Tech Support banner
21 - 40 of 51 Posts

·
Registered
Joined
·
132 Posts
Discussion Starter · #22 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by 64bit (19-07-2021 08:57:31) Run:3
Running from C:\Utilities\64bit\Farbar
Loaded Profiles: 64bit
Boot Mode: Normal
==============================================

fixlist content:
*
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.15805.0_none_04f1e78822144171\firefox.browser
C:\Windows\System32\Tasks_Migrated\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Utilities\64bit\Firefox
C:\Utilities\32bit\Shortcuts\Browsers\Mozilla Firefox.lnk
C:\Data\Firefox

[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]
[-HKEY_USERS\.DEFAULT\Software\Mozilla\Firefox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 88.0.1]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Classes\Applications\firefox.exe]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Mozilla Firefox\mozwer.dll
*

"C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.15805.0_none_04f1e78822144171\firefox.browser" => not found
C:\Windows\System32\Tasks_Migrated\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => moved successfully
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => moved successfully
"C:\Utilities\64bit\Firefox" => not found
OK, looks like the removals went ahead OK this time.

If you haven't already done so, please reboot your computer, and then uninstall Avast using .... Avast Uninstall Utility | Download aswClear for Avast Removal

Reboot your computer again once Avast has finished uninstalling.

Now re-install Firefox, and let me know whether it now works OK or not.
Oddly, the install process mentioned 'upgrade', so there must have been Firefox remnants. There is no improvement.
 

·
Moderator , Security Team
Joined
·
1,258 Posts
Please run a system scan with FRST and post me the logs it creates (Frst.txt and Addition.txt) so I can see if there's anything on your machine that might be a possible cause of your problem, because as things stand I can't see why you're having it.

To do that just launch FRST and then click on the Scan button.

The logs are usually long, so easiest if you attach them.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #24 ·
Please run a system scan with FRST and post me the logs it creates (Frst.txt and Addition.txt) so I can see if there's anything on your machine that might be a possible cause of your problem, because as things stand I can't see why you're having it.

To do that just launch FRST and then click on the Scan button.

The logs are usually long, so easiest if you attach them.
Attachment was my first 'instinct' but twice, an error prevented me from attaching, so I pasted content instead. I expect the same problem again.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #25 ·
Sure enough "something went wrong" again.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021
Ran by 64bit (administrator) on VENTO (Gigabyte Technology Co., Ltd. GA-880GM-UD2H) (19-07-2021 20:37:11)
Running from C:\Utilities\64bit\Farbar
Loaded Profiles: 64bit
Platform: Windows 10 Pro Version 21H1 19043.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Kleptomania\KMania.exe
() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
(Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exe
(Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellCenter64.exe
(Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files (x86)\Actual Window Manager\LogonScreenService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Code Sector) [File not signed] C:\Program Files\TeraCopy\TeraCopyService.exe
(Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Insight Software Solutions, Inc.) [File not signed] C:\Program Files (x86)\Macro Express Pro\MacExp.exe
(Insight Software Solutions, Inc.) [File not signed] C:\Program Files (x86)\Macro Express Pro\MEProx64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7711048 2016-09-28] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files\Wondershare\UniConverter\WSVCUUpdateHelper.exe [33968 2021-04-25] (Wondershare Technology Co.,Ltd -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [188808 2021-06-22] (Mixbyte Inc -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Run: [Kleptomania] => C:\Program Files (x86)\Kleptomania\KMania.exe [973312 2017-10-16] () [File not signed]
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-03-05] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Run: [Actual Window Manager] => C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe [2206464 2021-02-12] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools)
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-17] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
AppInit_DLLs: ldntvdm.dll => C:\WINDOWS\system32\ldntvdm.dll [13824 2018-06-20] () [File not signed]
Startup: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Boilerplate.AHK.lnk [2020-08-22]
ShortcutTarget: Boilerplate.AHK.lnk -> C:\Data\Batch files\Boilerplate.AHK () [File not signed]
Startup: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty_Recycle_Bin.lnk [2020-07-12]
ShortcutTarget: Empty_Recycle_Bin.lnk -> C:\Data\Batch files\Empty_Recycle_Bin.vbs () [File not signed]
Startup: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\This PC [2021-05-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express Pro.lnk [2020-08-02]
ShortcutTarget: Macro Express Pro.lnk -> C:\Program Files (x86)\Macro Express Pro\MacExp.exe (Insight Software Solutions, Inc.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {395480AD-D38F-4C13-8E63-7A24941A1817} - System32\Tasks\Opera scheduled Autoupdate 1626276139 => C:\Program Files (x86)\Opera\launcher.exe [2264784 2021-07-14] (Opera Software AS -> Opera Software)
Task: {44CE1D64-FCA7-460D-B58F-E1FF9877BAD3} - System32\Tasks\SafeZone scheduled Autoupdate 1534586109 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {63F20289-5EB8-4BA7-8DB4-8BE77BC6F90D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-03-03] (Google Inc -> Google Inc.)
Task: {7EA38267-7AF0-4E01-BB72-0FE199843A06} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {8E2325B6-8F46-48E9-B27A-A98467AAD5D0} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1161377928-100096128-3991036370-500 => C:\Users\64bit\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AutoPico Daily Restart" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d74f2c40b6a8c9" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1161377928-100096128-3991036370-500" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1626276139" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1534586109" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {B67A34CC-F2BE-4B86-BE3C-1B4533824306} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {B6C180EB-E4B2-4427-855B-C19F7FDAED71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-03-03] (Google Inc -> Google Inc.)
Task: {CE0920FD-5459-4620-B974-29ED3F610429} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe
Task: {ED277869-A460-498C-81DE-86CCC1868F62} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F2058DCA-070D-4424-AD7D-7E76C3BFEC5C} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [14836656 2014-04-30] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.)
Task: {FD5176C4-453D-4F03-89FE-C4CFAF3B7FDC} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{888cc647-2cc5-4371-bb2f-7d55c3f17cfd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c4afb7ce-9e15-461b-aa4d-c2a16a17be3f}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\64bit\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-24]
Edge Extension: (IDM Integration Module) - C:\Users\64bit\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-05-06]
Edge HKU\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2020-12-26]

