My bad.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2021
Ran by Nigel (administrator) on NIGEL-PC (Medion E6234) (06-11-2021 13:23:32)
Running from C:\Users\Nigel\Desktop
Loaded Profiles: Nigel
: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
() [File not signed] C:\Program Files (x86)\PHotkey\GPMTray.exe
() [File not signed] C:\Program Files (x86)\PHotkey\PHotkey.exe
() [File not signed] C:\Program Files (x86)\PHotkey\POsd.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CrypKey (Canada) Ltd.) [File not signed] C:\Windows\System32\Crypserv.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(PEGATRON CORPORATION -> TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-27] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2774040 2019-12-19] (Opera Software AS -> Opera Software)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Nigel\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-11-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Nigel\Downloads\FliqloScr\Fliqlo.scr [388096 2021-03-19] (9031) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\WINDOWS\system32\hpz3l5k2.dll [130048 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-10-29] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2012-11-27] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2020-05-05]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FFAE542-7BB9-4A04-AEB0-99B7D9D321CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {14C2DEB0-9A3C-4D70-BA59-A6A2662ACFB7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {4E199D7B-4F5E-422F-8AE0-7AE00FA5A645} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {53DD12F4-F2CC-4E6A-9100-C885108EF2A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [139806512 2021-10-13] (Microsoft Windows -> Microsoft Corporation)
Task: {62C4A8CD-9106-4A28-ADC3-EA65B0C2CEF0} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2021-04-29] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {745819C7-B794-409E-9046-0E87BEBED62A} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {88C2DD99-9005-4BA8-9752-E3FC8750C43A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {A75B5455-7AEB-4924-8B0E-41496DCF4BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {AAF31D51-A367-4004-A9DE-E0D4127C5A02} - System32\Tasks\Opera scheduled Autoupdate 1526203677 => C:\Program Files\Opera\launcher.exe [42724048 2021-09-24] (Opera Software AS -> Opera Software)
Task: {C06DFBDA-FDA4-4007-85BB-B52EFC1EEDC4} - System32\Tasks\GoogleUpdateTaskMachineCore1d5b20961366e42 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {D2C7756A-8450-474A-899A-5FDD6E93F186} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-26] (Apple Inc. -> Apple Inc.)
Task: {EC7934E2-BC4F-4E0F-B750-A412D9E50FBD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{32a5e555-f93c-4cdf-93c2-ca42ebc72347}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{66cb41a6-c2e0-4e78-8a4c-ef22656af993}: [DhcpNameServer] 194.168.4.100 194.168.8.100
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Nigel\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-06]
Edge StartupUrls: Default -> "hxxp://go.microsoft.com/fwlink/?LinkId=525990"
FireFox:
========
FF DefaultProfile: gv7jttb3.default
FF DefaultProfile: ar9pl8tr.default
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\TomTom\HOME\Profiles\abjn7h7c.default [2015-07-05]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default [2021-10-18]
FF Homepage: Mozilla\Firefox\Profiles\gv7jttb3.default -> hxxps://www.google.co.uk/?gws_rd=cr
FF Extension: (EPUBReader) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2020-08-02]
FF Extension: (No Name) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-08-02]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Comodo\IceDragon\Profiles\ar9pl8tr.default [2020-06-25]
FF Homepage: Comodo\IceDragon\Profiles\ar9pl8tr.default -> hxxps://www.youtube.com/feed/subscriptions
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google Inc -> Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4040141387-3011007431-2631040067-1001: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Users\Nigel\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default [2021-11-06]
CHR DownloadDir: C:\Users\Nigel\Downloads
CHR Notifications: Default -> hxxp://sportstvonline.net; hxxps://beastbuying.com; hxxps://draxe.com; hxxps://m.facebook.com; hxxps://maximus-time.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.samsung.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Google Docs) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-09]
