PDA

View Full Version : Need help to trace and remove source of malious HDD write activity.



yettyn
2021-03-23, 19:56
As I only read but didn't properly follow the instructions by attaching the log files rather than paste the text in my thread started yesterday late night, I decided to start all over in a new thread so I can also add what I further have found out. Please, feel free to delete my previous thread or lock it whatever is in line with site policy.

I suspect, well I'm pretty sure, that I have got some malware plaguing my system after noticing constantly ongoing HDD activity lately, but it wasn't until one of my favorite program failed to start, which lead me to find some strange items in the Registry. I have already posted about this in the main Spybot forum here (https://forums.spybot.info/showthread.php?77557-Suspect-HDD-activity-and-lots-of-suspectly-named-keys-and-key-values-in-Registry), together with some screen shots, so will not repeat that part.

I have made a backup of registry as instructed and will paste the FRST.txt and Addition.txt logs below.

I was not able to run a successful aswMBR scan, even tried in Safe Mode, but the program always dies at the exact same point. I was able to capture it on video and have an image of the last frame before it dies to post if its deemed helpful.

Before running FRST and posting here I made some attempts on my own to figure it out but eventually decided it's better to seek some help, but this is what I have done so far and concluded:

I have made a full scan with S&D +AV w/o, applied full immunization, and ran the RootAnalyzer but without it to render anything of value as I can see it. I also ran the S&D Registry Repair tool, and deleted/repaired a few entries and I have log files for that if needed. Maybe it was a mistake, I don't know.

I have uninstalled some older programs I no longer use, which was hanging around. There were two uninstalls that didn't go as expected and I will describe these here.

Acronis True Image: This uninstall never completed and always hangs with a dialog saying "29 seconds left".

Software for HP OfficeJet 8000: I no longer have this printer, and it seemed to be uninstalling OK, ending with a message "The uninstall will be completed on next reboot" but after a reboot (which it forced) the programs are still there and a second uninstall rendered the same result.

What I have observed is that the free space on drive C: keeps on shrinking, the last 36 hours (since I started to monitor it) it has shrink with > 40gb (it was about 16gb as I wrote in my post yesterday night), so it appears that some kind of disk writing definitively is going on.

I have also noticed that while in Safe Mode the HDD write activity seems to be none to very small, which may be due to something else. I'm writing this in Safe Mode with Network connectivity and it seems that occasionally there is some writing going on, but haven't been able to measure or confirm that it's the same yet. In any way, nothing compared to in Normal mode boot.

My suspicion is that some kind of abuse of InprocServer32 (i.e. COM related) is going on as I found a whole lot of InprocServer32 registry keys with those cryptic value I posted screen shot of in the Spybot forum post. I have tried to locate the process (as there has to be one right?) responsible but without luck, but maybe I haven't used the right tools or doesn't know what to look for. So I will now post the FRST logs and hopefully will these give someone here a lead to follow.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-03-2021
Ran by Joakim (administrator) on JOAKIM-PC (22-03-2021 21:31:38)
Running from C:\Users\Joakim\Desktop
Loaded Profiles: Joakim
Platform: Windows 10 Pro Version 20H2 19042.868 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
(Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
(Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [13086144 2021-03-16] (Binary Fortress Software Ltd -> Binary Fortress Software)
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\hpcpp104: C:\Windows\System32\spool\prtprocs\x64\hpcpp104.dll [327168 2010-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp118: C:\Windows\System32\spool\prtprocs\x64\hpcpp118.dll [467456 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpfpp082: C:\Windows\System32\spool\prtprocs\x64\hpfpp082.dll [254976 2008-08-12] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [67584 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\HPPMOPJL: C:\WINDOWS\system32\hppmopjl.dll [22016 2009-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\MONVNC: C:\WINDOWS\system32\VNCpm.dll [37704 2016-11-18] (RealVNC Ltd -> RealVNC Ltd)
HKLM\...\Print\Monitors\PCL hpf3l02t: C:\WINDOWS\system32\hpf3l02t.dll [138752 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpf3l082: C:\WINDOWS\system32\hpf3l082.dll [131072 2008-08-12] (Hewlett-Packard Company) [File not signed]
HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\PJLMON.DLL [24064 2020-11-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
HKLM\Software\...\AppCompatFlags\Custom\VB6.EXE: [{fbc6500a-a183-415c-9aa5-f67b9c1536a7}.sdb] -> VB6 shims
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{fbc6500a-a183-415c-9aa5-f67b9c1536a7}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fbc6500a-a183-415c-9aa5-f67b9c1536a7}.sdb [2016-07-29]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb [2012-05-29]
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
IFEO\Notepad.exe: [Debugger] "C:\Program Files\TextPad 8\textpad.exe" -m -n
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled [2010-09-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk.disabled [2019-04-27]
ShortcutTarget: Send to OneNote.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00104AB9-83C7-49EC-B5C3-3410482CD8E3} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3685360 2015-06-04] (Nero AG -> Nero AG)
Task: {0242EEF7-7092-4A4E-A078-3CB693073231} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {076A58C9-C053-4E39-9850-AB69D2F68D22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0ECBFBBC-8D03-4C4B-9D10-73A626107081} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {102C6229-B1A5-4200-9795-1758673B9EC4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {14DA1789-EB8D-4A9F-99D6-9B3AA501C554} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {157F5C6E-F35E-4B6A-9F4D-7602644A4794} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {22D9EB26-9E67-451B-B1BA-26DA2CADB1B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {2ED34ACC-7956-4C1D-99D4-D5C484BEAA87} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3A4C6FFB-2414-4C07-8120-ECE93E82B540} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {42B4B000-BCDA-46A7-AD25-ED156BDFFA62} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {45F81331-DC43-4D8D-BE52-314F07B648F5} - System32\Tasks\{3CCC436F-0486-44A0-B3CF-08E06B3B245C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Beyond Compare 2\unins000.exe"
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {544EF222-E964-464F-A87E-BEA3D8D61D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {5F2BD987-9A41-4EBB-8529-B97D95749144} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5FD6327D-652D-4072-AAB6-29456C0EF88D} - System32\Tasks\{EAADEB72-A3B9-4FFF-968E-6274BE9B5DAA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ACCESS /dll OSETUP.DLL
Task: {65A8D21D-20DA-46C6-AF5C-4C7CB0B08507} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6637FC96-DC3B-4861-B9C7-B985D05C943E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {66AC9380-27EF-4A8E-972D-E24197797BCA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {68626C0A-4B37-4C8A-9E88-6D429F050ED8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6C109582-AB87-40E9-A2D2-4F92D45ECC01} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {70F70781-733E-4FBC-9035-82149B4D619A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7588F7F4-E09A-4688-9512-4FD31EAD79CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {772A9B75-0B6D-4204-BA51-4E893995252F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {79E837AC-E154-42AA-B67C-6345E8B872C8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7AA97867-31E8-4F2C-B976-BE4C21E06A42} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BBDB125-9437-484B-B122-07F5FADFAABE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84F5344C-C89A-4871-9394-E876B590DA14} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.91\AsLoader.exe [368128 2008-07-02] () [File not signed]
Task: {8D4DF651-8418-4EB7-B3E1-88B4BB5C517E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {8DA9167F-8E38-4F77-A340-B0D6574A1104} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8DD6F3EC-6388-459B-9B83-2F9B209353D1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {904B7E0A-5A83-4AC4-9FAC-EE565247C079} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90725F84-79AF-4EE3-B272-88130A63334C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {98ED2EF5-0F52-4AAB-AB91-882315DCB97D} - System32\Tasks\{5D8807CA-9EC2-4CAE-821D-E78CBEB4CF8B} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joakim\My Files\reggapps\webbuilder\webbuilder10-4-8\setup.exe" -d "C:\Users\Joakim\My Files\reggapps\webbuilder\webbuilder10-4-8"
Task: {A1A40F86-D1FE-4DB1-B4C6-B60B54D41B81} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {A1E8519D-E416-4B57-9B86-E933606B200D} - System32\Tasks\{9A9F74E4-302B-4FCA-8D82-B4E0549DB7A2} => C:\Windows\system32\pcalua.exe -a C:\Users\Joakim\Downloads\winsdk_web.exe -d C:\Users\Joakim\Downloads
Task: {A5A01E37-45AF-4A26-BA84-D9072A93F56B} - System32\Tasks\{F4EB935D-411D-4299-AA29-328899BFE341} => C:\Windows\system32\pcalua.exe -a C:\PBWin90\SETUP.EXE -d C:\PBWin90
Task: {A61D7EB2-3D4D-456D-B1BF-7A447D0FA716} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A92F2A59-3FD9-439B-AB65-0021F7A31417} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {AEEB9992-DB4E-4162-8E59-73B99B5C5BFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B1EAF175-E39A-41FD-9A43-58BDD1AD4AA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {B49D66A8-CAB9-4CF4-8A46-A374356BE9D5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B4C6C284-7FA8-45D5-BC99-860D37E966DB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B53433C1-F3DF-4B5C-BC5F-8C0C9515CF3A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BDCA0551-2536-4EE3-ABFC-E19F9BBC7EE9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0537AA2-25FF-4DDD-99A8-DF381C831519} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {C0B244BD-D6C0-43FD-80AC-CC61720DDD40} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C467A200-86CE-4560-A8AE-12E50E334326} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C48C0E08-7C9A-4974-9667-96196DFBF63E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBDAE4D6-D934-4DED-AECE-E9E11F769138} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {D6A15A93-52C9-4A33-B8DD-49471D36E2DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D74C3BDA-3D0D-4778-827E-66A3CE256617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D759BBEC-5E84-49CA-BBAF-12D3C16505A9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {D7F3F922-DB4D-4D48-8DC7-5CA431D77FDC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9561916-8737-47A6-ACD2-8AADA932B33D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {DD41C820-F7C7-4493-A681-D45116D33C2F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E120CFA1-9609-45DF-AEBB-C4440FC2401D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E1AEB713-6AF6-4130-AB48-7D80BE798466} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [8790696 2019-12-18] (Safer-Networking Ltd. -> )
Task: {F0C27E13-F419-4D9E-9E25-BAA134BD9207} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {F46BE67F-C57F-498B-BBC3-72FD521C83AE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1192574728-1841427162-4075779397-1011] => 127.0.0.1:9666
ProxyServer: [S-1-5-21-1192574728-1841427162-4075779397-1013] => 127.0.0.1:9666
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{aa2de5df-b011-4181-af77-2ecafb56df16}: [DhcpNameServer] 213.226.224.12
Tcpip\..\Interfaces\{bcc04047-a04c-45c1-ad8f-50ace4ac6038}: [DhcpNameServer] 213.226.224.12 194.213.224.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
DownloadDir: C:\Users\Joakim\Downloads
Edge Session Restore: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> is enabled.
Edge Notifications: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> hxxps://www.tradingview.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\Joakim\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-22]
Edge DownloadDir: C:\Users\Joakim\Downloads
Edge Notifications: Default -> hxxps://www.tradingview.com
Edge Session Restore: Default -> is enabled.