FireFox:
========
FF DefaultProfile: 8a2v4xio.default
FF ProfilePath: C:\Users\64bit\AppData\Roaming\Mozilla\Firefox\Profiles\8a2v4xio.default [2021-07-17]
FF ProfilePath: C:\Users\64bit\AppData\Roaming\Mozilla\Firefox\Profiles\sgduezls.default-release [2021-07-19]
FF HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\64bit\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\64bit\AppData\Roaming\IDM\idmmzcc5 [2021-02-22] [Legacy] [not signed]
FF HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default [2021-07-18]
CHR Notifications: Default -> hxxps://app.mysms.com
CHR StartupUrls: Default -> "hxxps://www.google.com.au/","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-d6194eaa"
CHR DefaultSearchURL: Default -> hxxps://www.google.com.au/favicon.ico
CHR Extension: (Google Translate) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-07-12]
CHR Extension: (Slides) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-03]
CHR Extension: (Free Download Manager) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2021-02-23]
CHR Extension: (280daily) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aibhdihcdjelmifgpkcalcafldalpkbm [2019-03-03]
CHR Extension: (Flash Video Downloader) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-03-03]
CHR Extension: (Docs) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-03]
CHR Extension: (Dictanote) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2019-03-03]
CHR Extension: (Google Drive) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-18]
CHR Extension: (Todoist for Chrome) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjohebimpjdhhocbknplfelpmdhifhd [2019-03-03]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-06-06]
CHR Extension: (YouTube) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-03]
CHR Extension: (Telegram) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2019-03-03]
CHR Extension: (Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\deigijodonbmdapahgkdjljmcngipaab [2019-03-19]
CHR Extension: (Session Buddy) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2020-07-12]
CHR Extension: (Bulk Media Downloader) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfdcgbfcboceiclmjaofdannmjdeaoi [2021-02-23]
CHR Extension: (Sheets) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-03]
CHR Extension: (mysms) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfhfkdhimodlhfnnefonjfnhfaddlo [2020-08-02]
CHR Extension: (Google Docs Offline) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-25]
CHR Extension: (Avast Online Security) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-03-27]
CHR Extension: (Text Editor) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2020-07-12]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2019-03-03]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2019-03-03]
CHR Extension: (Badge) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hobgfokkfmmdehpedkjgkhjcnejfoodf [2020-08-02]
CHR Extension: (My Diary) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfnkanfehhehlajnhpajibfcfgkaikl [2019-03-03]
CHR Extension: (Mate Translate – translator, dictionary) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2021-06-25]
CHR Extension: (Voice Recognition) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2019-03-03]
CHR Extension: (Excel Online) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2019-03-03]
CHR Extension: (Dropbox) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2019-03-03]
CHR Extension: (Multi Forward for Gmail) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2019-03-03]
CHR Extension: (Google Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-06-06]
CHR Extension: (Evernote Web) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-03-03]
CHR Extension: (Google Maps) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2019-03-03]
CHR Extension: (Yellow highlighter pen for web) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2019-03-03]
CHR Extension: (Google Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-22]
CHR Extension: (IDM Integration Module) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-06-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-27]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2021-06-25]
CHR Extension: (AdBlocker Ultimate) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2020-12-18]
CHR Extension: (diagrams.net Desktop) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebppomjfocnoigkeepgbmcifnnlndla [2021-06-25]
CHR Extension: (SendLeap) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnjmiobjppgfeicepedmfnpjjmfjlha [2020-10-30]
CHR Extension: (Gmail) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-26]
CHR HKU\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.17.7.7150\BVDChromeExt.crx [2019-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.22.9.7557\BVDChromeExt.crx [2021-06-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-26]