CHR Extension: (Google Drive) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-02]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-20]
CHR Extension: (Google Docs Offline) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-15]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-10]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Opera:
=======
OPR Profile: C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable [2021-11-01]
OPR Notifications: Opera Stable -> hxxps://click.notify.support; hxxps://ctih.apparedistride.club; hxxps://dioh.veirregnant.club; hxxps://en.softonic.com; hxxps://plby.spirationsstrated.club; hxxps://uniquecaptcha.com; hxxps://videoommooth.com; hxxps://vidlox.tv; hxxps://vshare.eu; hxxps://www.footballstreamings.com; hxxps://www.techradar.com; hxxps://www.youtube.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (WhatsApp™ Messenger) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\dldmjnlgpemdnceadnpcfenlhhnlbbnl [2020-04-01]
OPR Extension: (Rich Hints Agent) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-01]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-29]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2021-10-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] (Ashampoo GmbH & Co. KG -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] (Ashampoo GmbH & Co. KG -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc. -> Apple Inc.)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink -> CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink -> CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7826104 2021-11-02] (Malwarebytes Inc -> Malwarebytes)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTransPro\ElevationService.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] (Ashampoo GmbH & Co. KG -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ELANUSB; C:\WINDOWS\System32\Drivers\elanusb.sys [44408 2016-03-12] (CIC COMPONENTS INDUSTRIES CO., LTD. -> Windows ® Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-02] (Malwarebytes Inc -> Malwarebytes)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [28664 2008-03-17] (CrypKey (Canada) Inc. -> )
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [401120 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-06 13:23 - 2021-11-06 13:28 - 000023588 _____ C:\Users\Nigel\Desktop\FRST.txt
2021-11-06 12:14 - 2021-11-06 12:14 - 000000000 ____D C:\Users\Nigel\Desktop\FRST-OlderVersion
2021-11-06 12:13 - 2021-11-06 12:14 - 002312192 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2021-11-06 10:15 - 2021-11-06 10:15 - 000000000 ___HD C:\$WinREAgent
2021-11-06 08:36 - 2021-11-06 08:36 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-05 21:07 - 2021-11-05 21:07 - 000001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-05 21:07 - 2021-11-05 21:07 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-04 19:56 - 2021-11-04 19:56 - 003254099 _____ C:\Users\Nigel\Downloads\This Naked Mind Control Alcohol, Find Freedom, Discover Happiness and Change Your Life by Grace, Annie (z-lib.org).epub
2021-11-02 16:54 - 2021-11-02 16:54 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-01 10:10 - 2021-11-01 10:10 - 000001462 _____ C:\Users\Nigel\Desktop\Twitter.lnk
2021-10-18 14:38 - 2021-10-18 14:50 - 000000150 _____ C:\WINDOWS\Reimage.ini
2021-10-17 12:24 - 2021-10-17 12:24 - 001103831 _____ C:\Users\Nigel\Downloads\Resistance Is Futile How the Trump-Hating Left Lost Its Collective Mind by Ann Coulter (z-lib.org).epub
2021-10-17 12:13 - 2021-10-17 12:13 - 000512744 _____ C:\Users\Nigel\Downloads\The Abolition of Liberty The Decline of Order and Justice in England by Peter Hitchens (z-lib.org).epub
2021-10-17 12:08 - 2021-10-17 12:08 - 016746371 _____ C:\Users\Nigel\Downloads\The Abolition of Britain From Winston Churchill to Princess Diana by Peter Hitchens (z-lib.org).epub
2021-10-17 11:50 - 2021-10-17 11:50 - 004517348 _____ C:\Users\Nigel\Downloads\The Contagion Myth Why Viruses (Including Coronavirus) Are Not the Cause of Disease by Thomas S. Cowan, Sally Fallon Morell (z-lib.org) (1).epub
2021-10-17 11:49 - 2021-10-17 11:49 - 004517348 _____ C:\Users\Nigel\Downloads\The Contagion Myth Why Viruses (Including Coronavirus) Are Not the Cause of Disease by Thomas S. Cowan, Sally Fallon Morell (z-lib.org).epub