FireFox:
========
FF DefaultProfile: sohg7hk6.Joakim2
FF DefaultProfile: joov35ql.default
FF ProfilePath: C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2 [2021-03-22]
FF NewTab: Mozilla\Firefox\Profiles\sohg7hk6.Joakim2 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF Notifications: Mozilla\Firefox\Profiles\sohg7hk6.Joakim2 -> hxxps://www.tradingview.com; hxxps://www.youtube.com; hxxps://www.studentagency.cz; hxxps://in.tradingview.com; hxxps://real-traders.slack.com; hxxps://forexlive.os.tc; hxxps://tr.tradingview.com; hxxps://www.regiojet.cz; hxxps://pafx.slack.com; hxxps://bullwaves.org; hxxps://ewtaf.com; hxxps://www.facebook.com; hxxps://pa-fx.echofin.co; hxxps://mcm-ct.com; hxxps://www.thenewsletterplugin.com; hxxps://www.reddit.com; hxxps://www.wpbeginner.com; hxxps://forexcrunch.pushengage.com; hxxps://www.podnikatel.cz
FF Extension: (Classic Bookmarks Button) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\ClassicBookmarksButton@ArisT2Noia4dev.xpi [2016-06-25] [Legacy]
FF Extension: (QuickMark) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\jid0-QT2VXewB9xzbRlyapSJjA4ebwoU@jetpack.xpi [2017-04-14] [Legacy]
FF Extension: (SQLite Manager) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-06-02] [Legacy]
FF Extension: (Zoom Scheduler) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2021-02-03]
FF Extension: (Tab Mix Plus) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-29] [Legacy]
FF SearchPlugin: C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-24]
FF ProfilePath: C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim [2021-03-21]
FF user.js: detected! => C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\user.js [2008-11-30]
FF Extension: (Unicode Input Tool/Converter) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\charrefunicode@brett.zamir.xpi [2016-04-27] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-11-16] [Legacy]
FF Extension: (DNS Cache) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\dnscache@dominik.jungowski.xpi [2016-04-27] [Legacy]
FF Extension: (DrupalForFirebug) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\DrupalForFirebug@drupal.org.xpi [2016-04-27] [Legacy]
FF Extension: (British English Dictionary) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\en-GB@dictionaries.addons.mozilla.org [2015-12-20] [Legacy] [not signed]
FF Extension: (Firebug) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\firebug@software.joehewitt.com.xpi [2017-02-21] [Legacy]
FF Extension: (Firepicker) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\firepicker@thedarkone.xpi [2016-04-29] [Legacy]
FF Extension: (FoxyProxy Standard) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\foxyproxy@eric.h.jung [2017-02-21] [Legacy]
FF Extension: (gui:config) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\guiconfig@slosd.net.xpi [2016-08-30] [Legacy]
FF Extension: (Lightbeam) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-08-24] [Legacy]
FF Extension: (Download to Firedrive) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\jid1-k2RjEUGSA7EuwA@jetpack.xpi [2016-04-28] [Legacy]
FF Extension: (Lazarus: Form Recovery) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\lazarus@interclue.com.xpi [2016-04-27] [Legacy]
FF Extension: (Link Widgets) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\linkwidget@clav.mozdev.org [2016-04-27] [Legacy]
FF Extension: (Lucifox) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\Lucifox@lucidor.org [2017-02-21] [Legacy]
FF Extension: (DBGbar) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\PHPdebugger@originallight.com.xpi [2016-04-27] [Legacy]
FF Extension: (SQLite Manager) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-04-29] [Legacy]
FF Extension: (Source Viewer Tab) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\viewsourceintab@piro.sakura.ne.jp.xpi [2016-04-27] [Legacy]
FF Extension: (View Source Choice) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\vsc@briks.si.xpi [2016-04-27] [Legacy]
FF Extension: (CS Lite) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{00084897-021a-4361-8423-083407a033e0} [2010-05-31] [Legacy] [not signed]
FF Extension: (All-in-One Sidebar) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2017-02-21] [Legacy]
FF Extension: (Flagfox) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-02-21] [Legacy]
FF Extension: (URL Link) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi [2017-02-21] [Legacy]
FF Extension: (Quick Locale Switcher) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [2016-04-27] [Legacy]
FF Extension: (SEOquake) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi [2017-02-21] [Legacy]
FF Extension: (PDF Download) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2016-04-27] [Legacy]
FF Extension: (RefControl) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-27] [Legacy]
FF Extension: (ChatZilla) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-02-21] [Legacy]
FF Extension: (UltraSurf Firefox Tool) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010-05-31] [Legacy] [not signed]
FF Extension: (ColorZilla) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05] [Legacy]
FF Extension: (NoScript) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-30] [Legacy]
FF Extension: (View Dependencies) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{8965bb4b-c2ca-2b84-6b49-7afb2760518c}.xpi [2016-04-27] [Legacy]
FF Extension: (CookieCuller) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2016-04-27] [Legacy]
FF Extension: (Right-Click-Link) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}.xpi [2016-04-27] [Legacy]
FF Extension: (Interclue) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi [2016-04-27] [Legacy]
FF Extension: (Web Developer) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-30] [Legacy]
FF Extension: (JSView) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi [2011-10-25] [Legacy] [not signed]
FF Extension: (Tab Mix Plus) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-08-30] [Legacy]
FF Extension: (CoLT) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}.xpi [2015-11-06] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-27] [Legacy]
FF Extension: (JavaScript Debugger) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-04-27] [Legacy]
FF Extension: (Server Switcher) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{F7D360DC-B8F8-11DA-86BD-3EC8728786A0}.xpi [2016-04-27] [Legacy]
FF ProfilePath: C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\63qaefef.default-1615922512932 [2021-03-22]
FF ProfilePath: C:\Users\Joakim\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\joov35ql.default [2015-12-10]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\csseditor@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\eyedropper@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\fs@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\gfd@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\markdown@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\mathml@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\op1@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\snippets@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\svg-edit@googlegroups.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tablelayout@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\templatesManager@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\thumbnailer@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tipoftheday@bluegriffon.com.xpi [not found]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-04] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2014-08-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-08-26] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google Inc -> Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2015-08-28] (Nero AG -> Nero AG)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-03-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-03-22] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]