Opera:
=======
OPR Profile: C:\Users\64bit\AppData\Roaming\Opera Software\Opera Stable [2021-07-15]
OPR Extension: (Rich Hints Agent) - C:\Users\64bit\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-15]
StartMenuInternet: (HKU\S-1-5-21-1161377928-100096128-3991036370-1001) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2018-11-16] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 aim_LSService; C:\Program Files (x86)\Actual Window Manager\LogonScreenService.exe [609024 2021-02-12] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [483184 2019-01-22] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [715496 2013-11-19] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.)
S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [715496 2013-11-19] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [86920 2021-06-22] (Mixbyte Inc -> Freemake)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [7462200 2021-07-15] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14283048 2021-04-30] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [93184 2016-07-29] (Code Sector) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files\Wondershare\UniConverter\Transfer\DriverInstall.exe [114352 2021-04-25] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [18576 2020-09-07] (Glarysoft LTD -> Glarysoft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-07-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-15] (Malwarebytes Inc -> Malwarebytes)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [72632 2016-09-20] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-19 18:30 - 2021-07-19 18:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-19 17:20 - 2021-07-19 17:19 - 012210760 _ (AVAST Software) C:\Users\64bit\Desktop\avastclear.exe
2021-07-19 12:44 - 2021-07-19 12:44 - 000001385 _ C:\Users\Public\Desktop\TubeMate Downloader.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000001365 _ C:\Users\Public\Desktop\TubeMate Player.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000001310 _ C:\Users\Public\Desktop\MP4 Downloader Pro.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000001290 _ C:\Users\Public\Desktop\MP4 Converter.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000001275 _ C:\Users\Public\Desktop\MP4 Player.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000000000 ____D C:\Users\64bit\AppData\Roaming\TubeMate Software
2021-07-19 12:44 - 2021-07-19 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows TubeMate
2021-07-19 12:44 - 2021-07-19 12:44 - 000000000 ____D C:\Program Files (x86)\TubeMate Software
2021-07-19 12:36 - 2021-07-19 12:36 - 000000990 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-07-19 12:36 - 2021-07-19 12:36 - 000000978 _ C:\Users\Public\Desktop\4K Video Downloader.lnk
2021-07-19 12:35 - 2021-07-19 12:35 - 000000000 ____D C:\Program Files (x86)\4KDownload
2021-07-19 12:29 - 2021-07-19 12:29 - 000001135 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\icofx 3.lnk
2021-07-19 12:29 - 2021-07-19 12:29 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Neos Eureka S.r.l
2021-07-19 12:29 - 2021-07-19 12:29 - 000000000 ____D C:\Users\64bit\AppData\Roaming\icofx3
2021-07-19 12:29 - 2021-07-19 12:29 - 000000000 ____D C:\ProgramData\icofx3
2021-07-19 12:29 - 2021-07-19 12:29 - 000000000 ____D C:\Program Files (x86)\icofx3
2021-07-18 19:57 - 2021-07-18 19:57 - 000002221 _ C:\Users\Public\Desktop\Xilisoft AVI MPEG Joiner 2.lnk
2021-07-18 19:48 - 2021-07-18 19:48 - 000002212 _ C:\Users\Public\Desktop\Xilisoft Video Splitter 2.lnk
2021-07-18 17:30 - 2021-07-18 17:30 - 000002872 _ C:\Users\64bit\Desktop\fixlist.txt
2021-07-18 17:30 - 2021-07-18 17:30 - 000000333 _ C:\Users\64bit\Desktop\Fixlog.txt
2021-07-18 17:06 - 2021-07-19 20:37 - 000000000 ____D C:\FRST
2021-07-18 14:20 - 2021-07-18 14:20 - 000002256 _ C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2021-07-18 14:15 - 2021-07-18 14:15 - 000002202 _ C:\Users\Public\Desktop\Xilisoft HD Video Converter.lnk
2021-07-18 14:03 - 2021-07-18 19:57 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Xilisoft
2021-07-18 14:03 - 2021-07-18 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2021-07-18 14:03 - 2021-07-18 14:03 - 000002157 _ C:\Users\Public\Desktop\Xilisoft MP4 Converter.lnk
2021-07-18 14:02 - 2021-07-18 19:57 - 000000000 ____D C:\ProgramData\Xilisoft
2021-07-18 14:02 - 2021-07-18 19:57 - 000000000 ____D C:\Program Files (x86)\Xilisoft
2021-07-18 13:51 - 2021-07-18 13:51 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Origen
2021-07-17 17:41 - 2021-07-19 20:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-17 17:41 - 2021-07-19 18:30 - 000001010 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-17 17:41 - 2021-07-19 18:30 - 000000998 _ C:\Users\Public\Desktop\Firefox.lnk
2021-07-17 17:41 - 2021-07-17 17:41 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Mozilla
2021-07-17 17:40 - 2021-07-19 18:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-17 13:55 - 2021-07-17 13:55 - 000007680 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-17 13:55 - 2021-07-17 13:55 - 000006656 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-17 13:54 - 2021-07-17 13:54 - 002371072 _ C:\WINDOWS\system32\rdpnano.dll
2021-07-17 13:54 - 2021-07-17 13:54 - 000452608 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-17 13:54 - 2021-07-17 13:54 - 000084992 _ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-17 13:54 - 2021-07-17 13:54 - 000067584 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-17 13:54 - 2021-07-17 13:54 - 000007680 _ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-17 13:54 - 2021-07-17 13:54 - 000006656 _ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-17 13:53 - 2021-07-17 13:53 - 001314128 _ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-17 13:53 - 2021-07-17 13:53 - 000570880 _ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-17 13:53 - 2021-07-17 13:53 - 000011357 _ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-17 13:52 - 2021-07-17 13:52 - 002260992 _ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-17 13:52 - 2021-07-17 13:52 - 001823280 _ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-17 13:52 - 2021-07-17 13:52 - 001393504 _ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-17 13:52 - 2021-07-17 13:52 - 000097792 _ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-17 13:52 - 2021-07-17 13:52 - 000060928 _ C:\WINDOWS\system32\runexehelper.exe