2021-10-13 17:05 - 2021-10-13 17:05 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-13 17:05 - 2021-10-13 17:05 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-13 17:04 - 2021-10-13 17:04 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-11 14:26 - 2021-10-11 14:27 - 115716096 _____ C:\Users\Nigel\Downloads\calibre-5.29.0.msi
2021-10-11 14:16 - 2021-10-11 14:16 - 004875738 _____ C:\Users\Nigel\Downloads\WHAT REALLY MAKES YOU ILL - WHY EVERYTHING YOU THOUGHT YOU KNEW ABOUT DISEAS IS WRONG by DAWN LESTER DAVID PARKER [LESTER, DAWN PARKER, DAVID] (z-lib.org).pdf
2021-10-11 08:58 - 2021-10-11 08:58 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-11 08:57 - 2021-10-11 08:57 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-09 10:17 - 2021-10-09 10:17 - 000879054 _____ C:\Users\Nigel\Downloads\Alcohol-Explained-by-William-Porter.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-06 13:27 - 2021-01-03 13:55 - 000000000 ____D C:\FRST
2021-11-06 12:59 - 2013-08-27 19:34 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-06 12:07 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-06 11:31 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-06 10:41 - 2021-04-29 00:53 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-06 10:41 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-06 10:39 - 2015-08-26 09:42 - 000000000 __SHD C:\Users\Nigel\IntelGraphicsProfiles
2021-11-06 10:35 - 2021-04-29 01:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-06 10:35 - 2021-04-29 00:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-06 10:35 - 2021-04-29 00:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-06 08:34 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-06 07:44 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-06 07:44 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-06 07:42 - 2021-04-29 01:21 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B36B5B0B-3BFB-42EB-BDEA-CF50958C5376}
2021-11-02 07:49 - 2017-12-06 23:36 - 000000000 ____D C:\Users\Nigel\AppData\Local\Packages
2021-10-31 07:16 - 2020-06-27 14:55 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-30 20:44 - 2013-08-27 20:23 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\vlc
2021-10-29 06:08 - 2014-12-31 13:56 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-29 06:08 - 2014-12-31 13:56 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-19 06:40 - 2018-05-13 09:26 - 000000000 ____D C:\Program Files\Opera
2021-10-18 15:20 - 2014-02-06 16:45 - 000000000 ____D C:\Users\Nigel\AppData\Local\ElevatedDiagnostics
2021-10-18 11:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-14 12:13 - 2021-04-29 00:30 - 000463496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-14 12:09 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-14 12:09 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-13 14:34 - 2013-08-29 00:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-13 14:26 - 2013-03-22 17:03 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-12 13:15 - 2014-06-20 09:20 - 000000000 ____D C:\Users\Nigel\Pictures\Documents\eBooks
2021-10-12 12:34 - 2016-01-05 10:38 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-11 14:32 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-11 14:32 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-11 14:32 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-11 14:32 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-11 14:32 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-11 14:32 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-11 14:32 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-11 14:29 - 2020-06-21 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2021-10-11 14:28 - 2020-06-21 17:17 - 000000000 ____D C:\Program Files (x86)\Calibre2
2021-10-11 14:27 - 2020-06-21 17:19 - 000000000 ____D C:\Users\Nigel\Calibre Library
2021-10-11 07:04 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-10 19:52 - 2014-02-18 20:43 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\dvdcss
2021-10-10 07:10 - 2021-07-02 07:11 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d73c917e366d63
2021-10-10 07:10 - 2021-04-29 01:21 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Files in the root of some directories ========
2018-05-20 15:24 - 2018-05-20 15:25 - 075565632 _____ (Malwarebytes ) C:\Users\Nigel\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5170.exe
2014-12-26 20:19 - 2014-12-26 20:19 - 000085130 _____ () C:\Users\Nigel\AppData\Local\ars.cache
2014-12-26 20:19 - 2014-12-26 20:19 - 000135658 _____ () C:\Users\Nigel\AppData\Local\census.cache
