Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021 Ran by Steve (30-01-2021 19:25:19) Running from C:\Users\Steve\Documents\Desktop Windows 10 Pro Version 1909 18363.1316 (X64) (2019-12-05 15:57:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1097580972-3163717967-1959395198-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1097580972-3163717967-1959395198-503 - Limited - Disabled) Guest (S-1-5-21-1097580972-3163717967-1959395198-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1097580972-3163717967-1959395198-1022 - Limited - Enabled) St.Benn (S-1-5-21-1097580972-3163717967-1959395198-1025 - Administrator - Enabled) Steve (S-1-5-21-1097580972-3163717967-1959395198-1001 - Administrator - Enabled) => C:\Users\Steve WDAGUtilityAccount (S-1-5-21-1097580972-3163717967-1959395198-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: TalkTalk Online Defence by F-Secure (Enabled - Up to date) {01EEC97C-28E5-34E7-6F5F-47CED8192856} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Disabled - Out of date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: TalkTalk SuperSafe by F-Secure (Enabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) "Nero SoundTrax Help (HKLM-x32\...\{B96C2601-52F5-4D5D-816A-63469EA311EF}) (Version: 4.0.15.0 - Nero AG) Hidden 64 Bit HP CIO Components Installer (HKLM\...\{FD868C71-6CCF-42E2-B90D-0504AB0036FE}) (Version: 13.2.1 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Advertising Center (HKLM-x32\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Ashampoo Burning Studio 22 (HKLM-x32\...\{91B33C97-9F7C-7409-82CC-D237F12F8FD8}_is1) (Version: 22.0.0 - Ashampoo GmbH & Co. KG) Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology) bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.) Canon Pro9000 II series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series) (Version: - Canon Inc.) Catalyst Control Center Next Localization BR (HKLM\...\{C80C12DC-3959-4028-1681-F2BF00866439}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{B0199EE9-B640-3D24-29F8-99B1C425697A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{8F5D8F15-4A07-E887-C8FD-498804F2522F}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{27D9A3A3-D0D2-2260-A2AA-A7228B6022B6}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{C59870AD-505D-4C9E-B625-D1DE6B1ABF8D}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{38072574-E1D1-9B6C-EAB4-27E207E0B54A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{C7F2F764-33A8-7ED1-8ED9-BD594C814386}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{3B8435FC-47AD-7A7E-BCBD-13DF296DB149}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{1E60CDCF-E4AF-2B49-3473-E9C10C0D6031}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{2459C0BB-C5C8-2FD0-2437-BD92FB666A15}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{58011544-00D2-DD75-4E0D-944AD2D3773D}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{9E93DDED-A342-2621-8B33-A7FDE09E2A15}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{EBCCB5CD-B2B0-6870-DCC3-A7CCCC1B1B68}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{D214F8C8-A231-E193-971C-7D185108F908}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{C078842D-6E39-ACBA-8927-51697B6D89B0}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{CE1A9479-C86A-81A5-729F-9B65120D15E1}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{81DFFE49-771C-3262-99DD-35AB35FEF71A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{56C43946-966D-1B4B-3910-3B4741F9CAF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden ccc-utility (HKLM-x32\...\{25D82366-CF0E-ED2E-F195-1A6F63E3F56D}) (Version: 2013.0830.304.3566 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform) ClipGrab version 3.9.6 (HKLM-x32\...\{73924FFF-7A47-424D-BA45-659BB5CC194A}_is1) (Version: 3.9.6 - The ClipGrab Project) Creative FX Collection (HKLM-x32\...\{331369be-0dad-4c8c-ac3b-66758eb884ca}) (Version: 1.2.10 - AIR Music Tech GmbH) CreativeFXCollection Content (HKLM-x32\...\{ABA4B79E-1981-4F70-BB3D-E9F2B2D4FDE5}) (Version: 1.2.10 - AIR Music Tech GmbH) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DolbyFiles (HKLM-x32\...\{56BE5CC9-95E6-4128-ABEA-968414CA9C80}) (Version: 2.0 - Nero AG) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 114.4.426 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden Eraser 5.8.8 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8.8 - The Eraser Project) Far Cry 5 (HKLM-x32\...\Uplay Install 1803) (Version: - Ubisoft) Free Chess version 2.1.0 (HKLM-x32\...\FreeChess_is1) (Version: 2.1.0 - Jorge Pardo Serrano) Free Folder Hider 12.03 (HKLM-x32\...\Free Folder Hider_is1) (Version: - AuoBAUP, Inc.) Free Video To Audio Converter 2014 4.6.1 (HKLM-x32\...\Free Video To Audio Converter 2014_is1) (Version: - FAEMedia Co., Ltd.) GCH Guitar academy (HKLM-x32\...\GCH Guitar academy) (Version: - ) Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden honestechTVR2.5 (HKLM-x32\...\{ABADD11D-1B48-4F23-BEBA-6B22CE8F5E58}) (Version: 2.5 - honestech) honestechTVR2.5 (HKLM-x32\...