Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2021 01 Ran by Joe (10-02-2021 14:14:00) Running from C:\Program Files\Farbar Microsoft Windows 10 Pro Version 20H2 19042.746 (X86) (2020-11-03 01:46:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-198903158-1304534811-4163729061-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-198903158-1304534811-4163729061-503 - Limited - Disabled) Guest (S-1-5-21-198903158-1304534811-4163729061-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-198903158-1304534811-4163729061-1002 - Limited - Enabled) Jo (S-1-5-21-198903158-1304534811-4163729061-1007 - Administrator - Enabled) => C:\Users\Jo Joe (S-1-5-21-198903158-1304534811-4163729061-1000 - Administrator - Enabled) => C:\Users\Joe WDAGUtilityAccount (S-1-5-21-198903158-1304534811-4163729061-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - ) 1001 Jigsaw - Earth Chronicles 7 (HKLM\...\1001 Jigsaw - Earth Chronicles 7_is1) (Version: 1.0 - MyPlayCity, Inc.) 4K Video Downloader (HKLM\...\{7820BD5B-FCF2-4A65-A08E-ECB884B1F399}) (Version: 4.13.4.3930 - Open Media LLC) Active Desktop Calendar 7.96 (HKLM\...\Active Desktop Calendar_is1) (Version: - XemiComputers) Actual Window Manager 8.14.4 (HKLM\...\Actual Windows Manager_is1) (Version: 8.14.4 - Actual Tools) Aidfile recovery software professional version 3.6.6.0 (HKLM\...\{456B239A-C1E0-4178-810E-8E8F09B06877}_is1) (Version: 3.6.6.0 - Mitusoft, Inc.) AirDroid 3.6.9.0 (HKLM\...\AirDroid) (Version: 3.6.9.0 - Sand Studio) Aiseesoft HD Video Converter 8.1.18 (HKLM\...\{3039577D-975E-42fc-89FC-2F1FF42F3FCA}_is1) (Version: 8.1.18 - Aiseesoft Studio) Aiseesoft MP4 Video Converter 9.2.18 (HKLM\...\{75CE1C3D-5B84-4e3b-BC17-246607907E6B}_is1) (Version: 9.2.18 - Aiseesoft Studio) Aiseesoft Total Media Converter 6.2.86 (HKLM\...\{42087B24-ECD8-41d2-8053-E6EB99E5083F}_is1) (Version: 6.2.86 - Aiseesoft Studio) Aiseesoft Total Video Converter 9.2.38 (HKLM\...\Aiseesoft Total Video Converter_is1) (Version: 9.2.38 - Aiseesoft Studio) Aiseesoft Video Converter Ultimate 10.1.8 (HKLM\...\{BD446D04-7426-4a27-9B0B-33B0C386F71B}_is1) (Version: 10.1.8 - Aiseesoft Studio) Aiseesoft Video Converter Ultimate 9.2.62 (HKLM\...\Aiseesoft Video Converter Ultimate_is1) (Version: 9.2.62 - lrepacks.ru) Akamai NetSession Interface (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Allavsoft 3.17.7.7150 (HKLM\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) Allavsoft 3.22.7.7496 (HKLM\...\{6EBED4D8-13D9-4370-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) Altap Salamander 4.0 (x86) (HKLM\...\Altap Salamander 4.0 (x86)) (Version: 4.0 - ALTAP) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) AMP Calendar (HKLM\...\AMP Calendar) (Version: - ) ANT Drivers Installer x86 (HKLM\...\{873F3B3F-043C-488A-B07A-873393379469}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden ANT Drivers Installer x86 (HKLM\...\{D8E7F472-86F6-4E62-AAFB-283D238FEED0}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Any Video Converter Professional 6.3.7 (HKLM\...\Any Video Converter Professional_is1) (Version: 6.3.7 - Anvsoft) Any Video Converter Ultimate 6.3.8 (HKLM\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com) AnyMP4 MP4 Converter 7.2.28 (HKLM\...\{116DCE20-DA28-44fb-9C04-DDE2AD05AC8C}_is1) (Version: 7.2.28 - AnyMP4 Studio) AOMEI Backupper Professional (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.) AOMEI Partition Assistant 8.10 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI International Network Limited.) Apowersoft Streaming Audio Recorder 4.3.4.0 1.0.0 (HKLM\...\Apowersoft Streaming Audio Recorder 4.3.4.0 1.0.0) (Version: 1.0.0 - Crackingpatching.com Team) Apowersoft Video Converter Studio 4.8.4.24 (HKLM\...\Apowersoft Video Converter Studio 4.8.4.24) (Version: 1.0.0.1 - Crackingpatching.com Team) Apowersoft Video Converter Studio V4.8.4.24 (HKLM\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.8.4.24 - APOWERSOFT LIMITED) Audacity 2.4.2 (HKLM\...\Audacity_is1) (Version: 2.4.2 - Audacity Team) AutoHotkey 1.1.33.01 (HKLM\...\AutoHotkey) (Version: 1.1.33.01 - Lexikos) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software) AVS Video Converter 12.1.4 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 12.1.4.672 - Online Media Technologies Ltd.) Belarc Advisor 9.0 (HKLM\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.) Bigasoft Video Downloader Pro 3.23.0.7627 (HKLM\...\{C7056BA6-D954-43A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation) Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.) Boilsoft Video Splitter 6.33 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.) Brother HL-2040 (HKLM\...