==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-10-26] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-10-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-10-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2014-10-26] (ASUSTeK Computer Inc.) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [10891728 2021-03-16] (Binary Fortress Software Ltd -> Binary Fortress Software)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S4 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation -> Microsoft Corporation)
S4 Mach5 Mailer Scheduler; C:\Program Files (x86)\Mach5 Mailer 4\Mach5.SchedullerService.exe [20480 2010-07-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation -> Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-09-17] (TeamViewer GmbH -> TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15476144 2019-09-16] (VMware, Inc. -> )
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6694480 2016-11-18] (RealVNC Ltd -> RealVNC Ltd)
S2 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-22 21:31 - 2021-03-22 21:36 - 000096381 _____ C:\Users\Joakim\Desktop\FRST.txt
2021-03-22 20:37 - 2021-03-22 20:37 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-JOAKIM-PC-Windows-10-Pro-(64-bit).dat
2021-03-22 20:36 - 2021-03-22 20:36 - 000000000 ____D C:\RegBackup
2021-03-22 20:34 - 2021-03-22 20:34 - 000000000 ____D C:\Users\Joakim\Downloads\tweaking.com_registry_backup_portable
2021-03-22 20:24 - 2021-03-22 20:24 - 005509218 _____ C:\Users\Joakim\Downloads\tweaking.com_registry_backup_portable.zip
2021-03-22 20:07 - 2021-03-22 20:07 - 004745728 _____ (AVAST Software) C:\Users\Joakim\Downloads\aswMBR.exe
2021-03-22 19:50 - 2021-03-22 19:50 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Joakim\Downloads\mbar-1.10.3.1001.exe
2021-03-22 19:02 - 2021-03-22 19:06 - 011045518 _____ C:\Users\Joakim\Documents\JOAKIM-PC.arn
2021-03-22 19:00 - 2021-03-22 19:00 - 000000000 ____D C:\Users\Joakim\Downloads\Autoruns
2021-03-22 18:58 - 2021-03-22 18:58 - 002670815 _____ C:\Users\Joakim\Downloads\Autoruns.zip
2021-03-22 15:34 - 2021-03-22 21:35 - 000000000 ____D C:\FRST
2021-03-22 14:12 - 2021-03-22 14:12 - 002300928 _____ (Farbar) C:\Users\Joakim\Desktop\FRST64.exe
2021-03-21 17:58 - 2021-03-21 17:58 - 000230219 _____ C:\Users\Joakim\Downloads\dao3502.zip
2021-03-21 17:58 - 2021-03-21 17:58 - 000000000 ____D C:\Users\Joakim\Downloads\dao3502
2021-03-21 17:56 - 2021-03-21 18:00 - 000000000 ____D C:\Users\Joakim\Downloads\dao350
2021-03-21 17:55 - 2021-03-21 17:55 - 000225765 _____ C:\Users\Joakim\Downloads\dao350.zip
2021-03-21 16:37 - 2021-03-21 16:37 - 010277376 _____ C:\Users\Joakim\Downloads\VB60SP6-KB2708437-x86-ENU.msi
2021-03-21 16:15 - 2021-03-21 16:15 - 000000000 ____D C:\Program Files (x86)\CompChecker
2021-03-21 16:14 - 2021-03-21 16:14 - 000324608 _____ C:\Users\Joakim\Downloads\cc_x64.msi
2021-03-21 16:04 - 2021-03-21 16:04 - 000291840 _____ C:\Users\Joakim\Downloads\cc_x86.msi
2021-03-20 23:28 - 2021-03-20 23:28 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-20 22:06 - 2021-03-20 22:06 - 3330084146 _____ C:\WINDOWS\MEMORY.DMP
2021-03-20 22:06 - 2021-03-20 22:06 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-20 22:06 - 2021-03-20 22:06 - 000000000 _____ C:\WINDOWS\Minidump\032021-60734-01.dmp
2021-03-20 19:56 - 2021-03-20 19:56 - 000000000 ____D C:\WINDOWS\SysWOW64\js
2021-03-20 19:56 - 2021-03-20 19:56 - 000000000 ____D C:\WINDOWS\SysWOW64\images
2021-03-20 19:56 - 2021-03-20 19:56 - 000000000 ____D C:\WINDOWS\SysWOW64\html
2021-03-20 19:56 - 2021-03-20 19:56 - 000000000 ____D C:\WINDOWS\SysWOW64\css
2021-03-20 18:33 - 2021-03-20 18:35 - 000000000 ____D C:\Users\Joakim\Downloads\HiJackThis
2021-03-20 18:32 - 2021-03-20 18:32 - 002045714 _____ C:\Users\Joakim\Downloads\HiJackThis.zip
2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\Program Files (x86)\Acronis
2021-03-20 01:07 - 2021-03-20 01:07 - 000000000 ____D C:\Users\Joakim\Downloads\ProcessExplorer
2021-03-20 01:03 - 2021-03-20 01:03 - 002588891 _____ C:\Users\Joakim\Downloads\ProcessExplorer.zip
2021-03-19 11:57 - 2021-03-19 11:57 - 000475649 _____ C:\Users\Joakim\Downloads\Spybot SnD License.pdf
2021-03-18 19:17 - 2021-03-18 19:17 - 002215936 _____ C:\Users\Joakim\Downloads\LibreOffice_7.1.1_Win_x64_helppack_en-US.msi
2021-03-18 19:16 - 2021-03-18 19:18 - 328736768 _____ C:\Users\Joakim\Downloads\LibreOffice_7.1.1_Win_x64.msi
2021-03-17 17:06 - 2021-03-17 17:06 - 000312307 _____ C:\Users\Joakim\Downloads\Chronic-Lymphocytic-Leukemia.pdf
2021-03-16 23:11 - 2021-03-16 23:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-03-16 23:11 - 2021-03-16 23:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-16 20:21 - 2021-03-16 20:21 - 000000000 ____D C:\Users\Joakim\Desktop\Old Firefox Data
2021-03-16 18:39 - 2014-12-01 01:37 - 000450966 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20210316-183933.backup
2021-03-16 17:23 - 2021-03-22 20:35 - 000001517 _____ C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Delphi Toasts App.lnk
2021-03-16 17:23 - 2021-03-16 17:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2021-03-16 17:23 - 2021-03-16 17:23 - 000000000 ____D C:\Users\Joakim\AppData\Local\Safer-Networking Ltd
2021-03-16 17:23 - 2021-03-16 17:23 - 000000000 ____D C:\Safer-Networking Ltd
2021-03-16 17:22 - 2021-03-22 20:30 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-03-16 17:22 - 2021-03-20 13:30 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2021-03-16 17:22 - 2021-03-20 13:30 - 000001452 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2021-03-16 17:22 - 2021-03-20 13:30 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-03-16 17:22 - 2021-03-20 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2021-03-16 17:22 - 2021-03-16 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2021-03-16 17:22 - 2021-03-16 17:22 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
2021-03-16 17:22 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Spybot3ELAM.sys
2021-03-16 17:22 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2021-03-16 17:18 - 2021-03-16 17:19 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\Joakim\Downloads\spybotsd-2.8.68.0.exe
2021-03-15 20:30 - 2021-03-16 11:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-03-14 22:00 - 2021-03-14 22:00 - 000107996 _____ C:\Users\Joakim\Documents\COVID19-okresy_-_VZOR-Cestne_prohlaseni_-_20210227.pdf
2021-03-14 21:19 - 2021-03-14 21:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-14 17:56 - 2021-03-14 17:56 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Solar-PuTTY
2021-03-14 16:43 - 2021-03-14 16:43 - 000056721 _____ C:\Users\Joakim\Documents\medrol-marketing-package-insert.pdf
2021-03-12 23:44 - 2021-03-20 22:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-12 23:11 - 2021-03-12 23:11 - 000546474 _____ C:\Users\Joakim\Documents\document-1083542071.pdf
2021-03-10 04:25 - 2021-03-10 04:25 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-10 04:24 - 2021-03-10 04:24 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-10 04:24 - 2021-03-10 04:24 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-10 04:24 - 2021-03-10 04:24 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-10 04:24 - 2021-03-10 04:24 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-10 04:23 - 2021-03-10 04:23 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-10 04:23 - 2021-03-10 04:23 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-10 04:23 - 2021-03-10 04:23 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-10 04:23 - 2021-03-10 04:23 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-10 04:23 - 2021-03-10 04:23 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-10 04:23 - 2021-03-10 04:23 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-09 13:06 - 2021-03-09 13:07 - 000052056 _____ C:\Users\Joakim\Documents\Žádost o kompenzační bonus6.pdf
2021-03-06 10:51 - 2021-03-06 10:51 - 001969907 _____ C:\Users\Joakim\Downloads\c06584212.pdf
2021-03-06 10:49 - 2021-03-06 10:49 - 007877768 _____ C:\Users\Joakim\Downloads\c06704249.pdf
2021-03-04 15:18 - 2021-03-04 15:18 - 000109356 _____ C:\Users\Joakim\Documents\Anna Thunderbird settings.pdf