\{B1DE0E2A-C1B1-4A61-A622-1F52CB37B183}) (Version: 2.5 - honestech) Hidden iDailyDiary 3.85 (HKLM-x32\...\iDailyDiary_is1) (Version: - Splinterware Software Solutions) Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version: - ) Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - ) ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation) Kodi (HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\Kodi) (Version: - XBMC Foundation) LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes) Macrium Reflect Free Edition (HKLM\...\{7F41F593-1C74-4F9D-9E0E-AD819B4A6222}) (Version: 7.3.5365 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.3 - Paramount Software (UK) Ltd.) Macrorit Partition Expert Free 2019 (HKLM-x32\...\macrorit_mde) (Version: 2019 - Bada Technology Co., Ltd.) Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.29 - PasswdFinder) M-Audio M-Track 2X2 1.0.12 (HKLM\...\{5A747C71-886E-4448-A42E-7211A02E8A4E}) (Version: 1.0.12 - M-Audio) MediaDL (HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\MediaDL) (Version: 2.0 - Zoodotnet Limited) Menu Templates - Starter Kit (HKLM-x32\...\{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}) (Version: 9.0.4.0 - Nero AG) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - ) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Support and Recovery Assistant (HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\f9a89bd2a46a7606) (Version: 17.0.3711.12 - Microsoft Corporation) Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - ) Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation) Movie Templates - Starter Kit (HKLM-x32\...\{BCD82AB5-670D-4242-90FA-1F97103C16CD}) (Version: 9.0.4.0 - Nero AG) Hidden NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation) NVIDIA Graphics Driver 445.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 445.75 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.26 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden OnlineVideoDownloader (HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\OnlineVideoDownloader) (Version: 2.0 - Zoodotnet Limited) osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden Outlook-Backup-Plugin (HKLM-x32\...\{0F56EAC4-11FE-4037-9574-C0745A08949D}) (Version: 1.9.0.0 - CodePlex) PACE License Support Win64 (HKLM\...\{48F777E1-700D-49b8-8314-2A0B2BC57B1B}) (Version: 3.0.1.1373 - PACE Anti-Piracy, Inc.) Hidden PACE License Support Win64 (HKLM-x32\...\InstallShield_{48F777E1-700D-49b8-8314-2A0B2BC57B1B}) (Version: 3.0.1.1373 - PACE Anti-Piracy, Inc.) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.61.004 - Portrait Displays, Inc.) Hidden PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.27.7-r126167-release - Plays.tv, LLC) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) ReadPlease 2003/ReadPlease PLUS 2003 (HKLM-x32\...\ReadPlease 2003_is1) (Version: 2003.1.10 - ReadPlease Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.) Remote Assistant 2.2 (HKLM\...\Remote Assistant) (Version: 2.2 - CloudBerryLab) Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.) Ricochet (HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\{B700250B-D3E2-407F-A534-8818EB8E3D93}_is1) (Version: 1.1.4.0 - ) Screenshot Captor 4.16.1 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - ) SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 3.10.003 - Portrait Displays, Inc.) Hidden Sophos Free Encryption 2.40.1 (HKLM-x32\...\{64C13A35-B44C-47E5-88DC-0916FCE1E7C1}) (Version: 2.40.1.1 - Sophos) SoundTrax (HKLM-x32\...\{3097B151-1F61-4211-A4CC-D70127B226AE}) (Version: 4.0.18.0 - Nero AG) Hidden Stealth Recorder (HKLM-x32\...\{F28E13BF-4F71-4C5B-8AA2-19A8D8836C4C}) (Version: 3.0.0 - Reteli) Strike (HKLM-x32\...\{2c16be49-191d-44fb-9272-bc0516b24472}) (Version: 2.0.7.19000 - AIR Music Tech GmbH) Strike AAX32 (HKLM-x32\...\{80E0A7E7-55A2-45B9-B57D-3441CD4EBE5D}) (Version: 2.0.7.19000 - AIR Music Tech GmbH) Hidden Strike AAX64 (HKLM\...\{B87728CF-F86B-42F1-9C40-85EFBCA4E6F7}) (Version: 2.0.7.19000 - AIR Music Tech GmbH) Hidden Strike Content (HKLM-x32\...\{BB305AF9-9551-41F5-A8F7-2C8F8E080C46}) (Version: 2.0.7.19000 - AIR Music Tech GmbH) Hidden Strike Factory Content (HKLM-x32\...\{8D6625AA-6CB1-4138-9A32-4F192024D113}) (Version: 2.0.7.19000 - AIR Music Tech GmbH) Hidden TalkTalk Online Defence (HKLM-x32\...\{46B8A013-32EE-4158-A401-E25B63FE5D28}) (Version: 17.9 - F-Secure Corporation) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 101.0 - Ubisoft) UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden VideoProc (HKLM-x32\...\VideoProc) (Version: 4.0 - Digiarty, Inc.) Vivaldi (HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\Vivaldi) (Version: 2.11.1811.41 - Vivaldi Technologies AS.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN) VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.33 - VSO-Software SARL) VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.69 - VSO Software) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-2) (Version: 1.1.70.0 - LunarG, Inc.) Hidden WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.) Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers) WinDirStat 1.1.2 (HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\WinDirStat) (Version: - ) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) WordTalkInstall (HKLM-x32\...\{D4481AFF-4218-4CF0-A68C-87E9EBAE3B86}) (Version: 1.0.0 - WordTalk) Packages: ========= NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-20] (NVIDIA Corp.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1097580972-3163717967-1959395198-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\Steve\AppData\Local\Vivaldi\Application\2.11.1811.41\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) CustomCLSID: HKU\S-1-5-21-1097580972-3163717967-1959395198-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Steve\Dropbox [2014-12-16 19:36] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\TalkTalk\OnlineDefence\FsShellExtension64.dll [2020-11-03] (F-Secure Corporation -> F-Secure Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\Windows\System32\erasext.dll [2009-12-16] (Joel Low -> -) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers1: [SGPCMenu] -> {59AF8E81-BE3C-11d5-BE40-00A0244C457F} => C:\Program Files (x86)\Sophos\SafeGuard PrivateCrypto\pcshell.dll [2009-10-08] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] () [File not signed] ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] () [File not signed] ContextMenuHandlers2: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\Windows\System32\erasext.dll [2009-12-16] (Joel Low -> -) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] () [File not signed] ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] () [File not signed] ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\nvshext.dll [2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [PortraitDisplaysContextMenu] -> {8602BDD8-9780-4717-B89A-7F89AF75B2AB} => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\shellmenu64.dll [2013-06-18] (Portrait Displays, Inc. -> Portrait Displays, Inc.) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\Windows\System32\erasext.dll [2009-12-16] (Joel Low -> -) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [SGPCMenu] -> {59AF8E81-BE3C-11d5-BE40-00A0244C457F} => C:\Program Files (x86)\Sophos\SafeGuard PrivateCrypto\pcshell.dll [2009-10-08] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] () [File not signed] ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] () [File not signed] ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2018-04-11 18:23 - 2018-04-11 18:23 - 000033280 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd 2018-04-11 18:23 - 2018-04-11 18:23 - 001780736 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2018-04-11 18:23 - 2018-04-11 18:23 - 001934336 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2018-04-11 18:23 - 2018-04-11 18:23 - 000505856 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2018-04-11 18:23 - 2018-04-11 18:23 - 003812864 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2018-04-11 18:23 - 2018-04-11 18:23 - 000405504 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll 2018-04-11 18:23 - 2018-04-11 18:23 - 000111616 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll 2018-04-11 18:23 - 2018-04-11 18:23 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2018-04-11 18:23 - 2018-04-11 18:23 - 000103424 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2018-04-11 18:23 - 2018-04-11 18:23 - 000173568 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2018-04-11 18:23 - 2018-04-11 18:23 - 000041984 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2014-12-16 12:06 - 2006-12-11 02:14 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll 2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll 2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll 2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll 2009-09-16 11:44 - 2009-09-16 11:44 - 000596992 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\System32\hpzjcd01.dll 2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll 2020-08-04 11:18 - 2020-08-04 11:18 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvSubsystems32.dll 2020-08-04 11:18 - 2020-08-04 11:18 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll 2018-04-11 18:23 - 2018-04-11 18:23 - 004626432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Core.dll 2018-04-11 18:23 - 2018-04-11 18:23 - 004854784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Gui.dll 2018-04-11 18:23 - 2018-04-11 18:23 - 000847872 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Network.dll 2018-04-11 18:23 - 2018-04-11 18:23 - 004439552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Widgets.dll 2009-10-08 15:13 - 2009-10-08 15:13 - 000752128 _____ (Utimaco Safeware AG - a member of the Sophos Group) [File not signed] C:\Program Files (x86)\Sophos\SafeGuard PrivateCrypto\pcshell.