\{AF5BED47-32A2-4FAE-9706-8F0E0462E838}) (Version: 1.00 - Brother) BurnInTest v9.0 Pro (32-bit) (HKLM\...\BurnInTest_is1) (Version: 9.1.1001.0 - Passmark Software) CapsLord 1.0 (remove only) (HKLM\...\CapsLord) (Version: - ) Casper 8.0 (HKLM\...\{6A58EB2E-5883-4515-910D-699C4396797B}) (Version: 8.0.4422 - Future Systems Solutions, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform) Clipboard Magic version 5.05 (HKLM\...\Clipboard Magic_is1) (Version: 5.05 - CyberMatrix Corporation, Inc.) CloseAll (HKLM\...\CloseAll) (Version: 3.0 - NTWind Software) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) CPUID CPU-Z 1.95 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.95 - CPUID, Inc.) D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DiskGenius 5.3.0 (HKLM\...\{2661F2FA-56A7-415D-8196-C4CB3D3ACFFE}_is1) (Version: - Eassos Co., Ltd.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) EaseUS Partition Master 13.0 Trial Edition (HKLM\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS) EasiestSoft Video Converter 3.3.1 (HKLM\...\{62540757-EAF0-B027-F7F8-CD5A8A0DC9BA}_is1) (Version: 3.3.1 - EasiestSoft International LLC.) Eassos PartitionGuru 4.9.5 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.) Easy Video Splitter 1.28 (HKLM\...\Easy Video Splitter_is1) (Version: - DoEasier Tech Inc) Elevated Installer (HKLM\...\{C913E211-2AC5-4BA8-8AC3-4B2814371BD3}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden EmEditor (32-bit) (HKLM\...\{87E57ED7-E591-4DFD-8FD5-0F253EF425B3}) (Version: 19.0.0 - Emurasoft, Inc.) EmEditor Help (English) (HKLM\...\{613A955D-A807-4489-B423-1CEDE0676739}) (Version: 15.7.1 - Emurasoft, Inc.) Epic Pen (HKLM\...\Epic Pen_is1) (Version: v3.7.31.0 - TANK Studios LTD) Epic Pen Pro 3.7.28 (HKLM\...\Epic Pen Pro 3.7.28) (Version: 3.7.28 - Crackingpatching.com Team) Evaer Video Recorder for Skype 1.6.5.11 (HKLM\...\Evaer Video Recorder for Skype) (Version: 1.6.5.11 - Evaer Technology) Everyday Jigsaw (HKLM\...\Everyday Jigsaw) (Version: - ) Faasoft Video Converter 5.2.24.5621 (HKLM\...\{C6FE6897-0A65-4474-8EF7-E7AF11F8F239}_is1) (Version: - Faasoft Corporation) FileSeek 6.4 (HKLM\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 6.4.0.0 - Binary Fortress Software) Firefox Preloader (HKLM\...\Firefox Preloader_is1) (Version: 1.0.366.0 - 6XGate Incorporated) Folder Size Explorer (HKLM\...\{7C3E7EA4-DCEC-4E49-8459-B6F15DBD9795}) (Version: 1.7.1 - Bazwise) FormatFactory 4.10.0.0 (HKLM\...\FormatFactory) (Version: 4.10.0.0 - Free Time) FotoTagger 2.13.0.1 (HKLM\...\FotoTagger) (Version: 2.13.0.1 - Cogitum) Free Launch Bar (HKLM\...\{1574CBD4-1656-420c-B553-E16F01E74C0F}) (Version: 2.0 - Tordex) Free M4a to MP3 Converter 9.7 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free MPG Player (HKLM\...\{254E7ACE-402F-4CA4-951F-9C5F0B00AF1A}) (Version: 1.0.0 - Free MPG Player) Free Video Flip and Rotate version 2.1.6.128 (HKLM\...\Free Video Flip and Rotate_is1) (Version: 2.1.6.128 - DVDVideoSoft Ltd.) Free Video Joiner (HKLM\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com) Free WebM to MP3 Converter (32-bit) 1.2 (HKLM\...\{E359DE7A-892A-4E9F-B2D6-7487C4AA7FB6}_is1) (Version: 1.2 - Jacek Pazera) Freemake Video Converter version 4.2.0 (HKLM\...\Freemake Video Converter_is1) (Version: 4.2.0 - Ellora Assets Corporation) Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.8.4 - Ellora Assets Corporation) Garmin City Navigator Aus and NZ NT 2017.20 (HKLM\...\{3E711870-B474-4277-AE21-481DEAD361B3}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin City Navigator Australia And New Zealand NT 2012.40 Update (HKLM\...\{5E34337E-9BE4-4D72-9C61-77769BD72855}) (Version: 12.40.0.0 - Garmin Ltd or its subsidiaries) Garmin City_Navigator_Aus_and_NZ_NT_2021_10___HERE (HKLM\...\{80FF9FD3-4A72-4D01-8157-AEB60C92303D}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM\...\{3EF3A6E8-CCBF-492E-B179-28838182B8F0}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express (HKLM\...\{e174e9f0-1f1d-4284-b0d1-238b43f8ac1b}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{E31435FE-F0B7-4A62-BE46-BD166A1EEFFB}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{5EF98E1C-3912-40EA-A8C1-25772D9F1762}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Hidden Garmin WebUpdater (HKLM\...\{f1c8f03d-88bd-432d-80d1-782d4fac96b2}) (Version: 2.5.7 - Garmin Ltd or its subsidiaries) Glary Utilities PRO 5.158 (HKLM\...\Glary Utilities 5) (Version: 5.158.0.184 - Glarysoft Ltd) GOM Player (HKLM\...\GOM Player) (Version: 2.3.42.5304 - GOM & Company) Google Chrome (HKLM\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC) Google Earth Pro (HKLM\...