06:10:49 PM) (Source: PCIESER) (EventID: 18) (User: ) Description: No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found. Error: (02/09/2021 06:10:55 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:48:04 PM on ‎2/‎9/‎2021 was unexpected. Error: (02/09/2021 03:48:07 PM) (Source: SNMP) (EventID: 1500) (User: ) Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. CodeIntegrity: =================================== Date: 2021-02-09 20:11:58.6850000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2021-02-09 19:05:14.0550000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-09 19:05:12.2390000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-09 19:05:12.0670000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-09 19:05:11.7100000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-09 19:05:11.7070000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-09 18:12:57.5750000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-02-09 18:12:57.5630000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Award Software International, Inc. FD 02/01/2011 Motherboard: Gigabyte Technology Co., Ltd. X58A-UD5 Processor: Intel(R) Core(TM) i7 CPU X 990 @ 3.47GHz Percentage of memory in use: 90% Total physical RAM: 3582.42 MB Available physical RAM: 327.93 MB Total Virtual: 7166.42 MB Available Virtual: 1596.7 MB ==================== Drives ================================ Drive a: (BACKUP) (Removable) (Total:14.83 GB) (Free:2.87 GB) FAT32 Drive c: (Blaze) (Fixed) (Total:111.79 GB) (Free:37.21 GB) NTFS ==>[system with boot components (obtained from drive)] Drive t: (Downloads) (Fixed) (Total:111.79 GB) (Free:0.51 GB) NTFS Drive x: (MyDox) (Fixed) (Total:111.79 GB) (Free:57.94 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows XP) (Size: 14.8 GB) (Disk ID: 74A96E33) Partition 1: (Active) - (Size=14.8 GB) - (Type=0C) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 456B9985) Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (Size: 111.8 GB) (Disk ID: 4116466D) Partition: GPT. ========================================================== Disk: 3 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 7F90DAF7) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================