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217] AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217] AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217] AlternateDataStreams: C:\ProgramData\PACE:3B43B37DC84953B5 [217] AlternateDataStreams: C:\ProgramData\TEMP:810B9F0D [270] AlternateDataStreams: C:\ProgramData\TEMP:844B944C [126] AlternateDataStreams: C:\ProgramData\TEMP:8DAF83BD [124] AlternateDataStreams: C:\ProgramData\TEMP:AE77C4CC [134] AlternateDataStreams: C:\ProgramData\TEMP:B0177106 [139] AlternateDataStreams: C:\ProgramData\TEMP:FF566C71 [139] AlternateDataStreams: C:\ProgramData\TEMP:FFC7EC5B [131] AlternateDataStreams: C:\Users\Steve\Cookies:p0Gll34sLwzMRyOmqRiazpb [2454] AlternateDataStreams: C:\Users\Steve\AppData\Local\vrcA6QQL6KFsq:SFvYkil9kw3nBg6j3loFrBJeETN [2086] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.ephotozine.com/ SearchScopes: HKU\S-1-5-21-1097580972-3163717967-1959395198-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation) BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\http\1611665804\browser\fs_ie_https\fs_ie_https64.dll [2021-01-26] (F-Secure Corporation -> F-Secure Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc -> Google Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\http\1611665804\browser\fs_ie_https\fs_ie_https.dll [2021-01-26] (F-Secure Corporation -> F-Secure Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc -> Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc -> Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc -> Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1097580972-3163717967-1959395198-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc -> Google Inc.) Toolbar: HKU\S-1-5-21-1097580972-3163717967-1959395198-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-12-01 12:24 - 2021-01-08 12:53 - 000001634 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.9.0 HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\Control Panel\Desktop\\Wallpaper -> C:\Desktop Pics\Personalize\img103.jpg.png DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "TVR Scheduler.lnk" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "Reflect UI" HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service" HKLM\...\StartupApproved\Run: => "AVGUI.exe" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "DT BEN" HKLM\...\StartupApproved\Run32: => "PivotSoftware" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "DBAgent" HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe" HKLM\...\StartupApproved\Run32: => "uupdate" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "Eraser" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "Vidalia" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "Freenet" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "Ubisoft Game Launcher" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\StartupApproved\Run: => "Opera Browser Assistant" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A53777E1-0B98-4967-A8DF-5A6E3E815785}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EB55FA21-B4B2-4CBF-A975-2A3A3EAB1DD2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{499D37D7-7CDE-43F8-A85E-58936A6DA933}] => (Allow) C:\Users\Steve\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) FirewallRules: [{0ADD3961-A53F-49BF-8F74-EE9FBFC33EDA}] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\farcry5.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{E040EA32-856B-4F77-AE28-CCE31A709588}] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\farcry5.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [UDP Query User{DB692C68-4AA4-4139-BAD0-8D2584A0F849}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\arcadeeditor64.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\arcadeeditor64.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [TCP Query User{1E86515E-5EED-41EC-BBCF-407A563215D4}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\arcadeeditor64.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\arcadeeditor64.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [UDP Query User{7ADA3D94-A866-47B2-B912-331536FAE51D}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\farcry5.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\farcry5.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [TCP Query User{1EC266AF-FE36-4C2B-BB86-D828CB38602A}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\farcry5.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 5\bin\farcry5.