\{59F21DFB-6977-434B-9CB9-67783D6E7B6B}) (Version: 7.3.3.7786 - Google) Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GoTo Opener (HKLM\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.) Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot) HandBrake 1.0.7 (HKLM\...\HandBrake) (Version: 1.0.7 - ) Hard Disk Sentinel PRO (HKLM\...\Hard Disk Sentinel_is1) (Version: 5.61 - Janos Mathe) HD Video Converter Factory Pro 17.1 (HKLM\...\HD Video Converter Factory Pro_is1) (Version: 17.1 - lrepacks.ru) HD Video Converter Factory Pro 19.2 (HKLM\...\HD Video Converter Factory Pro) (Version: 19.2 - WonderFox Soft, Inc.) Helium Audio Joiner (build 331) (HKLM\...\{1C7BCE67-6479-4D56-AD92-E50479028171}_is1) (Version: 1.9.0.331 - Imploded Software) Ico Converter 1.3 (HKLM\...\IcoConverter) (Version: - Tomatosoft) IcoFX 2.0 (HKLM\...\IcoFX_is1) (Version: - ) ICQ (version 10.0.12417) (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\icq.desktop) (Version: 10.0.12417 - ICQ) iDealshare VideoGo 7.0.4.6443 (HKLM\...\{CC4C06C4-7C78-4AAB-B5AF-33FB11CCD860}_is1) (Version: - iDealshare Corporation) ImTOO Video Converter Ultimate (HKLM\...\ImTOO Video Converter Ultimate) (Version: 7.8.24.20200219 - ImTOO) Ink2Go (HKLM\...\{6F884302-FE97-4024-ADE3-6415E0F3D372}) (Version: 1.6.0 - EyePower Games) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: 6.32.8 - Tonek Inc.) IrfanView 4.57 (32-bit) (HKLM\...\IrfanView) (Version: 4.57 - Irfan Skiljan) iSkysoft Helper Compact 2.5.2 (HKLM\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft) iSkysoft Video Converter Ultimate(Build 11.5.0.24) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 11.5.0.24 - iSkysoft Software) ISO2Disc 1.10 (HKLM\...\ISO2Disc_is1) (Version: - Top Password Software, Inc.) JPG to PDF Converter 1.1 (HKLM\...\JPG to PDF Converter) (Version: 1.1 - ) Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kleptomania version 5.0 (HKLM\...\{59C08933-1E83-4A8B-A2A9-FD895CFCC95D}_is1) (Version: 5.0 - StructuRise) K-Lite Codec Pack 15.9.5 Standard (HKLM\...\KLiteCodecPack_is1) (Version: 15.9.5 - KLCP) KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.2.2.44 - PandoraTV) KraiSoft Games Launcher (HKLM\...\KraiSoft Games Launcher) (Version: - ) Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1 (HKLM\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.) Macro Express Pro (HKLM\...\Macro Express Pro) (Version: 4.3.0.1 - Insight Software Solutions, Inc.) Malware Hunter 1.117.0.710 (HKLM\...\Malware Hunter) (Version: 1.117.0.710 - Glarysoft Ltd) Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes) MediaHuman Audio Converter version 1.9.7 (HKLM\...\MHAudioConverter_is1) (Version: 1.9.7 - MediaHuman) MediaInfo 19.09 (HKLM\...\MediaInfo) (Version: 19.09 - MediaArea.net) Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation) Microsoft Edge Update (HKLM\...\Microsoft Edge Update) (Version: 1.3.139.71 - ) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Teams) (Version: 1.3.00.13565 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Debugging Symbols (HKLM\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft) Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) MightyText (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\MightyText) (Version: 5.3.1 - MightyText) MKV to MP3 Converter 5.0.1 (HKLM\...\MKV to MP3 Converter) (Version: 5.0.1 - FreeStar) Movavi Video Editor Plus v21.0.0 (HKLM\...\Movavi Video Editor 21 Plus_is1) (Version: 21.0.0 - Movavi (RePack by Dodakaedr)) Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 50.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla) Mp3tag v3.05 (HKLM\...\Mp3tag) (Version: 3.05 - Florian Heidenreich) MP4 Downloader Pro 3 (HKLM\...\MP4 Downloader Pro_is1) (Version: - Tomabo) NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect) NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - ) NirSoft RegScanner (HKLM\...\NirSoft RegScanner) (Version: - ) NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version: - ) Nitro Pro (HKLM\...\{0D8F26C8-A908-4877-9788-001C0BDE3240}) (Version: 13.24.1.467 - Nitro) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) PicPick (HKLM\...\PicPick) (Version: 5.1.3 - NGWIN) Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden Point Position 1.0 (HKLM\...\Point Position 1.0) (Version: 1.0 - Vasilios Applications) PowerISO (HKLM\...\PowerISO) (Version: 6.3 - Power Software Ltd) Presentation Assistant V3.0.1 (HKLM\...\Presentation Assistant_is1) (Version: - www.presentation-assistant.com) Pushbullet version 338 (HKLM\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc) Rainmeter (HKLM\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter) Readiris 17 (HKLM\...