2021-07-17 13:18 - 2021-07-17 13:18 - 000000000 ___HD C:\$WinREAgent
2021-07-17 13:15 - 2021-07-18 16:54 - 000003214 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d74f2c40b6a8c9
2021-07-15 01:29 - 2021-07-15 01:29 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stylet Click & Gone - One Click App Killer
2021-07-15 01:29 - 2021-07-15 01:29 - 000000000 ____D C:\Program Files (x86)\Stylet Click & Term 1.0
2021-07-15 01:22 - 2021-07-18 16:54 - 000003532 _ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1626276139
2021-07-15 01:22 - 2021-07-15 01:22 - 000001241 _ C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-07-15 01:21 - 2021-07-15 01:21 - 000248992 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-07-15 01:21 - 2021-07-15 01:21 - 000019912 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-07-15 01:21 - 2021-07-15 01:21 - 000002041 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-14 23:52 - 2021-07-14 23:52 - 000000080 _ C:\Users\64bit\Desktop\profile.txt
2021-06-25 23:32 - 2021-06-25 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2021-06-25 23:32 - 2021-06-25 23:32 - 000000000 ____D C:\Program Files (x86)\XetoWare
2021-06-25 23:32 - 2015-02-15 21:01 - 001296896 _ (Clever Components) C:\WINDOWS\SysWOW64\clmultidx7.ocx
2021-06-25 23:32 - 2011-02-16 09:00 - 000132880 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.ocx
2021-06-25 23:32 - 2006-10-16 23:15 - 000152848 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2021-06-25 23:21 - 2021-06-25 23:26 - 000000000 ____D C:\Users\64bit\Documents\WonderFox Soft
2021-06-25 23:15 - 2021-06-25 23:15 - 000000000 ____D C:\Users\64bit\Documents\WinX YouTube Downloader
2021-06-25 23:08 - 2021-06-25 23:13 - 000000000 ____D C:\Users\64bit\AppData\Roaming\VideoProc
2021-06-25 23:08 - 2021-06-25 23:08 - 000000000 ____D C:\Users\64bit\Documents\VideoProc
2021-06-25 23:08 - 2021-06-25 23:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Digiarty
2021-06-25 23:08 - 2021-06-25 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\Users\64bit\Documents\Freemake
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\ProgramData\Freemake
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\Program Files (x86)\Freemake
2021-06-25 22:30 - 2021-06-25 22:33 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Bigasoft Video Downloader Pro
2021-06-25 22:30 - 2021-06-25 22:30 - 000000000 ____D C:\Users\64bit\Documents\Bigasoft Video Downloader Pro
2021-06-25 22:30 - 2021-06-25 22:30 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2021-06-25 22:30 - 2021-06-25 22:30 - 000000000 ____D C:\Program Files (x86)\Bigasoft
2021-06-25 14:41 - 2021-06-25 14:41 - 000001238 _ C:\Users\64bit\Desktop\Shutdown.lnk
2021-06-25 14:08 - 2021-06-25 14:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Window Manager
2021-06-25 14:08 - 2021-06-25 14:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Actual Tools
2021-06-25 14:08 - 2021-06-25 14:08 - 000000000 ____D C:\ProgramData\Actual Tools
2021-06-25 14:08 - 2021-06-25 14:08 - 000000000 ____D C:\Program Files (x86)\Actual Window Manager
2021-06-25 12:34 - 2021-06-25 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Launch Bar
2021-06-25 12:08 - 2021-06-25 12:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Tordex
2021-06-24 16:13 - 2021-06-25 12:35 - 000000000 ____D C:\Program Files\TrueLaunchBar
2021-06-24 14:57 - 2021-06-24 14:57 - 000000000 ____D C:\Users\64bit\AppData\Roaming\JAM Software
2021-06-24 14:57 - 2021-06-24 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize
2021-06-24 14:57 - 2021-06-24 14:57 - 000000000 ____D C:\Program Files\JAM Software
2021-06-24 14:56 - 2021-06-24 14:56 - 002755584 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-24 14:55 - 2021-06-24 14:55 - 002755584 _ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-24 14:54 - 2021-06-24 14:54 - 001864192 _ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-24 14:54 - 2021-06-24 14:54 - 000468440 _ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-24 14:54 - 2021-06-24 14:54 - 000423936 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-24 14:54 - 2021-06-24 14:54 - 000223744 _ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-24 14:53 - 2021-06-24 14:53 - 002260480 _ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-24 14:52 - 2021-06-24 14:52 - 000657464 _ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-24 14:52 - 2021-06-24 14:52 - 000563712 _ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-24 14:52 - 2021-06-24 14:52 - 000287232 _ C:\WINDOWS\system32\CoreMas.dll
2021-06-24 14:52 - 2021-06-24 14:52 - 000272384 _ C:\WINDOWS\system32\TpmTool.exe
2021-06-24 14:34 - 2021-06-24 14:34 - 000000000 ____D C:\Users\64bit\AppData\Local\mbamtray
2021-06-24 14:34 - 2021-06-24 14:34 - 000000000 ____D C:\Users\64bit\AppData\Local\mbam
2021-06-24 14:33 - 2021-07-15 01:21 - 000199128 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-19 20:36 - 2021-05-23 02:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-19 20:24 - 2021-05-23 03:05 - 000795738 _ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-19 20:24 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-19 20:22 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-19 20:22 - 2019-03-03 20:18 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-19 20:21 - 2019-11-24 22:23 - 000000000 ____D C:\Users\64bit\AppData\Local\Greenshot
2021-07-19 20:20 - 2021-05-23 03:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-19 20:20 - 2021-05-22 22:28 - 000000000 ____D C:\Program Files\TeamViewer
2021-07-19 20:20 - 2020-05-29 19:23 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-19 20:20 - 2019-03-26 23:01 - 000000416 _ C:\WINDOWS\SysWOW64\AbBakConfig.dat
2021-07-19 20:20 - 2019-03-26 23:00 - 000000150 _ C:\WINDOWS\SysWOW64\winsevr.dat