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{8ABA772D-69B6-40A0-96E0-F3CC42C3D174}] => (Allow) LPort=8888 FirewallRules: [TCP Query User{7FF42DB0-7162-42CE-AFBF-173119C7146F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{A611A536-647F-4961-9FD6-C181BAD2EFB7}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{4BC67DEF-9428-42E7-B1D8-AB83B044DBB1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C591EAC2-54F8-4338-9925-8706739E9092}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5F7D26B2-AD5C-41C8-92FD-9935C92D358C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{072440FA-1BA6-4070-BDE9-30812D9A8E5F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3C23CD8-30A2-4D05-A1D0-64E23ABE33A8}] => (Allow) LPort=57209 FirewallRules: [{C7162E34-4250-4D73-8E99-9AE827511D3D}] => (Allow) LPort=57209 FirewallRules: [{F2203763-0FBE-44F0-BA48-4D2D501603BB}] => (Allow) LPort=7935 FirewallRules: [{1E0B267A-8B08-461D-9D00-45AACAC2B520}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> ) FirewallRules: [{B980EFC9-DB08-4C89-8599-52AF5D377786}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> ) FirewallRules: [{5DB2D5ED-8B0F-4400-8984-8E5284ED4FC6}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) FirewallRules: [{411A99CF-339B-4C48-866D-717BDC107E53}] => (Block) C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) FirewallRules: [{58108930-0D41-4659-9E6E-E13C56FBF5C6}] => (Block) C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe (Adobe Systems Incorporated -> Adobe Systems, Inc.) FirewallRules: [{28786985-6079-4277-AF05-0F010D0FD53B}] => (Block) C:\Program Files\Adobe\Adobe Encore CS6\Adobe Encore.exe (Adobe Systems Incorporated -> Adobe Systems, Inc.) FirewallRules: [{68076180-21F9-47ED-8902-6B3D26E90114}] => (Block) C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated -> Adobe Systems Inc.) FirewallRules: [{1FCFDA96-7434-4E99-87D6-4B9895B34575}] => (Block) C:\Program Files\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) FirewallRules: [{168C2DF1-18A2-4305-A062-B3B6B3515943}] => (Block) C:\Program Files\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) FirewallRules: [{7AE462D1-EDAA-4786-A0D7-2443326529A2}] => (Block) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) FirewallRules: [{159A1DA4-F64D-47ED-9C3F-748F91B3A3DB}] => (Block) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) FirewallRules: [{2B5A000E-961F-4CDC-BE04-886660F8561F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EEB23644-1571-4E33-BDDE-0A031F75AC62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A25D4378-F84D-4826-B82B-0ECC70A6A61E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7A2986C3-33B7-4F96-A4E5-2B0AED24A497}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{0B99DB67-CFD0-4987-BD06-EA0DB7D65B1E}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed] FirewallRules: [UDP Query User{7A79E3FC-81A5-4DB0-A581-03C56A17CEC7}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed] FirewallRules: [{333563D8-9C83-4495-8B9D-CE80F081D1B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C86695BF-12B6-4F21-B245-7C8398CB0611}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 5\bin\FarCry5.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{866DA0BD-D287-4D1E-A2A9-C6E58C965FEA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 5\bin\ArcadeEditor64.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{D491B3DA-CE03-4AE8-A55B-DDDC5A918D1B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 5\bin\FarCry5.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{8A9B6E05-74CA-42E9-B40B-5284ED3A8259}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 5\bin\ArcadeEditor64.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{AF53EDCB-B996-4020-8A97-4303798168E4}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{5966670D-43CF-429C-83FC-3E214EDE14FD}] => (Allow) C:\Program Files\CloudBerryLab\CloudBerry Remote Assistant\Remote Assistant.exe (Trichilia Consultants Limited -> CloudBerry Lab) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: M-Track 2X2 DFU Description: M-Track 2X2 DFU Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (01/30/2021 07:23:50 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12244,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2021 01:17:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15578 Error: (01/30/2021 01:17:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15578 Error: (01/30/2021 01:17:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/30/2021 01:14:39 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (11444,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2021 12:51:20 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10628,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2021 12:39:01 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (13248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/30/2021 12:30:02 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 27296 and the required size was 28256. System errors: ============= Error: (01/30/2021 07:19:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (01/30/2021 12:28:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (01/30/2021 09:19:20 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (01/29/2021 03:38:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (01/29/2021 03:35:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The RapportMgmtService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/29/2021 03:35:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the RapportMgmtService service to connect. Error: (01/29/2021 03:35:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMService service failed to start due to the following error: The system cannot find the file specified. Error: (01/29/2021 03:35:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3 service failed to start due to the following error: The system cannot find the path specified. Windows Defender: =================================== Date: 2020-09-06 14:32:02.687 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: High Category: Tool Path: file:_C:\Users\Steve\Documents\Desktop\ck\xf-mccs6.