\{8ACAE85F-B250-4543-9AD8-734474B3BA20}) (Version: 17.01.11945 - I.R.I.S.) RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Recover My Files (HKLM\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd) Registrar Registry Manager 9.01 (HKLM\...\Registrar32_is1) (Version: - Resplendence Software Projects Sp.) Registrar Registry Manager 9.01 build 901.30525 Retail (HKLM\...\Registrar Registry Manager 9.01 build 901.30525 Retail) (Version: 1.0.01 - Crackingpatching.com Team) Revo Uninstaller Pro 4.3.3 (HKLM\...\Revo Uninstaller Pro_is1) (Version: 4.3.3 - lrepacks.ru) Revo Uninstaller Pro 4.4.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.0 - VS Revo Group, Ltd.) Screenpresso (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Screenpresso) (Version: 1.7.0.0 - Learnpulse) Security Task Manager 2.4 (HKLM\...\Security Task Manager) (Version: 2.4 - Neuber Software) SiSoftware Sandra Business 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware) Skype version 8.67 (HKLM\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.) SMPlayer 21.1.0 (HKLM\...\SMPlayer) (Version: 21.1.0 - Ricardo Villalba) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Spotify (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Spotify) (Version: 1.1.48.625.g1c87c7f7 - Spotify AB) Stellar Repair for Video (HKLM\...\Stellar Repair for Video_is1) (Version: 4.0.0.0 - Stellar Information Technology Pvt Ltd.) Streaming Audio Recorder V4.3.4.0 (32-bit) (HKLM\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 4.3.4.0 - Apowersoft LIMITED) Tame version 6.0d (remove only) (HKLM\...\Tame 6.0d) (Version: - ) TeamViewer (HKLM\...\TeamViewer) (Version: 15.14.3 - TeamViewer) Telegram Desktop version 2.5.8 (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.8 - Telegram FZ-LLC) TeraCopy 3.0 RC (HKLM\...\TeraCopy_is1) (Version: - Code Sector) TeraCopy v3.0 (HKLM\...\TeraCopy v3.0) (Version: v3.0 - Code Sector) Text Monkey Lite (HKLM\...\Text Monkey Lite) (Version: - ) TreeSize V7.1.3 (HKLM\...\TreeSize_is1) (Version: 7.1.3 - JAM Software) Ultra Video Joiner 6.4.1010 (HKLM\...\Ultra Video Joiner_is1) (Version: - Aone Software) Ultra Video Splitter 6.4.1010 (HKLM\...\Ultra Video Splitter_is1) (Version: - Aone Software) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) vDosWP (HKLM\...\{49883946-559B-4FE0-866F-7674B9516A75}_is1) (Version: 2018.10.14 - wpdos.org) VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden Viber (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.) Video Downloader (HKLM\...\{8B6202FD-3790-4DD4-B343-51736F7FF4E5}) (Version: 1.2.0 - RealNetworks) Hidden VideoProc (HKLM\...\VideoProc) (Version: 3.5 - Digiarty, Inc.) VideoProc 3.6 (HKLM\...\VideoProc_is1) (Version: 3.6 - lrepacks.ru) VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN) VSDC Free Video Editor version 6.6.4.264 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.6.4.264 - Flash-Integro LLC) VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.40 - VSO Software) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.16.1.0 - Winaero) WinAVI Video Converter (HKLM\...\WinAVI Video Converter) (Version: 11.5.1.4360 - ZJMedia Digital Technology Ltd.) Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Winja version 4.1.0 (HKLM\...\Winja_is1) (Version: 4.1.0 - Phrozen SAS) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 6.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) WinX HD Video Converter Deluxe 5.16.2 (HKLM\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.) WinX YouTube Downloader (HKLM\...\WinX YouTube Downloader) (Version: 5.5 - Digiarty, Inc.) Wireless-G PCI Adapter (HKLM\...\{88742616-A6E9-4C7E-9665-B625799541FB}) (Version: - ) Wise Duplicate Finder 1.3.4.42 (HKLM\...\Wise Duplicate Finder_is1) (Version: 1.3.4.42 - lrepacks.ru) WonderFox DVD Video Converter 21.3 (HKLM\...\WonderFox DVD Video Converter) (Version: 21.3 - WonderFox Soft, Inc.) Wondershare AllMyTube(Build 7.4.9.2) (HKLM\...\AllMyTube_is1) (Version: 7.4.9.2 - Wondershare) Wondershare Filmora(Build 7.8.9) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.3 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare) Wondershare UniConverter(Build 11.7.4.2) (HKLM\...\UniConverter_is1) (Version: 11.7.4.2 - Wondershare Software) Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.8.23.20180925 - Xilisoft) Xperia Companion (HKLM\...\{5b7c1b25-5fb6-442c-a1b5-cb8dfc2267bf}) (Version: 2.8.3.0 - Sony) Xperia Companion (HKLM\...\{66EABD35-6233-4926-9AB1-AB31CC6BC7D9}) (Version: 2.8.3.0 - Sony) Hidden Xperia Companion Service (HKLM\...