2021-07-19 20:20 - 2019-03-26 22:59 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2021-07-19 20:20 - 2018-08-18 22:19 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-19 18:44 - 2019-12-07 19:03 - 000262144 _ C:\WINDOWS\system32\config\BBI
2021-07-19 18:32 - 2019-04-18 14:39 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-19 18:31 - 2018-10-03 14:23 - 000000000 ____D C:\Users\64bit\AppData\LocalLow\Mozilla
2021-07-19 18:30 - 2018-09-01 23:43 - 000000000 ____D C:\Users\64bit\AppData\Roaming\TeraCopy
2021-07-19 18:24 - 2018-08-18 22:52 - 000000000 ____D C:\Users\64bit\AppData\Local\AVAST Software
2021-07-19 18:10 - 2019-08-25 20:44 - 000000214 _ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-07-19 18:06 - 2019-10-11 20:01 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-07-19 17:49 - 2021-05-23 03:17 - 000004264 _ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-19 17:46 - 2018-08-18 19:53 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-19 13:52 - 2018-08-17 02:29 - 000000000 ____D C:\Users\64bit\Desktop\Holding
2021-07-19 12:44 - 2019-06-26 20:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Tomabo
2021-07-18 16:54 - 2021-05-23 03:17 - 000003408 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-18 16:54 - 2021-05-23 03:17 - 000003346 _ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-18 16:54 - 2021-05-23 03:17 - 000003338 _ C:\WINDOWS\system32\Tasks\SafeZone scheduled Autoupdate 1534586109
2021-07-18 16:54 - 2021-05-23 03:17 - 000003184 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-18 16:54 - 2021-05-23 03:17 - 000003122 _ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-18 16:54 - 2021-05-23 03:17 - 000002854 _ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1161377928-100096128-3991036370-500
2021-07-18 16:54 - 2021-05-23 03:17 - 000002612 _ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-07-18 16:54 - 2021-05-23 03:17 - 000002528 _ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2021-07-18 14:03 - 2021-05-23 03:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-07-18 13:22 - 2019-06-06 13:55 - 000000000 ____D C:\Program Files\KMSpico
2021-07-17 23:19 - 2018-08-18 19:57 - 000000000 ____D C:\Users\64bit\AppData\Roaming\vlc
2021-07-17 17:41 - 2018-10-03 14:23 - 000000000 ____D C:\Users\64bit\AppData\Local\Mozilla
2021-07-17 17:30 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-17 17:26 - 2021-05-23 02:46 - 000381056 _ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-17 17:06 - 2019-12-07 19:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-17 16:47 - 2019-05-19 18:23 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2021-07-17 16:47 - 2018-08-17 23:32 - 000000000 ____D C:\Program Files (x86)\net.downloadhelper.coapp
2021-07-17 16:47 - 2018-08-17 23:31 - 000000000 ____D C:\Program Files (x86)\Free Download Manager
2021-07-17 16:47 - 2018-08-17 22:14 - 000000000 ____D C:\Data
2021-07-17 13:59 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-17 13:53 - 2018-08-16 19:56 - 000414038 __RSH C:\bootmgr
2021-07-17 13:27 - 2018-08-18 22:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-17 13:26 - 2020-09-28 00:36 - 000002443 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-17 13:26 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-17 13:26 - 2018-08-16 02:14 - 000000000 ____D C:\Users\64bit\AppData\Local\Packages
2021-07-17 13:23 - 2019-03-03 20:19 - 000002306 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-17 13:18 - 2018-08-18 22:27 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-16 11:16 - 2019-06-06 02:44 - 000000000 ____D C:\Program Files (x86)\Opera
2021-07-15 15:17 - 2021-05-23 02:29 - 000000000 ____D C:\Users\64bit
2021-07-15 01:21 - 2019-12-07 19:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-07-15 00:51 - 2021-02-22 23:16 - 000000000 ____D C:\Users\64bit\AppData\Roaming\DMCache
2021-06-25 23:37 - 2020-07-12 00:49 - 000000000 ____D C:\Users\64bit\AppData\Roaming\MightyText
2021-06-25 23:30 - 2019-11-15 19:48 - 000000000 ____D C:\Program Files (x86)\Universal USB Installer
2021-06-25 23:26 - 2018-08-23 22:36 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2021-06-25 23:26 - 2018-08-23 22:36 - 000000000 ____D C:\Program Files (x86)\WonderFox Soft
2021-06-25 23:21 - 2019-08-31 01:32 - 000000000 ____D C:\Users\64bit\AppData\Roaming\WinX YouTube Downloader
2021-06-25 23:08 - 2019-08-31 01:32 - 000000000 ____D C:\Program Files (x86)\Digiarty
2021-06-25 23:05 - 2019-08-25 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-06-25 22:39 - 2020-07-11 23:04 - 000001686 _ C:\Users\64bit\Documents\starburn.txt
2021-06-25 21:02 - 2019-08-25 19:22 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Wondershare
2021-06-25 21:02 - 2019-08-25 19:22 - 000000000 ____D C:\Users\64bit\AppData\Local\Wondershare
2021-06-25 21:01 - 2019-08-25 19:21 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-06-25 20:58 - 2019-07-30 22:33 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Allavsoft
2021-06-25 20:51 - 2021-02-22 22:27 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Signal
2021-06-25 20:51 - 2020-08-02 14:49 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Telegram Desktop
2021-06-25 20:28 - 2021-05-24 22:26 - 000000000 ____D C:\Users\64bit\AppData\Local\Pushbullet
2021-06-25 13:22 - 2018-08-17 23:33 - 000000000 ____D C:\Program Files (x86)\CCleaner
2021-06-24 18:25 - 2020-01-04 23:14 - 000001024 ____H C:\AMTAG.BIN
2021-06-24 18:25 - 2020-01-04 23:13 - 000006537 _ C:\WINDOWS\GA_OF.dat
2021-06-24 17:17 - 2021-03-27 11:02 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-24 15:04 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\servicing
2021-06-24 15:00 - 2019-08-25 20:17 - 000000000 ____D C:\Program Files\Unlocker
2021-06-24 14:51 - 2018-11-16 12:32 - 000000000 ____D C:\Program Files (x86)\JAM Software
2021-06-24 14:48 - 2021-02-22 22:03 - 000001130 _ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2021-06-24 14:48 - 2021-02-22 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-06-24 14:19 - 2021-05-23 00:55 - 000000000 ____D C:\Users\64bit\AppData\Local\ElevatedDiagnostics
2021-06-24 13:38 - 2021-05-24 21:54 - 000000000 ____D C:\WINDOWS\Panther