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.321.1738.0, AS: 1.321.1738.0, NIS: 1.321.1738.0 Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2020-09-06 14:29:39.397 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: High Category: Tool Path: file:_C:\Users\Steve\Documents\Desktop\ck\xf-mccs6.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.321.1738.0, AS: 1.321.1738.0, NIS: 1.321.1738.0 Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2020-09-06 14:29:33.783 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: High Category: Tool Path: file:_C:\Users\Steve\Documents\Desktop\ck\xf-mccs6.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.321.1738.0, AS: 1.321.1738.0, NIS: 1.321.1738.0 Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2020-09-06 14:29:11.254 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: High Category: Tool Path: file:_C:\Users\Steve\Documents\Desktop\ck\xf-mccs6.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.321.1738.0, AS: 1.321.1738.0, NIS: 1.321.1738.0 Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2020-09-06 14:15:00.360 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: High Category: Tool Path: file:_C:\Users\Steve\Documents\Desktop\ck\xf-mccs6.exe; process:_pid:9300,ProcessStart:132438709795902205 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\Steve\Documents\Desktop\ck\xf-mccs6.exe Security intelligence Version: AV: 1.321.1738.0, AS: 1.321.1738.0, NIS: 1.321.1738.0 Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2020-09-08 11:12:21.576 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.321.1738.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17300.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2020-09-08 11:12:21.575 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.321.1738.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17300.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2020-09-08 11:12:21.575 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.321.1738.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17300.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2020-09-08 11:12:21.567 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.321.1738.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17300.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2020-09-08 11:12:21.566 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.321.1738.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17300.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =================================== Date: 2021-01-30 09:35:58.453 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-01-30 09:35:58.445 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-01-30 09:35:58.433 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-01-30 09:35:58.424 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-01-30 09:35:58.322 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-01-30 00:26:03.319 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-01-30 00:26:03.310 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-01-30 00:26:03.279 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: American Megatrends Inc. 1604 10/16/2012 Motherboard: ASUSTeK COMPUTER INC. SABERTOOTH 990FX Processor: AMD FX(tm)-8320 Eight-Core Processor Percentage of memory in use: 32% Total physical RAM: 16328.13 MB Available physical RAM: 10991.61 MB Total Virtual: 16328.13 MB Available Virtual: 8434.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:474.9 GB) (Free:265.53 GB) NTFS Drive s: (New Volume) (Fixed) (Total:1517.44 GB) (Free:920.77 GB) NTFS Drive t: (New Volume) (Fixed) (Total:345.55 GB) (Free:288.02 GB) NTFS Drive x: () (Fixed) (Total:3726.01 GB) (Free:2111.06 GB) NTFS Drive z: (New Volume) (Fixed) (Total:7452.02 GB) (Free:6070.24 GB) NTFS \\?\Volume{0cebd952-c87a-4a30-a47f-a2b2420b078a}\ () (Fixed) (Total:0.77 GB) (Free:0.34 GB) NTFS \\?\Volume{e47021f3-ad8c-4afb-a11e-a0786f00a3ea}\ () (Fixed) (Total:1.16 GB) (Free:0.86 GB) NTFS \\?\Volume{4e8db306-6dae-4a37-8b60-ddd1e57ef8de}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8DB829E9) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 51E363D0) Partition: GPT. ========================================================== Disk: 3 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 5 (MBR Code: Windows 7/8/10) (Size: 7452 GB) (Disk ID: 0A08E411) Partition: GPT. ==================== End of Addition.txt =======================