2015-07-06 21:43 - 2020-04-18 17:50 - 000005632 _____ () C:\Users\Nigel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-26 20:11 - 2014-12-26 20:11 - 000000036 _____ () C:\Users\Nigel\AppData\Local\housecall.guid.cache
2020-06-06 18:12 - 2020-06-06 18:12 - 000007604 _____ () C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2014-12-26 20:16 - 2014-12-26 20:16 - 000000010 _____ () C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2021
Ran by Nigel (06-11-2021 13:30:16)
Running from C:\Users\Nigel\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2021-04-29 01:22:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4040141387-3011007431-2631040067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4040141387-3011007431-2631040067-503 - Limited - Disabled)
Guest (S-1-5-21-4040141387-3011007431-2631040067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4040141387-3011007431-2631040067-1005 - Limited - Enabled)
Nigel (S-1-5-21-4040141387-3011007431-2631040067-1001 - Administrator - Enabled) => C:\Users\Nigel
WDAGUtilityAccount (S-1-5-21-4040141387-3011007431-2631040067-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
calibre (HKLM-x32\...\{2E4F4E6C-9196-4A8B-AA7B-5462E2DC4E40}) (Version: 5.29.0 - Kovid Goyal)
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (HKLM-x32\...\{1F0C818D-4A41-4E40-BAFB-BB940C82A518}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (HKLM-x32\...\{E354D495-5DA4-4CCF-AB39-080F6A4141BE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (HKLM-x32\...\{9F470E17-4FC3-4091-A508-D5347A16A2B9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (HKLM-x32\...\{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (HKLM-x32\...\{E50E3DBC-46AA-4827-B2A6-F995D81DF526}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (HKLM-x32\...\{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (HKLM-x32\...\{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HandBrake 1.3.3 (HKLM-x32\...\HandBrake) (Version: 1.3.3 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Intel® Chipset Device Software (HKLM-x32\...\{c4a581e8-a702-448c-80c7-4b6192985db2}) (Version: 10.1.18228.8176 - Intel® Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Malwarebytes version 4.4.9.142 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.9.142 - Malwarebytes)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.1924 - CyberLink Corp.) Hidden
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{058EDEC8-1873-4B49-9A08-54ADE9CC129B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{306C7AEF-16C7-428D-93AA-99D4A4090243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{36BEC461-B58A-414D-993E-E2BDD1F1A14B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{62BBCDDC-4979-4E59-9D97-5B8E874C3191}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{751EB657-3F22-4150-8CE4-D79A262F1D92}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{7E63F102-A9E9-4F4C-8004-BC62974736BF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A47EA9D4-BB87-415E-9239-28860434E5A0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 84.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 84.0.1 (x64 en-GB)) (Version: 84.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 84.0.1.7660 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 79.0.4143.61 (HKLM-x32\...\Opera 79.0.4143.61) (Version: 79.0.4143.61 - Opera Software)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podstawowe programy Windows Live (HKLM-x32\...\{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Telegram Desktop version 2.8.4 (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.8.4 - Telegram FZ-LLC)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Valokuvavalikoima (HKLM-x32\...\{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Συλλογή φωτογραφιών (HKLM-x32\...\{A19A8C25-272A-4CD6-8BA8-3772321A021B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Packages:
=========
Ashampoo ImageFX for Medion -> C:\Program Files\WindowsApps\AshampooMedion.AshampooImageFXforMedion_1.0.2.14_x64__g53hytncy48pj [2013-08-27] (Ashampoo GmbH & Co. KG)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-29] (Autodesk Inc.)
Cyberlink PowerDVD_BE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.PowerDVDforMedion_1.1.918.19562_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
Cyberlink YouCam_DE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.YouCamforMedion_1.1.2118.27406_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2021-09-15] (eBay, Inc)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.1.257.0_x64__v10z8vjag6ke6 [2021-11-02] (HP Inc.)