==================== Files in the root of some directories ========

2017-01-14 21:37 - 2017-01-14 21:37 - 002174976 _ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2020-01-04 23:24 - 2020-01-04 23:24 - 001276928 _ () C:\Users\64bit\AppData\Roaming\smss.exe
2019-10-07 19:59 - 2019-10-07 19:59 - 000000410 _ () C:\Users\64bit\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by 64bit (19-07-2021 20:40:00)
Running from C:\Utilities\64bit\Farbar
Windows 10 Pro Version 21H1 19043.1110 (X64) (2021-05-22 17:19:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

64bit (S-1-5-21-1161377928-100096128-3991036370-1001 - Administrator - Enabled) => C:\Users\64bit
Administrator (S-1-5-21-1161377928-100096128-3991036370-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1161377928-100096128-3991036370-503 - Limited - Disabled)
Guest (S-1-5-21-1161377928-100096128-3991036370-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1161377928-100096128-3991036370-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
4K Video Downloader (HKLM\...\{8D675A5F-BA7D-4FC8-8B38-2D1D5A5DB905}) (Version: 4.16.2.4280 - Open Media LLC)
[email protected] Partition Recovery 18 (HKLM\...\{9D7E3F86-DAA8-4894-96D6-A0AB26291A16}_is1) (Version: 18 - LSoft Technologies Inc)
Actual Window Manager 8.14.5 (HKLM-x32\...\Actual Windows Manager_is1) (Version: 8.14.5 - Actual Tools)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_1) (Version: 20.0.1 - Adobe Systems Incorporated)
AIDA64 Extreme v5.97 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.97 - FinalWire Ltd.)
Allavsoft 3.17.7.7150 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation)
AOMEI Backupper Professional (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant 8.6 (HKLM-x32\...\{04F850ED-FD0F-4ED1-AE1B-4498165BF3D2}_is1) (Version: - AOMEI Technology Co., Ltd.)
AutoHotkey 1.1.27.03 (HKLM\...\AutoHotkey) (Version: 1.1.27.03 - Lexikos)
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
Bigasoft Video Downloader Pro 3.22.9.7557 (HKLM-x32\...\{C7056BA6-D954-43A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation)
Casper 8.0 (HKLM\...\{6A58EB2E-5883-4515-910D-699C4396797B}) (Version: 8.0.4422 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.69 - Piriform)
Clipboard Magic version 5.05 (HKLM-x32\...\Clipboard Magic_is1) (Version: 5.05 - CyberMatrix Corporation, Inc.)
CloseAll (HKLM-x32\...\CloseAll) (Version: 3.0 - NTWind Software)
CPUID CPU-Z 1.95 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.95 - CPUID, Inc.)
DiskGenius 5.3.0 (HKLM\...\{2661F2FA-56A7-415D-8196-C4CB3D3ACFFE}_is1) (Version: - Eassos Co., Ltd.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Eassos PartitionGuru 4.9.5 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.)
EmEditor (64-bit) (HKLM\...\{E6B168F6-063F-41B3-AA51-8715318FF209}) (Version: 19.0.0 - Emurasoft, Inc.)
Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: v3.7.28.0 - TANK Studios LTD)
Folder Size Explorer (HKLM-x32\...\{7C3E7EA4-DCEC-4E49-8459-B6F15DBD9795}) (Version: 1.7.1 - Bazwise)
Free YouTube Downloader (HKLM-x32\...\{D310A35E-DE1E-4804-9AD7-67EFA4A6FB54}_is1) (Version: 2016.3.27 - XetoWare)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.5 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 1.0.1 - Alexander Shaduri)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.70 - Janos Mathe)
HD Video Converter Factory 15.4 (HKLM-x32\...\HD Video Converter Factory) (Version: 15.4 - WonderFox Soft, Inc.)
icofx 3.5 (HKLM-x32\...\icofx 3_is1) (Version: 3.5 - IcoFX Software S.R.L.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.38.16 - Tonec Inc.)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
IrfanView 4.56 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.56 - Irfan Skiljan)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kleptomania version 5.0 (HKLM-x32\...\{59C08933-1E83-4A8B-A2A9-FD895CFCC95D}_is1) (Version: 5.0 - StructuRise)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Macro Express Pro (HKLM-x32\...\Macro Express Pro) (Version: 4.2.1.1 - Insight Software Solutions, Inc.)
Malwarebytes version 4.4.2.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Messenger for Desktop (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\{4e2a4302-5df4-5868-a685-36c844414384}) (Version: 3.0.14 - MFD LABS LTD)
Messenger for Desktop (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\4e2a4302-5df4-5868-a685-36c844414384) (Version: 3.0.8 - MFD LABS LTD)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MightyText (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\MightyText) (Version: 5.3.1 - MightyText)
MiniTool Power Data Recovery 8.0 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 8.0 - MiniTool Software Limited)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 90.0 (x64 en-US)) (Version: 90.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0 - Mozilla)
MP4 Downloader Pro 4 (HKLM-x32\...\MP4 Downloader Pro_is1) (Version: - Tomabo)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version: - )
NTVDM x64 (HKLM\...\ConhostFullScreen) (Version: 1.0.0.0 - leecher1337)
Opera Stable 20.0.1387.64 (HKLM-x32\...\Opera 20.0.1387.64) (Version: 20.0.1387.64 - Opera Software ASA)
Opera Stable 77.0.4054.254 (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Opera 77.0.4054.254) (Version: 77.0.4054.254 - Opera Software)
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registrar Registry Manager 9.01 (HKLM\...\Registrar32_is1) (Version: - Resplendence Software Projects Sp.)
Revo Uninstaller Pro 4.4.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.5 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.101 (HKLM-x32\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software) Hidden
Signal 5.6.2 (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.6.2 - Open Whisper Systems)
Skype version 8.67 (HKLM-x32\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.)
SolveigMM Video Splitter Business Edition x64 (HKLM\...\SolveigMM Video Splitter Business Edition x64 7.3.1906.10) (Version: 7.3.1906.10 - Solveig Multimedia)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.17.7 - TeamViewer)
Telegram Desktop version 2.5.9 (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.9 - Telegram FZ-LLC)
TeraCopy 3.0 RC (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TeraCopy v3.0 (HKLM-x32\...\TeraCopy v3.0) (Version: v3.0 - Code Sector)
TreeSize V8.1.2 (64 bit) (HKLM\...\TreeSize_is1) (Version: 8.1.2 - JAM Software)
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 7.3.0.0 - Tordex)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
vDosWP (HKLM-x32\...\{49883946-559B-4FE0-866F-7674B9516A75}_is1) (Version: 2018.10.14 - wpdos.org)
VideoProc (HKLM-x32\...\VideoProc) (Version: 3.8 - Digiarty, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.16.0.0 - Winaero)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows TubeMate 3 (HKLM-x32\...\Windows TubeMate_is1) (Version: - TubeMate Software)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WinX YouTube Downloader (HKLM-x32\...\WinX YouTube Downloader) (Version: 5.5 - Digiarty, Inc.)
WonderFox DVD Video Converter 16.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 16.0 - WonderFox Soft, Inc.)
Wondershare AllMyTube(Build 7.4.9.2) (HKLM-x32\...\AllMyTube_is1) (Version: 7.4.9.2 - Wondershare)
Wondershare Filmora(Build 7.8.9) (HKLM-x32\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 11.7.4.2) (HKLM-x32\...\UniConverter_is1) (Version: 11.7.4.2 - Wondershare Software)
Wondershare UniConverter(Build 12.6.2.5) (HKLM\...\UniConverter_is1) (Version: 12.6.2.5 - Wondershare Software)
Xilisoft AVI MPEG Joiner 2 (HKLM-x32\...\Xilisoft AVI MPEG Joiner 2) (Version: 2.2.0.20170209 - Xilisoft)
Xilisoft HD Video Converter (HKLM-x32\...\Xilisoft HD Video Converter) (Version: 7.8.21.20170920 - Xilisoft)
Xilisoft MP4 Converter (HKLM-x32\...\Xilisoft MP4 Converter) (Version: 7.8.24.20200219 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.25.20200718 - Xilisoft)
Xilisoft Video Splitter 2 (HKLM-x32\...\Xilisoft Video Splitter 2) (Version: 2.2.0.20170209 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\64bit\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\64bit\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{D4D48C93-BDC7-4E76-B530-2E4D13B0150F}\InprocServer32 -> C:\Users\64bit\AppData\Local\Programs\EmEditor\emedshl64.dll (Emurasoft, Inc. -> Emurasoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57}\InprocServer32 -> C:\Users\64bit\AppData\Local\Programs\EmEditor\emedshl64.dll (Emurasoft, Inc. -> Emurasoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
ContextMenuHandlers5: [Actual Window Manager] -> {CE577978-3FCA-430D-B0CE-D637788F9C5A} => C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellExtension64.dll [2021-02-12] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-28] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1161377928-100096128-3991036370-1001: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Users\64bit\AppData\Local\Programs\EmEditor\emedshl64.dll [2019-07-30] (Emurasoft, Inc. -> Emurasoft, Inc.)
ContextMenuHandlers2_S-1-5-21-1161377928-100096128-3991036370-1001: [EmEditor] -> [CC]{D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\64bit\Desktop\Restart.lnk -> C:\Data\Batch files\Restart.bat ()
Shortcut: C:\Users\64bit\Desktop\Shutdown.lnk -> C:\Data\Batch files\Shutdown.bat ()
Shortcut: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Greenshot.lnk -> C:\Data\Batch files\Greenshot.bat ()
Shortcut: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KillGreenshot.lnk -> C:\Data\Batch files\KillGreenshot.bat ()
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mysms.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gagfhfkdhimodlhfnnefonjfnhfaddlo
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SendLeap.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chats\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chats\mysms.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gagfhfkdhimodlhfnnefonjfnhfaddlo
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chats\SendLeap.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha

==================== Loaded Modules (Whitelisted) =============

2018-08-18 17:53 - 2017-10-16 01:21 - 003420672 _ () [File not signed] C:\Program Files (x86)\Kleptomania\TextractSmart.dll
2021-05-24 21:00 - 2016-09-19 12:09 - 000813056 _ () [File not signed] C:\Program Files\NetWorx\sqlite.dll
2014-12-31 04:00 - 2014-12-31 04:00 - 001668096 _ () [File not signed] C:\Program Files\TrueLaunchBar\cairo.dll
2018-08-18 07:39 - 2018-06-20 00:27 - 000013824 _ () [File not signed] C:\WINDOWS\system32\ldntvdm.dll
2015-02-24 04:26 - 2015-02-24 04:26 - 004314624 _ (FreeImage) [File not signed] C:\Program Files\TrueLaunchBar\FreeImage.dll
2020-08-02 13:21 - 2010-10-29 10:45 - 000071680 _ (Insight Software Solutions) [File not signed] C:\Program Files (x86)\Macro Express Pro\mexhook.dll
2020-08-02 13:21 - 2010-10-29 11:45 - 000042496 _ (Insight Software Solutions, Inc.) [File not signed] C:\Program Files (x86)\Macro Express Pro\mexhookx64.dll
2021-06-24 13:58 - 2021-06-24 13:58 - 000065536 _ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2015-10-04 08:13 - 2015-10-04 08:13 - 004453560 ____N (Olga Kobets -> Tordex) [File not signed] C:\Program Files\TrueLaunchBar\tlb.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [410]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-1161377928-100096128-3991036370-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-12-13] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-12-13] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-20] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 09:38 - 2020-07-11 23:02 - 000000914 _ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 platform.wondershare.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\AOMEI Backupper
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "WSVCUUpdateHelper.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\StartupFolder: => "LaunchThisPC.lnk"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\StartupFolder: => "EmEditor.lnk"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_13AB1318FCCC868757829229F648A965"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "GUDelayStartup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{51B5C010-3054-4A0C-8DCB-2E608D50C9C0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A15BB8FC-09FB-4527-9D92-57A24618BF4D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B14DA162-795E-4790-A7DA-01E6DE81A8A7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1F5C53F1-4568-41CC-8B1A-355E6780A66D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{20B685D9-91A4-4244-8D78-66EFA3D1CFA3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A545A5BE-030E-4C98-B00B-D8CD695279C8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7523D4C-E92A-4B87-AE49-6D035EFB4168}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{2CE70170-5363-44F3-B9B7-B92E1D0E178F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{50E906A9-32AA-4ED0-B142-C255255DCA65}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{F1679CF0-DA81-46C9-A931-5FEEB92054EB}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [TCP Query User{9DCABEF8-28F2-4BB4-BBFE-D188A7A351A1}C:\users\64bit\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\64bit\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> MightyText)
FirewallRules: [UDP Query User{2A2C5FCA-9306-40F1-B6AC-C8DDAE047583}C:\users\64bit\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\64bit\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> MightyText)
FirewallRules: [{62642650-44A1-4098-B8DD-619F8E3A6847}] => (Allow) C:\Program Files\NetWorx\networx.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect)
FirewallRules: [{2658B373-795B-45BF-B74A-C91A51B8DD60}] => (Allow) C:\Program Files (x86)\Opera\77.0.4054.254\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{4B01B7FF-1867-4E8E-873C-15E1648D7928}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BCCA7F6C-CF0D-4F37-BE0D-DEF8E828E838}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD3995BC-BEB4-4A05-84DE-6740BA206AEC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Downloader Pro\MP4DownloaderPro.exe] => Enabled:MP4 Downloader Pro
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TubeMate Software\Windows TubeMate\TubeMateDownloader.exe] => Enabled:TubeMate Downloader
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TubeMate Software\Windows TubeMate\Modules\MS_ytdl.exe] => Enabled:MS_ytdl
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TubeMate Software\Windows TubeMate\Modules\MS_yg.exe.exe] => Enabled:MS_yg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Downloader Pro\Components\MS_ytdl.exe] => Enabled:MS_ytdl

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:74.53 GB) (Free:31.2 GB) (42%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2021 08:20:53 PM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...

Error: (07/19/2021 06:24:42 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (07/19/2021 06:24:24 PM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...

Error: (07/19/2021 05:52:17 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (07/19/2021 05:52:17 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/19/2021 05:46:24 PM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...

Error: (07/19/2021 01:44:28 PM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...

Error: (07/19/2021 08:52:46 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...


System errors:
=============
Error: (07/19/2021 08:20:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2021 06:24:21 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2021 06:23:05 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/19/2021 06:23:05 PM) (Source: DCOM) (EventID: 10010) (User: VENTO)
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (07/19/2021 06:21:50 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/19/2021 06:21:49 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/19/2021 06:21:49 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/19/2021 06:21:19 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}


CodeIntegrity:
===============
Date: 2021-07-19 20:20:29
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-07-19 18:06:24
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-07-19 17:48:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-07-19 17:47:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-07-19 17:46:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F7 07/26/2010
Motherboard: Gigabyte Technology Co., Ltd. GA-880GM-UD2H
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 29%
Total physical RAM: 7676.15 MB
Available physical RAM: 5389.07 MB
Total Virtual: 8892.15 MB
Available Virtual: 6651.71 MB

==================== Drives ================================

Drive c: (EXPER) (Fixed) (Total:74.53 GB) (Free:31.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 1418E4C9)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

·
Moderator , Security Team
Joined
·
1,258 Posts
Looking over your logs now. Dependent on how much I have to research this may take a while, I'll get back to you as soon as possible.
 