2021-03-04 11:20 - 2021-03-04 11:20 - 020541440 _____ C:\Users\Joakim\Downloads\TortoiseSVN-1.14.1.29085-x64-svn-1.14.1.msi
2021-03-01 12:39 - 2021-03-01 12:40 - 000000000 ____D C:\Users\Joakim\AppData\Local\Viber
2021-02-24 18:12 - 2021-02-24 18:12 - 000001086 _____ C:\ProgramData\Desktop\Resource Builder 4.lnk
2021-02-24 18:12 - 2021-02-24 18:12 - 000000000 ____D C:\Program Files\SiComponents
2021-02-24 17:10 - 2021-02-24 17:10 - 036520984 _____ (SiComponents ) C:\Users\Joakim\Downloads\ResourceBuilder4Setup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-22 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-22 21:21 - 2016-07-31 09:16 - 000000000 ____D C:\Users\Joakim\AppData\Local\ClassicShell
2021-03-22 21:20 - 2016-11-25 22:00 - 000000000 ____D C:\Users\Joakim\AppData\LocalLow\Mozilla
2021-03-22 21:05 - 2012-05-14 21:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-22 20:56 - 2013-03-04 00:51 - 000000000 ____D C:\Users\Joakim\AppData\Local\CrashDumps
2021-03-22 20:32 - 2010-05-31 08:46 - 000000000 ____D C:\Users\Joakim\AppData\Local\TSVNCache
2021-03-22 20:30 - 2020-09-23 06:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-22 20:30 - 2020-09-23 05:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-22 20:30 - 2010-05-30 18:14 - 000000000 ____D C:\ProgramData\VMware
2021-03-22 20:05 - 2013-12-05 10:37 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-22 19:50 - 2020-09-23 06:47 - 000004158 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{168BB0EE-813A-4573-905E-12E387787C84}
2021-03-22 18:38 - 2018-07-24 19:28 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\Slack
2021-03-22 15:49 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-21 20:52 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-21 15:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Help
2021-03-20 23:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-20 23:32 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-20 22:58 - 2015-01-14 22:35 - 000000000 ____D C:\Program Files\Visual Paradigm CE 12.0
2021-03-20 22:51 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-20 22:51 - 2018-01-02 00:45 - 000000000 ____D C:\Users\Joakim\AppData\Local\Packages
2021-03-20 22:50 - 2019-10-23 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2021-03-20 22:49 - 2019-10-23 16:08 - 000000000 ____D C:\Program Files (x86)\Premium Recovery Suite
2021-03-20 22:07 - 2020-09-23 05:32 - 000637008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-20 18:24 - 2013-03-02 20:56 - 000388608 _____ (Trend Micro Inc.) C:\Users\Joakim\Downloads\HijackThis205.exe
2021-03-20 16:40 - 2020-06-09 08:12 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-20 16:40 - 2020-06-09 08:12 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-20 16:40 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-20 00:58 - 2018-05-19 14:08 - 000000000 ____D C:\Users\Joakim\AppData\Local\D3DSCache
2021-03-19 21:52 - 2021-01-21 16:14 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\vlc
2021-03-19 01:33 - 2010-11-18 02:19 - 000007622 _____ C:\Users\Joakim\AppData\Local\Resmon.ResmonCfg
2021-03-18 14:50 - 2010-06-01 00:10 - 000000029 _____ C:\WINDOWS\VBAddin.ini
2021-03-18 09:28 - 2020-09-23 05:41 - 000000000 ____D C:\Users\DefaultAppPool
2021-03-17 08:56 - 2011-01-21 19:38 - 000000000 ____D C:\Users\Joakim\Documents\kamila
2021-03-16 23:13 - 2016-01-20 15:13 - 000000000 ____D C:\Users\Joakim\Documents\DisplayFusion Backups
2021-03-16 23:13 - 2016-01-16 17:53 - 000001388 _____ C:\ProgramData\Desktop\DisplayFusion.lnk
2021-03-16 23:13 - 2016-01-16 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2021-03-16 23:13 - 2016-01-16 17:53 - 000000000 ____D C:\Program Files (x86)\DisplayFusion
2021-03-16 17:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-16 16:34 - 2012-05-14 21:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-16 11:24 - 2011-07-15 22:08 - 000002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-03-15 21:05 - 2018-02-14 17:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-14 21:19 - 2011-05-06 20:01 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-14 20:46 - 2020-02-24 14:38 - 000000128 _____ C:\Users\Joakim\AppData\Local\PUTTY.RND
2021-03-12 16:07 - 2010-05-30 18:20 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\VMware
2021-03-12 16:02 - 2010-05-30 18:20 - 000000000 ____D C:\Users\Joakim\AppData\Local\VMware
2021-03-10 21:41 - 2021-01-13 12:02 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\ViberPC
2021-03-10 20:31 - 2014-07-14 20:00 - 000000000 ____D C:\Program Files (x86)\Google
2021-03-10 20:31 - 2010-10-16 16:47 - 000000000 ____D C:\Users\Joakim\AppData\Local\Google
2021-03-10 20:30 - 2016-07-30 08:16 - 000000000 ___RD C:\Users\Joakim\OneDrive
2021-03-10 04:59 - 2020-09-23 07:56 - 000749220 _____ C:\WINDOWS\system32\perfh01D.dat
2021-03-10 04:59 - 2020-09-23 07:56 - 000159118 _____ C:\WINDOWS\system32\perfc01D.dat
2021-03-10 04:59 - 2020-09-23 07:00 - 000821364 _____ C:\WINDOWS\system32\perfh015.dat
2021-03-10 04:59 - 2020-09-23 07:00 - 000167086 _____ C:\WINDOWS\system32\perfc015.dat
2021-03-10 04:59 - 2020-09-23 06:36 - 000751798 _____ C:\WINDOWS\system32\perfh005.dat
2021-03-10 04:59 - 2020-09-23 06:36 - 000158964 _____ C:\WINDOWS\system32\perfc005.dat
2021-03-10 04:59 - 2020-09-23 06:28 - 004250136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-10 04:59 - 2020-09-23 05:24 - 000455408 _____ C:\WINDOWS\system32\perfh014.dat
2021-03-10 04:59 - 2020-09-23 05:24 - 000081264 _____ C:\WINDOWS\system32\perfc014.dat
2021-03-10 04:48 - 2019-12-07 10:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-10 04:48 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-10 03:31 - 2013-08-22 09:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 03:14 - 2010-05-30 15:07 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-10 03:13 - 2014-10-26 09:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-03-10 01:03 - 2009-07-14 03:34 - 000000510 _____ C:\WINDOWS\win.ini
2021-03-04 10:34 - 2020-09-23 06:47 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 10:34 - 2020-09-23 06:47 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-01 18:47 - 2019-10-30 21:09 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-03-01 18:47 - 2018-07-24 19:28 - 000002208 _____ C:\Users\Joakim\Desktop\Slack.lnk
2021-03-01 18:47 - 2018-07-24 19:28 - 000000000 ____D C:\Users\Joakim\AppData\Local\SquirrelTemp
2021-03-01 18:47 - 2018-07-24 19:28 - 000000000 ____D C:\Users\Joakim\AppData\Local\slack
2021-03-01 10:18 - 2010-08-19 19:35 - 000000000 ____D C:\Users\Joakim\Documents\Snagit
2021-02-28 21:51 - 2010-06-02 09:47 - 000000000 ____D C:\Users\Joakim\AppData\Local\Axialis
2021-02-28 21:45 - 2010-06-02 09:48 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Axialis Software
2021-02-28 21:43 - 2015-01-23 23:45 - 000000000 ____D C:\Users\Joakim\AppData\Local\JetBrains
2021-02-25 18:19 - 2010-05-31 23:28 - 000000000 ____D C:\WinLicense
2021-02-25 10:23 - 2010-06-02 22:38 - 000000000 ____D C:\ProgramData\SiComponents
2021-02-24 18:12 - 2010-06-02 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiComponents
2021-02-20 04:12 - 2021-01-22 08:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2011-12-10 11:56 - 2011-12-10 11:56 - 000004136 _____ () C:\ProgramData\vtsnfuas.bat
2017-06-26 09:18 - 2017-06-26 09:18 - 000000736 _____ () C:\Users\Joakim\phpedbakxp.bat
2016-05-15 16:43 - 2016-05-15 16:43 - 000000000 ____D () C:\Users\Joakim\sqlitebrowser.exe
2010-07-15 17:07 - 2010-07-15 17:07 - 000016384 _____ (Mach5) C:\Program Files (x86)\Common Files\Mach5.Install.dll
2010-07-15 17:07 - 2010-07-15 17:07 - 000020480 _____ (Mach5) C:\Program Files (x86)\Common Files\Mach5.Mailer.Install.dll
2014-06-23 16:58 - 2014-06-23 16:58 - 000002012 _____ () C:\Program Files (x86)\Common Files\Mach5.Mailer.Install.InstallState
2014-12-15 23:50 - 2017-01-23 14:33 - 000000034 _____ () C:\Users\Joakim\AppData\Roaming\AdobeWLCMCache.dat
2010-06-27 22:07 - 2012-03-31 18:37 - 000006656 _____ () C:\Users\Joakim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-02-24 14:38 - 2021-03-14 20:46 - 000000128 _____ () C:\Users\Joakim\AppData\Local\PUTTY.RND
2010-11-18 02:19 - 2021-03-19 01:33 - 000007622 _____ () C:\Users\Joakim\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Joakim\AppData\Local\setup.txt