Kaspersky Now -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyNow_1.0.0.43_neutral__8jx5e25qw3tdc [2014-06-09] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.1.10060.0_x64__8wekyb3d8bbwe [2021-10-29] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_3.1.9160.0_x86__8wekyb3d8bbwe [2020-10-07] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-30] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.8.904.0_x64__8wekyb3d8bbwe [2021-09-15] (Microsoft Studios) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-29] (MAGIX)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-06] (Microsoft Corporation)
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2021-09-15] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2021-09-15] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-10-31] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-29] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2011-03-31 15:52 - 2011-03-31 15:52 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCP71.dll
2011-03-31 15:52 - 2011-03-31 15:52 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCR71.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2021-11-06 10:35 - 000002585 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Control Panel\Desktop\\Wallpaper -> G:\Pics\Wallpaper\bfly.jfif
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "Nigel.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "F.lux"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "utweb"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{077D7CB9-51D9-4968-8C3F-A46366973E64}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F9B9E328-11FA-4F8D-A125-A89D29316FDE}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{EF66AF92-541B-4E8F-988D-4883C5391C21}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{8B0238E8-8977-48E9-829D-A544D5ADC6AC}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{7903EFD5-936F-406E-819A-FA0F75472286}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F898E098-8226-49AC-A2AB-50D8CA2C408D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{8328AFFF-8E8B-4A59-B42F-FFA59BABEF22}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{1C8DA673-F458-4BAA-BAEF-861A2E8393B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AD76486A-BC9F-4F47-9D2A-2E001FDE627A}] => (Allow) C:\Program Files\Opera\78.0.4093.206\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B160A112-2F66-4824-A349-1E3D4F0CE4AA}] => (Allow) C:\Program Files\Opera\79.0.4143.61\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B0CE5E27-8927-469B-B09E-CECCD17649F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{280C2D74-756A-459B-9B2D-6FCFBC1647AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE6B05EF-C8BD-49C4-95FE-A700AB28B03B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{73D4110E-660C-48C3-91CB-5729536201F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{442A7F75-3EEF-49C8-9807-5B40BD7E9B36}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
31-10-2021 08:42:27 Scheduled Checkpoint
06-11-2021 09:22:45 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Nigel’s iPod A2DP SNK
Description: Microsoft Bluetooth A2dp Sink
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthA2dp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (11/06/2021 12:30:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 6.11.2021.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 8
Start Time: 01d7d307e8c3f1de
Termination Time: 4294967295
Application Path: C:\Users\Nigel\Desktop\FRST64.exe
Report Id: 0783a0e9-cb52-494a-9ada-eaaf34519c9a
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (11/06/2021 08:44:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.1152, time stamp: 0x616ee433
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process ID: 0x1c70
Faulting application start time: 0x01d7d2e96d87e2ff
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report ID: 0eb8ada2-8fe9-45ec-9aed-1bcf2855ebf7
Faulting package full name:
Faulting package-relative application ID:
Error: (11/06/2021 08:33:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (11/06/2021 08:33:46 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (11/05/2021 12:10:52 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete re-trim on SAMSUNG (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (11/05/2021 12:10:42 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete re-trim on Recover (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (11/05/2021 12:10:41 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete re-trim on Boot (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (11/01/2021 12:38:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StartMenuExperienceHost.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1e0c
Start Time: 01d7cee7aabf98c5
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Report Id: b4286240-1e25-40bd-ac17-9454f7739b63
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Quiesce
System errors:
=============
Error: (11/06/2021 10:42:29 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (11/06/2021 10:35:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ElevationService service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/06/2021 10:21:43 AM) (Source: DCOM) (EventID: 10010) (User: NIGEL-PC)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
Error: (11/06/2021 10:21:43 AM) (Source: DCOM) (EventID: 10010) (User: NIGEL-PC)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
Error: (11/06/2021 10:21:43 AM) (Source: DCOM) (EventID: 10010) (User: NIGEL-PC)
Description: The server {973D20D7-562D-44B9-B70B-5A0F49CCDF3F} did not register with DCOM within the required timeout.
Error: (11/06/2021 10:21:41 AM) (Source: DCOM) (EventID: 10010) (User: NIGEL-PC)
Description: The server {973D20D7-562D-44B9-B70B-5A0F49CCDF3F} did not register with DCOM within the required timeout.
Error: (11/06/2021 10:19:12 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (11/06/2021 10:14:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service did not respond on starting.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 503 09/29/2012
Motherboard: Medion E6234
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 81%
Total physical RAM: 3976.96 MB
Available physical RAM: 730.93 MB
Total Virtual: 4808.96 MB
Available Virtual: 1386.3 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:402.36 GB) (Free:241.64 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:39.33 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:156.28 GB) NTFS
\\?\Volume{28093404-c710-4e21-8095-578ed04ea020}\ () (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{f0292acd-d868-4d82-aebe-70b13313b326}\ () (Fixed) (Total:1.69 GB) (Free:0.89 GB) NTFS
\\?\Volume{1b7803ef-dedf-4406-bbfc-e017c55c457f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 28676295)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================