\{E41065E8-67E2-448F-940C-FF9D7C51E4E3}) (Version: 2.8.3.0 - Sony) Hidden Zoom (HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Corporation) FreeCell Solitaire Classic Free -> C:\Program Files\WindowsApps\9785PokerCardGames.FreeCellSolitaireClassicFree_1.0.1.0_x86__8mnangg4fsb1t [2020-09-22] (Poker Card Games) IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [2019-04-01] (Tonec Inc.) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2018-12-09] (Instagram) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2020-11-03] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x86__8wekyb3d8bbwe [2021-01-29] (Microsoft Studios) [MS Ad] mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x86__c9d6r4qvva5x8 [2019-12-22] (Up to Eleven Digital Solutions GmbH) Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x86__kzf8qxf38zg5c [2021-01-29] (Skype) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.9.49.0_x86__43tkc6nmykmb6 [2019-12-24] (Ookla) Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.13242.0_x86__8wekyb3d8bbwe [2018-12-09] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x86\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{C78B614F-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx86.dll (Fine spol. s r.o. -> ALTAP) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x86\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57}\InprocServer32 -> C:\Users\Joe\AppData\Local\Programs\EmEditor\emedshl.dll (Emurasoft, Inc. -> Emurasoft, Inc.) CustomCLSID: HKU\S-1-5-21-198903158-1304534811-4163729061-1000_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> no filepath ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] () [File not signed] ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers5: [Actual Window Manager] -> {CE577978-3FCA-430D-B0CE-D637788F9C5A} => C:\Program Files\Actual Window Manager\ActualWindowManagerShellExtension.dll [2020-10-11] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-30] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2020-08-22] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-07-29] () [File not signed] ContextMenuHandlers6: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files\Tomabo\MP4 Downloader Pro\MP4C_WS.dll [2015-07-21] (Tomabo) [File not signed] ContextMenuHandlers6: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files\Tomabo\MP4 Downloader Pro\MP4P_WS.dll [2015-07-21] (Tomabo) [File not signed] ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] () [File not signed] ContextMenuHandlers1_S-1-5-21-198903158-1304534811-4163729061-1000: [EmEditor] -> {DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57} => C:\Users\Joe\AppData\Local\Programs\EmEditor\emedshl.dll [2019-07-30] (Emurasoft, Inc. -> Emurasoft, Inc.) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [msacm.divxa32] => C:\WINDOWS\system32\msaud32_divx.acm [186368 2003-02-03] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MPG4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed] HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed] HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed] HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed] HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed] HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed] HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [File not signed] HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Joe\Desktop\Chrome BookMarks.lnk -> C:\Data\Batch Files\Macro Express\ExportChromeBookMarks.bat () Shortcut: C:\Users\Joe\Desktop\DeskTopView.lnk -> C:\Data\Batch Files\Macro Express\DeskTopView.bat () Shortcut: C:\Users\Joe\Desktop\EmptyIDM.lnk -> C:\Data\Batch Files\Macro Express\EmptyIDM.bat () Shortcut: C:\Users\Joe\Desktop\FFB'kMarks.lnk -> C:\Data\Batch Files\Macro Express\SaveFFBookMarks.bat () Shortcut: C:\Users\Joe\Desktop\Quicklaunch.lnk -> C:\Data\Batch Files\DOS or CMD\QuickLaunch.bat () Shortcut: C:\Users\Joe\Desktop\Restart.lnk -> C:\Data\Batch Files\DOS or CMD\Restart.bat () Shortcut: C:\Users\Joe\Desktop\Shutdown.lnk -> C:\Data\Batch Files\DOS or CMD\Shutdown.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autohotkey.lnk -> C:\Data\Batch Files\Autohotkey\autohotkey.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ADC close & copy.lnk -> C:\Data\Batch Files\Autohotkey\close & copy ADC.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Greenshot.lnk -> C:\Data\Batch Files\Macro Express\Greenshot.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KillGreenshot.lnk -> C:\Data\Batch Files\DOS or CMD\KillGreenshot.