==================== End of FRST.txt ========================


Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021
Ran by Joakim (22-03-2021 21:37:52)
Running from C:\Users\Joakim\Desktop
Windows 10 Pro Version 20H2 19042.868 (X64) (2020-09-23 05:48:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Acronis Agent User (S-1-5-21-1192574728-1841427162-4075779397-1011 - Administrator - Enabled) => C:\Users\Acronis Agent User
Acronis Agent User 2 (S-1-5-21-1192574728-1841427162-4075779397-1013 - Administrator - Enabled) => C:\Users\Acronis Agent User 2
Administrator (S-1-5-21-1192574728-1841427162-4075779397-500 - Administrator - Disabled)
boinc_master (S-1-5-21-1192574728-1841427162-4075779397-1016 - Limited - Enabled) => C:\Users\boinc_master
boinc_project (S-1-5-21-1192574728-1841427162-4075779397-1017 - Limited - Enabled)
DefaultAccount (S-1-5-21-1192574728-1841427162-4075779397-503 - Limited - Disabled)
Guest (S-1-5-21-1192574728-1841427162-4075779397-501 - Limited - Disabled)
Joakim (S-1-5-21-1192574728-1841427162-4075779397-1000 - Administrator - Enabled) => C:\Users\Joakim
WDAGUtilityAccount (S-1-5-21-1192574728-1841427162-4075779397-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Thumbnail Generator 1.0 (HKLM-x32\...\3D Thumbnail Generator_is1) (Version: 1.0 - SoftOrbits)
64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 17.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1700-000001000000}) (Version: 17.00.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acronis True Image WD Edition (HKLM-x32\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14184 - Acronis)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.1 - PainteR)
Akamai NetSession Interface (HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{AAFD93A0-6522-9FF4-69CF-15B98681681A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{05F508E8-2DC6-4B12-B6A9-51000536216A}) (Version: 2.4 - Microsoft Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version: - GNU)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
AutoIt v3.3.15.0 (Beta) (HKLM-x32\...\AutoItv3beta) (Version: 3.3.15.0 - AutoIt Team)
Axialis IconWorkshop 6.91 (HKLM-x32\...\IconWorkshop ) (Version: 6.91 - Axialis Software)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
B4J v2.20 (HKLM-x32\...\{EDE7CEAB-7394-4B50-8109-268DFB9A3023}_is1) (Version: - Anywhere Software)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Beyond Compare 4.3.7 (HKLM\...\BeyondCompare4_is1) (Version: 4.3.7.25118 - Scooter Software)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation)
Bing Bar Platform (HKLM-x32\...\{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}) (Version: 5.0.1449.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 (HKLM-x32\...\{57F20F04-014D-453F-B6A3-AE9485C4DFAB}) (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (HKLM-x32\...\{532DBCC8-9468-435C-AEF6-30B7F50735A2}) (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Brother MFL-Pro Suite DCP-9020CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Build Tools - amd64 (HKLM\...\{CC1F74DF-058F-406C-BC7D-F14D6E5F7CBD}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{B255880F-8C5E-4FAF-8F9C-7DBA635B2615}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{D37FDF2F-8766-4BDF-A0E3-A60BDBB630ED}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Chrome Embedded Browser version 3.1364.1094 (HKLM-x32\...\Chrome Embedded Browser_is1) (Version: 3.1364.1094 - NuSphere Corp.)
Chrome Embedded Browser version 3.1547.32 (HKLM\...\Chrome Embedded Browser_is1) (Version: 3.1547.32 - NuSphere Corp.)
ChunkVNC 3.3.1 version 3.3.1 (HKLM-x32\...\{8A5584D1-8163-4316-A404-95080A30A93C}_is1) (Version: 3.3.1 - supercoe)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
CodeSMART 10 with VS10x Extensions (Evaluation Version) (HKLM-x32\...\CodeSMART 10 - EVALUATION_is1) (Version: 10.51 - AxTools)
CodeSMART 2013 for VB6 (HKLM-x32\...\AxTools CodeSMART 2013 for VB6_is1) (Version: 8.5 - AxTools)
Component Checker (HKLM\...\{32E52354-FD81-4BA3-8261-70FB3AA8E8B5}) (Version: 2.0.0 - Microsoft)
CPUID ROG CPU-Z 1.61.3 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.61.3 - CPUID, Inc.)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports for Visual Studio (HKLM-x32\...\{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}) (Version: 12.51.0.240 - SAP) Hidden
Déjà Vu X3 (HKLM-x32\...\{E350DBC6-7B58-4AFE-AB3E-08A536B8514B}) (Version: 9.00.0793 - ATRIL Language Engineering, S.L.)
Disktrix UltimateDefrag (HKLM-x32\...\UltimateDefrag) (Version: - )
DisplayFusion 9.7.2 (Beta 7) (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.7.1.107 - Binary Fortress Software)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{372D17F6-A54E-4A01-B264-1314890FFE61}) (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
FireFly Visual Designer 3.10 (Registered) (HKLM-x32\...\FireFly Visual Designer_is1) (Version: - PlanetSquires)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.4.0.3970 - OpenSight Software LLC)
FxExperience Tools 0.1 (HKLM-x32\...\FxExperience Tools 0.1) (Version: - FxExperience)
GIGABYTE Remote Utilities (HKLM-x32\...\{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}) (Version: 3.0.0.0 - GIGABYTE)
GIGABYTE U7300 BDA Device (HKLM-x32\...\TVRTLDrv) (Version: - )
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
ICMarkets - MetaTrader 5 (HKLM\...\ICMarkets - MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImageConverter Plus 7.1 (HKLM-x32\...\ImageConverter Plus_is1) (Version: - fCoder Group, Inc.)
Inno Script Studio (HKLM-x32\...\{7C22BD69-9939-43CE-B16E-437DB2A39492}_is1) (Version: 2.5.1.0 - Kymoto Solutions)
Inno Setup QuickStart Pack version 5.5.9 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.9 - Martijn Laan)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
ISSkin 3.0 (HKLM-x32\...\ISSkin_is1) (Version: 3.0 - Codejock Software)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
JetBrains PhpStorm 10.0.3 (HKLM-x32\...\PhpStorm 10.0.3) (Version: 143.1770 - JetBrains s.r.o.)
JetBrains Products in Visual Studio 2010 (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\{3c5e89e2-1ac3-59d3-bc96-499e1c070dea}) (Version: 1 - JetBrains s.r.o.)
JetBrains Products in Visual Studio 2012 (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\{494c3c2b-34d1-53e1-ba93-2344d42e0b79}) (Version: 1 - JetBrains s.r.o.)
JetBrains Products in Visual Studio 2013 (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\{bf70078c-5e98-52f6-af00-eba9a1c75eec}) (Version: 1 - JetBrains s.r.o.)
JetBrains ReSharper 9 (HKLM-x32\...\{2663211F-9CB2-4881-9BA0-EBE2F41438D3}) (Version: 9.0.0.0 - JetBrains Inc) Hidden
Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
kSign 3.0 (HKLM-x32\...\{0D30E99C-8676-4BA5-99A8-C0BCE9BDDC93}_is1) (Version: 3.0.0.0 - K Software)
LibreOffice 5.4.7.2 (HKLM\...\{26D12F93-E454-4637-9A5C-D52F6B4CC0DD}) (Version: 5.4.7.2 - The Document Foundation)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}) (Version: 8.59.25584 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Mach5 Mailer (HKLM-x32\...\{28DAE481-F41C-46B2-B1AE-F4B5CB914B91}) (Version: 4.5.14 - Mach5 Mailer 4)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Memory Profiler (HKLM-x32\...\{54F76D6C-0EC3-43D9-8BCC-73E31AB0BF06}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{A88AEB8B-A6C5-41BC-8F71-F704DD1E0D00}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.57 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Svenska (HKLM-x32\...\{90150000-001F-041D-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual Basic 2008 Step by Step (HKLM-x32\...\{2680ED27-5D5B-4994-A505-16D8ADE006C0}) (Version: 2.00.10 - Microsoft Press)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.20.27508 (HKLM-x32\...\{7b178cda-9740-4701-a92a-f168d213b343}) (Version: 14.20.27508.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.20.27508 (HKLM-x32\...\{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}) (Version: 14.20.27508.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{64D5BBC6-5270-3711-AA39-31C1087AF4E6}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version: - )
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 with Update 4 (HKLM-x32\...\{dca572ee-b6f6-4560-9879-fec58cc0022c}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Embedded Browser version 18.0.2 (HKLM-x32\...\Mozilla Embedded Browser_is1) (Version: 18.0.2 - NuSphere Corp.)
Mozilla Embedded Browser version 26.0.0 (HKLM\...\Mozilla Embedded Browser_is1) (Version: 26.0.0 - NuSphere Corp.)
Mozilla Firefox 86.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0.1 (x64 en-US)) (Version: 86.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mozilla Thunderbird 78.8.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.8.1 (x86 en-US)) (Version: 78.8.1 - Mozilla)
MSDN Library - October 2001 (HKLM-x32\...\MSDN Library - October 2001) (Version: - )
MSDN Library - Visual Studio 6.0a (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0a) (Version: - )
MSDN Library for Visual Studio 2008 - ENU (HKLM-x32\...\{3A762A82-618D-3CAA-B847-D074ABFA0B2E}) (Version: 9.0.21022 - Microsoft) Hidden
MSDN Library for Visual Studio 2008 - ENU (HKLM-x32\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
msftedit.dll fix (HKLM-x32\...\WYSIWYG_Web_Builder_11_hotfix) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Multi-Targeting Pack for Microsoft .NET Framework 4.0.3 (KB2600213) (HKLM-x32\...\{CF7E5677-6897-304F-85E8-1355F5FED7DD}) (Version: 4.0.551 - Microsoft Corporation) Hidden
Multi-Targeting Pack for Microsoft .NET Framework 4.0.3 (KB2600213) (HKLM-x32\...\Multi-Targeting Pack for Microsoft .NET Framework 4.0.3) (Version: 4.0.551 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{9AFD4E43-C353-40B8-BDC6-6A80F66FA142}) (Version: 17.0.01500 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10600.6.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10700.5.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10600.4.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM-x32\...\{011E92F1-AF76-4983-8707-79F8F1956439}) (Version: 11.0.11500 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10700.5.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10500.4.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.11000.9.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10700.6.100 - Nero AG)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NuSphere PhpED version 16.0 (HKLM\...\NuSphere PhpED_is1) (Version: 16.0 - NuSphere Corp.)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PB/Win 9.05 (HKLM-x32\...\PB/Win 9.05) (Version: 9.05 - PowerBASIC, Inc.)
PerfectIt 3 (HKLM-x32\...\{3AE58A70-C6BE-4136-BAB1-09EED1EBC474}) (Version: 3.0.31 - Intelligent Editing)
Php Documentor version 2.0 for NuSphere PhpED (HKLM-x32\...\PHP Documentor_is1) (Version: 16.0 - NuSphere Corp.)
php-4.4.9 for NuSphere PhpED (HKLM-x32\...\PHP_is1) (Version: 13.0 - NuSphere Corp.)
php-5.2.17 for NuSphere PhpED (HKLM-x32\...\PHP5_is1) (Version: 16.0 - NuSphere Corp.)
php-5.3.8 for NuSphere PhpED (HKLM-x32\...\PHP53_is1) (Version: 6.2 - NuSphere Corp.)
php-5.4.42 for NuSphere PhpED (HKLM-x32\...\PHP54_is1) (Version: 16.0 - NuSphere Corp.)
php-5.5.26 x64 for NuSphere PhpED (HKLM\...\PHP55x64_is1) (Version: 16.0 - NuSphere Corp.)
Polystyle 2.0zo (trial) for NuSphere PhpED (HKLM-x32\...\POLYSTYLE_is1) (Version: 6.2 - NuSphere Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PowreShellIntegration.Notifications (HKLM-x32\...\{ED8DFB38-C87B-42B3-A33E-B20DF935C055}) (Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}) (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (HKLM-x32\...\{2881CFB4-71F9-40C7-8228-6395117C0EDA}) (Version: 1.3 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Release Management for Visual Studio 2013 (HKLM-x32\...\{86B7A089-11F3-41B0-8E90-EB25812B79FA}) (Version: 1.0 - Microsoft Corporation) Hidden
Resource Builder 3.0.3.25 (HKLM-x32\...\{E01C4F76-D759-4B2D-A617-53188FF290E6}_is1) (Version: 3.0.3.25 - SiComponents)
Resource Builder 4 4.0.0.14 (HKLM\...\{00472BCC-486B-4DC4-89E4-7C3161E2D09F}_is1) (Version: 4.0.0.14 - SiComponents)
SciTE4AutoIt3 16.306.1237.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 16.306.1237.0 - Jos van der Zande)
SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
SDL Trados 2019 SR1 - Remove suite of products (HKLM-x32\...\TranslationStudio2019) (Version: 15.1.48878 - SDL)
SDL Trados Legacy Compatibility Module (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)
SDL Trados Studio 2019 SR1 (HKLM-x32\...\{FD155FAD-9D85-48DC-81A0-857FA6C45600}) (Version: 15.1.48730 - SDL)
SDL WorldServer Components 15.0 (HKLM-x32\...\{47296A40-7216-4068-B82D-EC9A0B5709EE}) (Version: 15.0.48730 - SDL)
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype version 8.69 (HKLM-x32\...\Skype_is1) (Version: 8.69 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\slack) (Version: 4.13.0 - Slack Technologies Inc.)
Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.5 - Safer-Networking Ltd.)
Stashimi Stub Installer (HKLM-x32\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
StExBar (HKLM\...\{1C062224-6915-420A-B8A0-702A776D2A63}) (Version: 1.11.1 - Stefans Tools)
StExBar (HKLM\...\{ACD1B392-D2B0-47BE-8454-1FCFE6B93EEF}) (Version: 1.11.1 - Stefans Tools)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.133222 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.1 - Helios)
ThunderFix 1.0.0.2 (HKLM-x32\...\{52291FC0-33D3-4A18-9587-5115225545D8}_is1) (Version: - )
TIME TO WIN Millennium Edition (HKLM-x32\...\TIME TO WIN Millennium Edition) (Version: - )
TortoiseSVN 1.14.0.28885 (64 bit) (HKLM\...\{7FB289B9-BA33-446A-A0E8-9BF59226A631}) (Version: 1.14.28885 - TortoiseSVN)
TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.6 - uvnc bvba)
UniSuiteFree 1.0 (HKLM\...\{5F944502-5CB4-4108-91EE-5D37EA2F5E1A}) (Version: 1.0 - CyberActiveX)
UniSuiteLite 1.0 (HKLM\...\{549E3EDD-33FC-4B61-9B25-2E333AEC814D}) (Version: 1.0 - CyberActiveX)
UniSuitePlus 1.00 (HKLM\...\{41745680-F50F-4176-A746-BA9DA94A3EE0}) (Version: 1.00 - CyberActiveX)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Upgrading Microsoft Visual Baisc 6.0 to Microsoft Visual Basic .NET (HKLM-x32\...\{092E79CB-2FC1-404B-A31A-9E2D4D3DC135}) (Version: 1.0.0 - MSDN)
VB6 shims (HKLM\...\{fbc6500a-a183-415c-9aa5-f67b9c1536a7}.sdb) (Version: - )
vbAdvance 3.1 (HKLM-x32\...\vbAdvance_is1) (Version: - Young Dynamic Software)
VC Runtimes MSI (HKLM-x32\...\{FF29527A-44CD-3422-945E-981A13584000}) (Version: 9.0.21022 - Microsoft) Hidden
Viber (HKLM-x32\...\{E3A96F0B-19F9-4370-9B8D-4F9347D7C583}) (Version: 14.4.1.12 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\{c1321454-1fd8-4474-8979-2a45e12ec15f}) (Version: 14.4.1.12 - 2010-2020 Viber Media S.a.r.l)
Virtaal 0.6.1 (HKLM-x32\...\Virtaal_is1) (Version: 0.6.1 - Zuza Software Foundation)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM-x32\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM-x32\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM-x32\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM-x32\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM-x32\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.30729 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
vivoTV (HKLM-x32\...\vivoTV_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7 - VideoLAN)
VNC Server 6.0.1 (HKLM\...\{C6C31B05-EAC0-4173-9F4F-2DDF93BA0D34}) (Version: 6.0.1.23971 - RealVNC Ltd)
VS Update core components (HKLM-x32\...\{9F7DE660-6BFE-3BA2-A93D-4F13BD13E10B}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (HKLM-x32\...\{0BCC836F-0B28-4090-B58A-64883BAA3B2F}) (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (HKLM-x32\...\{148878BD-A2A5-4CF1-A103-2BA632F41953}) (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
WYSIWYG Web Builder 10 (HKLM-x32\...\WYSIWYG_Web_Builder_10) (Version: - )
Xtreme SuitePro ActiveX v15.2.1.0221 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.v15.2.1.0221_is1) (Version: 15.2.1.0221 - Codejock Software)
Xtreme SuitePro ActiveX v15.3.1 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.v15.3.1_is1) (Version: 15.3.1 - Codejock Software)
Xtreme SuitePro ActiveX v16.2.4 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.v16.2.4_is1) (Version: 16.2.4 - Codejock Software)
Xtreme SuitePro ActiveX v16.2.6 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.16.2.6_is1) (Version: 16.2.6 - Codejock Software)
Xtreme SuitePro ActiveX v16.3.0 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.16.3.0_is1) (Version: 16.3.0 - Codejock Software)
Xtreme SuitePro ActiveX v16.3.1 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.16.3.1_is1) (Version: 16.3.1 - Codejock Software)
Xtreme SuitePro ActiveX v16.4.0 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.16.4.0_is1) (Version: 16.4.0 - Codejock Software)
Zoom (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)
Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-02-27] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Paket za lokalni interfejs za bosanski -> C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackbs-Latn-BA_19041.11.29.0_neutral__8wekyb3d8bbwe [2021-02-13] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2021-03-20] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joakim\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{213218C6-D5EC-37E5-B4F1-C10B0E699671}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll (Helios Software Solutions Ltd -> )
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{5B61B9F7-FB51-370C-8A8D-DFB0022B1C4F}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{740755A7-1F3C-3731-81C3-FE28F7CD760A}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{A0DFA63D-1559-389A-A0B8-97A72E73FE93}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{AE8D2568-9E18-392D-8E45-BA2E9FED732D}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{B09F620D-6094-3E2C-884F-9877DBF3CB92}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{B65CAD9D-F572-4BD9-9FF1-CBE8AF9FB67D}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\adxloader64.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{C3D2FD77-92B5-3482-871D-91FD59968632}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{C5894223-5F98-3D9A-9D0E-3F4E8BAB5FEA}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{CA97C009-FE21-3CDC-82A2-96CC5982A1BE}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{E1A118D7-AE45-3DA8-B340-4AE00F3A5B02}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-09-24] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers1-x32: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\Windows\SysWow64\cnvshell.dll [2009-02-06] (fCoder Group International) [File not signed]
ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2010-04-23] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [2012-09-07] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers1: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
ContextMenuHandlers1-x32: [TranslationStudioShlExt2011] -> {F6C08E19-DCE1-45B5-A225-E94FADB585DD} => C:\Program Files (x86)\SDL\SDL Trados Studio\Studio15\TranslationStudioExt.dll [2019-02-04] (TODO: <Company name>) [File not signed]
ContextMenuHandlers2: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2019-09-16] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2019-09-16] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-09-24] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2010-04-23] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [2012-09-07] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers4: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-09-24] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers6-x32: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\Windows\SysWow64\cnvshell.dll [2009-02-06] (fCoder Group International) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2010-04-23] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
ContextMenuHandlers1_S-1-5-21-1192574728-1841427162-4075779397-1000: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2016-01-17] (Helios Software Solutions Ltd -> )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-10-26 20:31 - 2010-06-29 09:58 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-10-26 20:31 - 2021-03-22 20:33 - 000039936 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2020-03-07 22:47 - 2019-08-15 18:13 - 001265664 _____ () [File not signed] C:\Program Files (x86)\DisplayFusion\runtimes\win-x64\native\e_sqlite3.dll
2018-01-24 22:07 - 2005-04-22 05:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2014-10-26 20:31 - 2010-08-09 20:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL
2014-10-26 20:34 - 2010-10-26 17:54 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsAcpi.dll
2018-01-24 22:07 - 2012-07-14 09:53 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2010-10-22 12:08 - 2010-10-22 12:08 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2010-09-14 13:11 - 2008-08-12 09:58 - 000131072 _____ (Hewlett-Packard Company) [File not signed] C:\WINDOWS\System32\hpf3l082.dll
2010-09-14 13:16 - 2008-08-12 09:58 - 000254976 _____ (Hewlett-Packard Corporation) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\hpfpp082.dll
2011-04-13 16:08 - 2011-04-13 16:08 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2011-04-13 16:08 - 2011-04-13 16:08 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2012-09-07 15:30 - 2012-09-07 15:30 - 000480256 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\libhunspell.dll
2017-04-29 11:55 - 2017-04-29 11:55 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
2012-09-07 15:30 - 2012-09-07 15:30 - 000066192 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\LFJbg15U.DLL
2012-09-07 15:30 - 2012-09-07 15:30 - 000126096 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\LFPng15U.DLL
2012-09-07 15:30 - 2012-09-07 15:30 - 000212112 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\Ltimgclr15u.dll
2012-09-07 15:30 - 2012-09-07 15:30 - 000208016 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\Ltimgefx15u.dll
2012-09-07 15:30 - 2012-09-07 15:30 - 000134288 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\Ltimgutl15u.dll
2012-09-07 15:30 - 2012-09-07 15:30 - 000122000 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\Lttwn15u.dll
2013-03-02 21:18 - 2012-12-14 15:49 - 000508264 _____ (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
2013-03-02 21:18 - 2012-12-14 16:49 - 000093544 _____ (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
2013-03-02 21:18 - 2012-12-14 15:49 - 002171240 _____ (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
2010-04-23 01:56 - 2010-04-23 01:56 - 000221696 _____ (PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOSH.DLL
2012-09-07 15:30 - 2012-09-07 15:30 - 000165888 _____ (TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\TSCREC3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [132]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.astrocalc.com/
HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.astrocalc.com/
HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.astrocalc.com/
HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180524__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: FlashFXP Helper for Internet Explorer -> {E5A1691B-D188-4419-AD02-90002030B8EE} -> C:\Program Files (x86)\FlashFXP\IEFlash.dll [2007-05-16] (IniCom Networks, Inc. -> IniCom Networks, Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - NuSphere Debugger ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar64.dll [2015-07-30] (Nusphere -> )
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - StExBar - {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} - C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
Toolbar: HKLM-x32 - NuSphere Debugger ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll [2015-07-30] (Nusphere -> )
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> StExBar - {6C7A85A7-27C6-49CE-98B2-A8479B0DD63D} - C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> StExBar - {6C7A85A7-27C6-49CE-98B2-A8479B0DD63D} - C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> StExBar - {6C7A85A7-27C6-49CE-98B2-A8479B0DD63D} - C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE trusted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\123simsen.com -> www.123simsen.com