·
Moderator , Security Team
Joined
·
1,258 Posts
There's a few things on your computer of concern, and one or more of them may be related to your problem.

I'll list what I've found, and what I think you should do about them below ....

First ....

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Use of P2P software is the quickest way I know of to contract an infection, and I strongly recommend that you uninstall any P2P programs.

Next ....

You have far too many Chrome extensions installed, the more you use, the less stable Chrome will be. Below I have listed those that I could get no clear details of ....

CHR Extension: (280daily) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aibhdihcdjelmifgpkcalcafldalpkbm [2019-03-03]
CHR Extension: (Todoist for Chrome) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjohebimpjdhhocbknplfelpmdhifhd [2019-03-03]
CHR Extension: (Telegram) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2019-03-03]
CHR Extension: (Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\deigijodonbmdapahgkdjljmcngipaab [2019-03-19]
CHR Extension: (mysms) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfhfkdhimodlhfnnefonjfnhfaddlo [2020-08-02]
CHR Extension: (Avast Online Security) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-03-27]
CHR Extension: (Badge) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hobgfokkfmmdehpedkjgkhjcnejfoodf [2020-08-02]
CHR Extension: (Google Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-06-06]
CHR Extension: (Google Maps) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2019-03-03]
CHR Extension: (IDM Integration Module) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-06-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-27]
CHR Extension: (SendLeap) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnjmiobjppgfeicepedmfnpjjmfjlha [2020-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-26]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.17.7.7150\BVDChromeExt.crx [2019-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.22.9.7557\BVDChromeExt.crx [2021-06-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-26]
You also have a questionable Opera extension installed ....

OPR Extension: (Rich Hints Agent) - C:\Users\64bit\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-15]
I recommend you uninstall them ....



Next ....

Did you set these restrctions yourself ?

HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 1
Next ....

Open a Notepad file and copy/paste the contents of the code box below into it (don't include Code: ) ...

Code:
VirusTotal: C:\Program Files (x86)\Kleptomania\KMania.exe;C:\Program Files\AutoHotkey\AutoHotkey.exe;C:\WINDOWS\system32\ldntvdm.dll
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
C:\Program Files\AVAST Software
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {44CE1D64-FCA7-460D-B58F-E1FF9877BAD3} - System32\Tasks\SafeZone scheduled Autoupdate 1534586109 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AutoPico Daily Restart" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d74f2c40b6a8c9" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1161377928-100096128-3991036370-500" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1626276139" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1534586109" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {B67A34CC-F2BE-4B86-BE3C-1B4533824306} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {CE0920FD-5459-4620-B974-29ED3F610429} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe
CHR Notifications: Default -> hxxps://app.mysms.com
2021-07-19 18:24 - 2018-08-18 22:52 - 000000000 ____D C:\Users\64bit\AppData\Local\AVAST Software
2021-07-19 17:49 - 2021-05-23 03:17 - 000004264 _ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-19 17:46 - 2018-08-18 19:53 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-18 14:03 - 2021-05-23 03:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [410]
FirewallRules: [{B7523D4C-E92A-4B87-AE49-6D035EFB4168}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{2CE70170-5363-44F3-B9B7-B92E1D0E178F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
EmptyTemp:
CMD: ipconfig /flushdns
Save as fixlist.txt in the same location as FRST.

  • Start FRST and when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #29 ·
About Chrome extensions - I dont remember installing any/many - I recognise a lot of the names, and they must have derived from programs which I installed of which Opera is the most recent and therefore the most likely to have made the difference to Firefox.

I did not set the restrictions you reference.

How about for starters I uninstall Opera, and see if Firefox comes good, before doing any further modifications ?
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #30 ·
So far I've done all you suggested short of undoing the registry restrictions (change '1' to '0' ?) because you dont give the full path, so I dont know how to find them. If you give me the full path, I'll do that. I will wait with running your code until that is resolved one way or another. No improvement yet.
 

·
Moderator , Security Team
Joined
·
1,258 Posts
To remove the two restrictions, if you want to do it manually then .....

HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer set value of NoNetConnectDisconnect to 0

HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
set value of NoManageMyComputerVerb to 0

Don't forget to reboot afterwards or the registry edit will not be processed.

Alternatively, just ad these two lines to the FRST fix ...

HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 1
.... and FRST will remove them.

Either way, you do need to run the FRST "fix" I gave you to run, as that's the most likely to resolve things. Note the entry ...

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
... which is IMO very likely to be the culprit, and will be reset to default by FRST when the fixlist is processed.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #32 ·
HKLM\SOFTWARE\Policies\Mozilla\Firefox: contains only DEFAULT - NOTHING about restriction.

Running fixlist.txt caused no improvement.

I set HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect value to 0

HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoManageMyComputerVerb does not exist, so its value can not be changed.

I rebooted and launched Firefox again - NO improvement.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #34 ·
I no longer have that, because I had been doing 'those tests' on a clone of the system, and since nothing had worked, I've cloned the original system back to that drive. We'd be starting from scratch....
 

·
Moderator , Security Team
Joined
·
1,258 Posts
In that case, I'm going to have to withdraw from this topic. Without proper feedback I don't believe we're going to resolve things.

I wish you luck in finding a solution.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #38 ·
You're welcome, sorry we didn't resolve things.

Question .... have you tried performing a DISM and a SFC, just in case you have some system corruption that is manifesting itself in an unusual manner.

See .... Problems with Windows 10? The DISM tool can help – here's how.

Clutching at straws a bit I know, but I've seen some weird problems solved this way.
I had not, but I can do so.

By the way, I can now state categorically that the Bookmarks problem PRECEDED the installation of Opera. And Bookmarks worked fine for years although uTorrent was installed. Lifting the restrictions in the Registry did not restore the Bookmarks function, but then again, I could only find one, when you said there were two.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #39 ·
The DISM ScanHealth reported : "The Component store is repairable"; so I ran the DISM RepairHealth. SFC /scannow claimed to have fixed corrupted files, and Mbam quarantined item it found, but Firefox' bookmarks are still a blank icon.
 
21 - 40 of 51 Posts
Top