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MultiLaunch.lnk -> C:\Data\Batch Files\DOS or CMD\MultiLaunch.bat () Shortcut: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Rare\StartUps - backing up.lnk -> C:\Data\Batch Files\DOS or CMD\StartUps.bat () ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\(20+) Messenger _ Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jjkeojnabmnhemlflkpnpfggneahjkjn ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Creating an internet shortcut fails _.._.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=djcnpbhjfgpighcllplapphngaaockbd ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hangouts (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=deigijodonbmdapahgkdjljmcngipaab ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hangouts.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=deigijodonbmdapahgkdjljmcngipaab ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Messenger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cikmbkiaomfbeknnagjbfgfckhlbnjnj ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MightyText.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pambkebinhmagehedjcpghjfbcociiak ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MightyTextTest.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=andmpiilbgodiefijhcneadhegcolaoe ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pushbullet Settings.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jinnpgkhgbkooiphbamlonfpcedokdah ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pushbullet.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ogpfcbagkcllmmkfdceimppcikancjan ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sendleap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\sydney time.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dahalpfpibpddfpdcfgmpjelnldolich ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\12acfffc61da8ee6\SendLeap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Comms\Messenger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cikmbkiaomfbeknnagjbfgfckhlbnjnj ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Comms\Sendleap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Rare\MightyText Test.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=andmpiilbgodiefijhcneadhegcolaoe ==================== Loaded Modules (Whitelisted) ============= 2021-02-10 14:04 - 2021-02-10 14:04 - 000470016 _____ () [File not signed] \\?\C:\Users\Joe\AppData\Local\Temp\3ee03d8d-7d02-4942-8ab4-75b46936c5f9.tmp.node 2017-12-03 09:37 - 2017-10-16 01:21 - 003420672 _____ () [File not signed] C:\Program Files\Kleptomania\TextractSmart.dll 2017-01-02 17:19 - 2016-09-19 12:08 - 000622080 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll 2012-01-10 08:22 - 2011-11-23 15:59 - 000035840 _____ () [File not signed] C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 001990144 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\ffmpeg.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 000115712 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\libegl.dll 2020-05-23 14:46 - 2020-05-23 14:46 - 006668800 _____ () [File not signed] C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\libglesv2.dll 2020-07-03 01:38 - 2011-06-28 07:35 - 000072192 _____ (Insight Software Solutions, Inc.) [File not signed] C:\Program Files\Macro Express Pro\mexhook.dll 2016-02-13 03:17 - 2016-02-13 03:17 - 001170944 _____ (TameDOS) [File not signed] C:\WINDOWS\System32\TameVdd.Dll 2009-04-14 09:14 - 2009-04-14 09:14 - 001527808 _____ (TrueSoft) [File not signed] C:\Program Files\FreeLaunchBar\flb.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation) DPF: {9732FB42-C321-11D1-836F-00A0C993F125} hxxp://www.pcpitstop.com/mhLbl.cab Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.) Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.) (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7942 more sites. IE trusted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\garmin.com -> hxxps://my.garmin.com IE trusted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\localhost -> localhost IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\123simsen.com -> www.123simsen.com There are 7947 more sites. IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\123simsen.com -> www.123simsen.com There are 7942 more sites. ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-02-09 15:40 - 2021-02-09 15:40 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Deskshare\My Screen Recorder Pro 3\;C:\Program Files\Windows Live\Shared;C:\Program Files\AMD\ATI.ACE\Core-Static;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\AOMEI Backupper HKU\S-1-5-21-198903158-1304534811-4163729061-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\XEMICO~1\ACTIVE~1\Desktop\ACTIVE~1.BMP HKU\S-1-5-21-198903158-1304534811-4163729061-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: BthHFSrv => 3 MSCONFIG\Services: CS_AutoUpdate => 2 MSCONFIG\Services: CS_BandwidthGuard => 2 MSCONFIG\Services: CS_SysMsgProxy => 2 MSCONFIG\Services: EaseUS Agent => 2 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: MacriumService => 2 MSCONFIG\Services: NitroDriverReadSpool10 => 2 MSCONFIG\Services: NitroUpdateService => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: XboxNetApiSvc => 3 HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk" HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "StartCN" HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "SDTray" HKLM\...\StartupApproved\Run: => "Brdefprn" HKLM\...\StartupApproved\Run: => "Reflect UI" HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run: => "DelaypluginInstall" HKLM\...\StartupApproved\Run: => "UnlockerAssistant" HKLM\...\StartupApproved\Run: => "EaseUS EPM Tray Agent" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "iSkysoft Helper Compact.exe" HKLM\...\StartupApproved\Run: => "MalTray" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "Capture2Text.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "EmEditor.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "WP.EXE.pif" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\StartupFolder: => "Hangouts.lnk" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08BC2BD8F1B6BE4ACC60C8748C6E102" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "WinPatrol" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "movavi_videoconverter_agent" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GarminExpress" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "GUDelayStartup" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "Opera Browser Assistant" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B556209A-36FE-478C-BF05-62D82AC5CC97}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{DDB5508A-F54E-45AF-AFDB-4A9E2DBF5A49}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{C98057C4-C004-4F9B-8873-6A67ED196A97}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{28925ED5-09D0-4EC9-A346-B0A4D1AA9A3E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{E8C9A1B0-47A6-4F62-8A46-D465CF4D93C3}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{FD9E605F-D3B6-4DF8-8B06-0425F231C116}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{62093499-5548-461D-BD5B-87202DDC614E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{D90CFB49-AA8A-4CEC-9EA7-6EEAB63915EB}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{600C3D93-A2D1-4BC7-96B9-433FF8CE5628}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{124B68D4-70C4-40A4-BFEA-68B66571B712}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{76853AFE-D283-497C-82E0-C1BBDAD063D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F9118A2E-AB5F-4D35-842B-9A319101F423}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{27268B28-B4BD-4E57-AD8B-B1C394B6E94F}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{8716BF26-62D9-4E5C-9614-D372215A5C9C}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{974ADDF1-3D2C-4876-ACFA-21E0A9C11639}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5CF94C9D-0AC4-4FF9-AA7E-E8904C425C4C}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DE116F64-59E4-42C2-ADA5-A9C757C3679E}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{3F7ACDD1-26BA-4E48-B793-F59E307EC654}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{3C4F92F0-9561-4B22-AEB4-6B14CE2AFA59}] => (Block) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{FD609144-6454-4F6D-B079-D0AF05F3EEBB}] => (Allow) LPort=1900 FirewallRules: [{9D022D4F-A97E-4D8C-A7F7-19FFDA484A5F}] => (Allow) LPort=2869 FirewallRules: [{350821B3-5E57-454C-BFA5-D10526632D17}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{96329BFC-08DB-43C1-9DEE-D1A68B1EACD2}C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> MightyText) FirewallRules: [TCP Query User{872D03CB-52E1-4B43-ADDE-B0423EC5ACD7}C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\joe\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> MightyText) FirewallRules: [{EDD5C10C-1D2E-4CD0-9F32-5E1229423B3B}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [{B1435707-5F84-470D-BA50-6608147CC8B0}] => (Allow) C:\Program Files\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) FirewallRules: [TCP Query User{70CC872C-4D2B-4D4F-8DFE-619A6C2108EB}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [UDP Query User{301491AE-FA03-42DD-808E-B984FA414B9D}C:\program files\utorrent\utorrent.exe] => (Block) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [TCP Query User{A8CB4212-1C86-4249-BA25-03AD562B62A5}C:\program