There are 7947 more sites.

IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\123simsen.com -> www.123simsen.com

There are 7947 more sites.

IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\123simsen.com -> www.123simsen.com

There are 7947 more sites.

IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\123simsen.com -> www.123simsen.com

There are 7947 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2021-03-22 20:37 - 000456032 ____N C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com

There are 15643 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\PBWin90\BIN;C:\Winlicense\WinlicenseSDK;C:\Dev\Vendor\vbRC5BaseDlls;C:\Dev\Firefly3\ChartsDLL\Release;C:\Dev\Firefly3\CalcDLL\Release;C:\Dev\Firefly3\UtilDLL\Release;C:\Program Files (x86)\ImageConverter Plus;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC80.MFC;C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin;C:\Program Files (x86)\Microsoft SDKs\Windows\v6.0A\Bin;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\TortoiseSVN\bin
HKCU\Environment\\Path -> C:\Program Files (x86)\ImageConverter Plus;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC80.MFC;;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joakim\AppData\Local\DisplayFusion\Wallpaper_1.png
HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 213.226.224.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)
Local Area Connection 3: VMware Bridge Protocol -> vmware_bridge (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: BOINC => 2
MSCONFIG\Services: Mach5 Mailer Scheduler => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk.disabled"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "TortoiseHgOverlayIconServer"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ASUS AiChargerPlus Execute"
HKLM\...\StartupApproved\Run32: => "Bing Bar"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk.disabled"
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "boincmgr"
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "Codejock Update"
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "Viber"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{5DE243FE-09EB-4D1A-B0A1-E339583D3CD0}] => (Allow) LPort=1688
FirewallRules: [{6873E13E-24DE-407A-A7B8-12AF79C93580}] => (Allow) C:\Users\Joakim\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{1C013A2C-0103-4182-8D02-2A64F96521AB}] => (Allow) C:\Users\Joakim\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{609EB4D7-1F61-4509-893C-3286ECF35966}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{E749EFFE-15C1-4550-92DB-87BE4BD40C19}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BEC3445F-36DD-45C8-BF57-0C079F8F4674}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C8A7111D-BE7E-47AF-A104-C554A71067A6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DA0BD2F5-FCF7-4AAC-B58D-9B1C99177D71}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{82E78FD3-0B87-43A8-B3C8-96500EF9274C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{056D6F21-9401-4D29-9A87-A66CF3154063}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{63F2E23C-A40B-41DA-9BFB-3FCD6F60E9FF}C:\program files (x86)\nero\nero 2016\nero burning rom\nero.exe] => (Allow) C:\program files (x86)\nero\nero 2016\nero burning rom\nero.exe (Nero AG -> Nero AG)
FirewallRules: [UDP Query User{29A44729-2B6E-4483-9B99-D0735FD32F3B}C:\program files (x86)\nero\nero 2016\nero burning rom\nero.exe] => (Allow) C:\program files (x86)\nero\nero 2016\nero burning rom\nero.exe (Nero AG -> Nero AG)
FirewallRules: [TCP Query User{DCF682B3-4EDD-4F48-936C-4EC42CB49A33}C:\program files (x86)\mach5 mailer 4\popmonger.exe] => (Allow) C:\program files (x86)\mach5 mailer 4\popmonger.exe (Mach5) [File not signed]
FirewallRules: [UDP Query User{2C58268B-9854-426A-A9C2-CCF2D675B31B}C:\program files (x86)\mach5 mailer 4\popmonger.exe] => (Allow) C:\program files (x86)\mach5 mailer 4\popmonger.exe (Mach5) [File not signed]
FirewallRules: [{2B4340B8-DB1B-43DD-AFB5-3AABBD8E7E7F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{78995063-38D5-4348-A444-3B10919782EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{892C2EB9-00F0-4213-9802-44021D742738}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{4D874F93-7391-4D0B-95CC-305006E806B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A8BC7BC7-7A5D-4694-81B2-891F63A84E93}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B13671D-0730-4D1D-8812-AD37FF7303AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8A9DF5A-DBB5-4CE1-9E09-6214BDC34B26}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{621F5F1E-8240-4BF4-A4C6-FE31428A2860}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{878D5190-4058-48DF-9A7D-E605D315E718}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{6FBB196C-6B69-4DAA-A29E-ACBA0179BFBA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A52490F7-4F8D-4566-B3CD-AA180AC3A687}] => (Allow) C:\Program Files\ICMarkets - MetaTrader 5\metatester64.exe (MetaQuotes Ltd. -> MetaQuotes Software Corp.)
FirewallRules: [TCP Query User{5BF293A1-DF7F-4A20-976C-319047C05337}C:\program files (x86)\flashfxp 5\flashfxp.exe] => (Allow) C:\program files (x86)\flashfxp 5\flashfxp.exe (OpenSight Software LLC -> OpenSight Software, LLC)
FirewallRules: [UDP Query User{02979B3B-D210-4BCE-8987-CA85ADCD3251}C:\program files (x86)\flashfxp 5\flashfxp.exe] => (Allow) C:\program files (x86)\flashfxp 5\flashfxp.exe (OpenSight Software LLC -> OpenSight Software, LLC)
FirewallRules: [{C4214EEE-19A1-40D4-98C7-2E0670833262}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{8D5F48BC-6E80-4FBE-9BD0-B0A441A4FEC0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{011A5C70-0AAC-44E6-BB07-C80FC3F558A1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{1C137ACF-261E-457A-AB1C-9E8374D4DAB3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{ED5EE750-F261-4F0F-B83E-5305665E75C7}] => (Allow) LPort=54925
FirewallRules: [{6FA501C5-46D4-447E-A84D-C3F3E0892E77}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{393ECCAD-CD38-4E47-8A98-D98645076563}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAB000AA-5242-4193-AE0B-F5AEA499C6F3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6FD3CF4F-D28B-476F-9E98-540C5EEA2825}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FA880D7F-C866-4DC1-8A59-6E2B6BF0E398}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F70A3C62-4951-4E18-9B8F-0D4A7F80CD3B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP\FlashFXP.exe] => Enabled:FlashFXP v3
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe] => Enabled:FlashFXP v3
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP\FlashFXP.exe] => Enabled:FlashFXP v3
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe] => Enabled:FlashFXP v3
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

07-03-2021 07:31:23 Scheduled Checkpoint
10-03-2021 03:32:00 Windows Modules Installer
16-03-2021 01:23:53 Windows Modules Installer
18-03-2021 01:03:15 Windows Modules Installer
19-03-2021 23:49:30 Removed Acronis True Image WD Edition
21-03-2021 16:06:26 Installed Component Checker

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/22/2021 09:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x1fe0
Faulting application start time: 0x01d71f5c319beccf
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: fab585f5-ac96-4cf9-9857-095953c2d305
Faulting package full name:
Faulting package-relative application ID:

Error: (03/22/2021 09:35:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x1e5c
Faulting application start time: 0x01d71f55357becf8
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: 00ab68dc-84c1-4ce1-84eb-e13037323d48
Faulting package full name:
Faulting package-relative application ID:

Error: (03/22/2021 08:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0xa9ac4e88
Exception code: 0xc0000005
Fault offset: 0x000870e1
Faulting process id: 0x2b74
Faulting application start time: 0x01d71f55438fc4c5
Faulting application path: C:\Users\Joakim\Downloads\aswMBR.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 462b2890-e0ab-451f-aec7-329f39117e8e
Faulting package full name:
Faulting package-relative application ID:

Error: (03/22/2021 08:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x1e5c
Faulting application start time: 0x01d71f55357becf8
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 122276e4-6ff4-4a22-a6be-c093f13c2a97
Faulting package full name:
Faulting package-relative application ID:

Error: (03/22/2021 08:54:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0xa9ac4e88
Exception code: 0xc0000005
Fault offset: 0x000870e1
Faulting process id: 0x29f8
Faulting application start time: 0x01d71f54e7305eaa
Faulting application path: C:\Users\Joakim\Downloads\aswMBR.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5a979b59-fd6b-4354-b3ac-7fbd484327fd
Faulting package full name:
Faulting package-relative application ID:

Error: (03/22/2021 08:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0xa9ac4e88
Exception code: 0xc0000005
Fault offset: 0x000870e1
Faulting process id: 0x2690
Faulting application start time: 0x01d71f541b5fa7b3
Faulting application path: C:\Users\Joakim\Downloads\aswMBR.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9cd66d7f-fb97-4c13-83d2-e1cd72715da9
Faulting package full name:
Faulting package-relative application ID:

Error: (03/22/2021 08:45:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x3c8
Faulting application start time: 0x01d71f53cfdc452c
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: a19c36a7-c7e0-4f74-9a93-9a09cd54968f
Faulting package full name:
Faulting package-relative application ID:

Error: (03/22/2021 08:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x3c8
Faulting application start time: 0x01d71f53cfdc452c
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 12ab1cae-6c1f-4a77-b014-ed7b5ae088d2
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/22/2021 08:36:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/22/2021 08:36:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (03/22/2021 08:36:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Guard Runtime Monitor Broker service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/22/2021 08:36:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the System Guard Runtime Monitor Broker service to connect.

Error: (03/22/2021 08:32:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/22/2021 08:32:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (03/22/2021 08:30:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The shpamsvc service terminated with the following error:
Catastrophic failure

Error: (03/22/2021 08:30:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The UevAgentService service terminated with the following service-specific error:
The storage control blocks were destroyed.


Windows Defender:
================
Date: 2021-03-15 21:33:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-15 08:54:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-14 08:50:40
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-14 03:50:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-13 08:49:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-03-22 21:42:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2021-03-22 20:41:39
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1903 08/19/2013
Motherboard: ASUSTeK COMPUTER INC. MAXIMUS V GENE
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 19%
Total physical RAM: 32712.48 MB
Available physical RAM: 26425.63 MB
Total Virtual: 65480.48 MB
Available Virtual: 59500.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.41 GB) (Free:1241.28 GB) NTFS
Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:1184.14 GB) NTFS
Drive f: (PATRIOT) (Removable) (Total:7.46 GB) (Free:2.6 GB) FAT32
Drive g: (Storage) (Fixed) (Total:1397.26 GB) (Free:1119.08 GB) NTFS

\\?\Volume{67c5537b-6b68-11df-aafe-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS
\\?\Volume{1af5142a-0000-0000-0000-e0a0d1010000}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 1AF5142A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=514 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 2047AD66)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 1ACE5830)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt =======================


So hope there is someone willing to help with assisting in catching this mystic thingy.

Juliet
2021-03-24, 16:16
I've found a few things but none of it appears to be malicious.

I did note that if found you would like to remove remnants of
Acronis True Image
Software for HP OfficeJet 8000


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0242EEF7-7092-4A4E-A078-3CB693073231} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {076A58C9-C053-4E39-9850-AB69D2F68D22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {102C6229-B1A5-4200-9795-1758673B9EC4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {14DA1789-EB8D-4A9F-99D6-9B3AA501C554} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3A4C6FFB-2414-4C07-8120-ECE93E82B540} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {544EF222-E964-464F-A87E-BEA3D8D61D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6637FC96-DC3B-4861-B9C7-B985D05C943E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {68626C0A-4B37-4C8A-9E88-6D429F050ED8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {79E837AC-E154-42AA-B67C-6345E8B872C8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {90725F84-79AF-4EE3-B272-88130A63334C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AEEB9992-DB4E-4162-8E59-73B99B5C5BFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C0B244BD-D6C0-43FD-80AC-CC61720DDD40} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D6A15A93-52C9-4A33-B8DD-49471D36E2DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D74C3BDA-3D0D-4778-827E-66A3CE256617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF user.js: detected! => C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\user.js [2008-11-30]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\csseditor@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\eyedropper@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\fs@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\gfd@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\markdown@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\mathml@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\op1@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\snippets@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\svg-edit@googlegroups.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tablelayout@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\templatesManager@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\thumbnailer@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tipoftheday@bluegriffon.com.xpi [not found]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-16] [Legacy] [not signed]
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-03-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-03-22] <==== ATTENTION
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [132]
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\Program Files (x86)\Acronis
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
FirewallRules: [{6873E13E-24DE-407A-A7B8-12AF79C93580}] => (Allow) C:\Users\Joakim\AppData\Roaming\Zoom\bin\airhost.exe => No File
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HKLM\...\Windows x64\Print Processors\hpcpp104: C:\Windows\System32\spool\prtprocs\x64\hpcpp104.dll [327168 2010-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp118: C:\Windows\System32\spool\prtprocs\x64\hpcpp118.dll [467456 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpfpp082: C:\Windows\System32\spool\prtprocs\x64\hpfpp082.dll [254976 2008-08-12] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [67584 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\HPPMOPJL: C:\WINDOWS\system32\hppmopjl.dll [22016 2009-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpf3l02t: C:\WINDOWS\system32\hpf3l02t.dll [138752 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpf3l082: C:\WINDOWS\system32\hpf3l082.dll [131072 2008-08-12] (Hewlett-Packard Company) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled [2010-09-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and run AdwCleaner

Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

Logs to include with the next post:

Fixlog.txt
AdwCleaner log
Mbam.txt

yettyn
2021-03-24, 19:42
Thanks Juliet,

much appreciate your assistance.