files\utorrent\utorrent.exe] => (Allow) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [UDP Query User{8CA7331B-BF15-4754-9E44-A003E64AE505}C:\program files\utorrent\utorrent.exe] => (Allow) C:\program files\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.) FirewallRules: [TCP Query User{AF5EC40D-8225-47F5-A4AB-EA43EC721C10}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{BF3DEE44-EC79-4424-82C1-B2E13D890B45}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{76E50CB4-491D-4404-9EAB-F6576CFA5FAE}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{38BDED24-3647-4FAC-A122-D563C7EC6ECF}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{F0BF3433-9606-4D62-A95A-66DC6D6D0DCD}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll () [File not signed] FirewallRules: [{5DA517D1-B16B-480D-9BC8-F94A32230640}] => (Allow) C:\Program Files\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll () [File not signed] FirewallRules: [TCP Query User{FDBB0FAD-F4F1-4DA5-A779-6A8BD63DF475}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{3E514C03-5B9C-41BE-9DA0-D8A81900DC72}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{AF568467-AAE6-490F-A8D8-472AFAFCF5F1}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio) FirewallRules: [UDP Query User{6FE2E8FE-E370-42D8-AC11-337649CDCCBC}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio) FirewallRules: [{E66B7B91-F430-4BEF-91DC-A33A915C07E2}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E6BB0410-FA8C-4B32-8E24-E45751DD0AB4}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F4EFF175-6AEE-4EA3-9539-0C7002CA1EFA}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{5F42FD6D-C2F5-4E15-9538-0435792657C2}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC) FirewallRules: [{36E12D92-F0BF-4424-8D18-01901ADC05D8}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{4A0EEB64-25A8-4610-A523-0D6E0E11D2ED}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC) FirewallRules: [{36E22BDE-6A19-4AA4-920A-5F58C7AF8AB4}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{BA6D2789-98DB-43F7-A73C-2FDD716789DE}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC) FirewallRules: [{B5032685-1E18-4C5D-A5D0-6FAEA921B862}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B243945F-F122-4395-BCC0-63EC184CBF91}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{1D1A4C4C-EB8C-4A06-928A-5CF7D665C279}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E4A8FE02-A2F7-4DEE-BA9B-978638D57668}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{BAEA0CD6-EC9D-4B38-AD98-972F47D8D5DB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) StandardProfile\AuthorizedApplications: [C:\Program Files\Tomabo\MP4 Downloader Pro\MP4DownloaderPro.exe] => Enabled:MP4 Downloader Pro ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:111.79 GB) (Free:35.33 GB) (32%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== System errors: ============= Error: (02/10/2021 02:03:45 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume T: encountered a non-retryable error and could not start. The data contains the error code. CodeIntegrity: =================================== Date: 2021-02-10 14:11:40.6610000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-10 14:11:40.6210000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-10 14:11:40.5830000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-10 14:09:54.5720000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-10 14:09:19.4570000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-10 14:09:19.3740000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-10 14:08:34.8860000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-10 14:08:34.8180000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Award Software International, Inc. FD 02/01/2011 Motherboard: Gigabyte Technology Co., Ltd. X58A-UD5 Processor: Intel(R) Core(TM) i7 CPU X 990 @ 3.47GHz Percentage of memory in use: 91% Total physical RAM: 3582.42 MB Available physical RAM: 307.64 MB Total Virtual: 7166.42 MB Available Virtual: 2761.32 MB ==================== Drives ================================ Drive a: (BACKUP) (Removable) (Total:14.83 GB) (Free:2.87 GB) FAT32 Drive c: (Blaze) (Fixed) (Total:111.79 GB) (Free:35.33 GB) NTFS ==>[system with boot components (obtained from drive)] Drive t: (Downloads) (Fixed) (Total:111.79 GB) (Free:99.06 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 456B9985) Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 7F90DAF7) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows XP) (Size: 14.8 GB) (Disk ID: 74A96E33) Partition 1: (Active) - (Size=14.8 GB) - (Type=0C) ==================== End of Addition.txt =======================