Here is the FRST fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021
Ran by Joakim (24-03-2021 17:57:02) Run:1
Running from C:\Users\Joakim\Desktop
Loaded Profiles: Joakim & Acronis Agent User & Acronis Agent User 2 & boinc_master
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0242EEF7-7092-4A4E-A078-3CB693073231} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {076A58C9-C053-4E39-9850-AB69D2F68D22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {102C6229-B1A5-4200-9795-1758673B9EC4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {14DA1789-EB8D-4A9F-99D6-9B3AA501C554} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3A4C6FFB-2414-4C07-8120-ECE93E82B540} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {544EF222-E964-464F-A87E-BEA3D8D61D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6637FC96-DC3B-4861-B9C7-B985D05C943E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {68626C0A-4B37-4C8A-9E88-6D429F050ED8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {79E837AC-E154-42AA-B67C-6345E8B872C8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {90725F84-79AF-4EE3-B272-88130A63334C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AEEB9992-DB4E-4162-8E59-73B99B5C5BFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C0B244BD-D6C0-43FD-80AC-CC61720DDD40} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D6A15A93-52C9-4A33-B8DD-49471D36E2DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D74C3BDA-3D0D-4778-827E-66A3CE256617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF user.js: detected! => C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\user.js [2008-11-30]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\csseditor@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\eyedropper@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\fs@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\gfd@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\markdown@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\mathml@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\op1@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\snippets@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\svg-edit@googlegroups.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tablelayout@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\templatesManager@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\thumbnailer@bluegriffon.com.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tipoftheday@bluegriffon.com.xpi [not found]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-16] [Legacy] [not signed]
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-03-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-03-22] <==== ATTENTION
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [132]
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\Program Files (x86)\Acronis
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
FirewallRules: [{6873E13E-24DE-407A-A7B8-12AF79C93580}] => (Allow) C:\Users\Joakim\AppData\Roaming\Zoom\bin\airhost.exe => No File
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HKLM\...\Windows x64\Print Processors\hpcpp104: C:\Windows\System32\spool\prtprocs\x64\hpcpp104.dll [327168 2010-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp118: C:\Windows\System32\spool\prtprocs\x64\hpcpp118.dll [467456 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpfpp082: C:\Windows\System32\spool\prtprocs\x64\hpfpp082.dll [254976 2008-08-12] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [67584 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\HPPMOPJL: C:\WINDOWS\system32\hppmopjl.dll [22016 2009-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpf3l02t: C:\WINDOWS\system32\hpf3l02t.dll [138752 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpf3l082: C:\WINDOWS\system32\hpf3l082.dll [131072 2008-08-12] (Hewlett-Packard Company) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled [2010-09-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0242EEF7-7092-4A4E-A078-3CB693073231}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0242EEF7-7092-4A4E-A078-3CB693073231}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{076A58C9-C053-4E39-9850-AB69D2F68D22}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{076A58C9-C053-4E39-9850-AB69D2F68D22}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{102C6229-B1A5-4200-9795-1758673B9EC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{102C6229-B1A5-4200-9795-1758673B9EC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14DA1789-EB8D-4A9F-99D6-9B3AA501C554}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14DA1789-EB8D-4A9F-99D6-9B3AA501C554}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A4C6FFB-2414-4C07-8120-ECE93E82B540}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4C6FFB-2414-4C07-8120-ECE93E82B540}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{544EF222-E964-464F-A87E-BEA3D8D61D1C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{544EF222-E964-464F-A87E-BEA3D8D61D1C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6637FC96-DC3B-4861-B9C7-B985D05C943E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6637FC96-DC3B-4861-B9C7-B985D05C943E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68626C0A-4B37-4C8A-9E88-6D429F050ED8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68626C0A-4B37-4C8A-9E88-6D429F050ED8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79E837AC-E154-42AA-B67C-6345E8B872C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79E837AC-E154-42AA-B67C-6345E8B872C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90725F84-79AF-4EE3-B272-88130A63334C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90725F84-79AF-4EE3-B272-88130A63334C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEEB9992-DB4E-4162-8E59-73B99B5C5BFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEEB9992-DB4E-4162-8E59-73B99B5C5BFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0B244BD-D6C0-43FD-80AC-CC61720DDD40}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B244BD-D6C0-43FD-80AC-CC61720DDD40}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6A15A93-52C9-4A33-B8DD-49471D36E2DE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6A15A93-52C9-4A33-B8DD-49471D36E2DE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D74C3BDA-3D0D-4778-827E-66A3CE256617}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D74C3BDA-3D0D-4778-827E-66A3CE256617}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\user.js => moved successfully
C:\Program Files (x86)\BlueGriffon\extensions\csseditor@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\eyedropper@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\fs@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\gfd@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\markdown@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\mathml@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\op1@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\snippets@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\svg-edit@googlegroups.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\tablelayout@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\templatesManager@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\thumbnailer@bluegriffon.com.xpi => path removed successfully
C:\Program Files (x86)\BlueGriffon\extensions\tipoftheday@bluegriffon.com.xpi => path removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com" => removed successfully
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@veetle.com/vbp;version=0.9.17 => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js => moved successfully
C:\Program Files\mozilla firefox\mozilla.cfg => moved successfully
HPSLPSVC => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\HPSLPSVC => removed successfully
HPSLPSVC => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
C:\ProgramData\TEMP => ":C8B8CEBD" ADS removed successfully
HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully
HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully
HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => removed successfully
"HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => removed successfully
"HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => removed successfully
"HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}" => removed successfully
"HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => removed successfully
"HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis => moved successfully
C:\Program Files (x86)\Acronis => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Acronis Scheduler2 Service" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Acronis Scheduler2 Service" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6873E13E-24DE-407A-A7B8-12AF79C93580}" => removed successfully
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP) => Error: No automatic fix found for this entry.
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpcpp104 => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpcpp118 => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpfpp02t => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpfpp082 => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpzpplhn => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Monitors\HP Universal Print Monitor => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Monitors\HPPMOPJL => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Monitors\PCL hpf3l02t => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Monitors\PCL hpf3l082 => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk => moved successfully
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled => moved successfully
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" => not found

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\.ses => moved successfully
C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db.ses => moved successfully
C:\Windows\Temp\hpqddsvc.log => moved successfully
C:\Windows\Temp\HPSLPSVC0000.log => moved successfully
C:\Windows\Temp\HPSLPSVC0001.log => moved successfully
C:\Windows\Temp\HPSLPSVC0002.log => moved successfully
C:\Windows\Temp\HPSLPSVC0003.log => moved successfully
C:\Windows\Temp\HPSLPSVC0004.log => moved successfully
C:\Windows\Temp\HPSLPSVC0005.log => moved successfully
C:\Windows\Temp\HPSLPSVC0006.log => moved successfully
C:\Windows\Temp\HPSLPSVC0007.log => moved successfully
C:\Windows\Temp\HPSLPSVC0008.log => moved successfully
C:\Windows\Temp\HPSLPSVC0009.log => moved successfully
C:\Windows\Temp\HPSLPSVC0010.log => moved successfully
C:\Windows\Temp\HPSLPSVC0011.log => moved successfully
C:\Windows\Temp\HPSLPSVC0012.log => moved successfully
C:\Windows\Temp\mat-debug-11156.log => moved successfully
C:\Windows\Temp\mat-debug-13380.log => moved successfully
C:\Windows\Temp\mat-debug-14284.log => moved successfully
C:\Windows\Temp\mat-debug-15152.log => moved successfully
C:\Windows\Temp\mat-debug-19492.log => moved successfully
C:\Windows\Temp\mat-debug-2208.log => moved successfully
C:\Windows\Temp\mat-debug-2508.log => moved successfully
C:\Windows\Temp\mat-debug-7176.log => moved successfully
C:\Windows\Temp\mat-debug-8892.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\TBitDefenderUpdaterThread.log => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
C:\Windows\Temp\vminst.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 126533893 B
Java, Flash, Steam htmlcache => 26825 B
Windows/system/drivers => 142658 B
Edge => 5627791 B
Firefox => 1134414959 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 23330 B
ProgramData => 23330 B
Public => 23330 B
systemprofile => 23330 B
systemprofile32 => 23330 B
LocalService => 146848 B
NetworkService => 815926 B
Joakim => 344107141 B
Acronis Agent User => 344146855 B
Acronis Agent User 2 => 344186569 B
boinc_master => 344226283 B
DefaultAppPool => 344265997 B

RecycleBin => 0 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:25:03 ====

here is adwCleaner scan log

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-03-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-24-2021
# Duration: 00:00:37
# OS: Windows 10 Pro
# Scanned: 31980
# Detected: 21


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Smartbar
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKCU\Software\YahooPartnerToolbar
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.ZoltaRegistryCleaner HKCU\Software\Little Registry Cleaner

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


and here the adwCleaner clean log

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-03-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-24-2021
# Duration: 00:00:11
# OS: Windows 10 Pro
# Cleaned: 21
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\AppDataLow\Software\Smartbar
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Little Registry Cleaner
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKCU\Software\YahooPartnerToolbar
Deleted HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
Deleted HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
Deleted HKLM\Software\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
Deleted HKLM\Software\Wow6432Node\\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] remove_folder_Auslogics
[+] remove_folder_Auslogics(2)
[+] remove_folder_Auslogics(3)
[+] remove_folder_Auslogics(4)
[+] remove_regKey_Auslogics
[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3653 octets] - [24/03/2021 19:04:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


As for Malwarebytes Anti-Malware, I have version 1.70 Pro installed and realize that's maybe a bit oldish (or historic may be the Cultural word). I have simply kept it around as a "second opinion" as I went on a tour in the anti-virus/maleware landscape ending up with Windows Defender, and then recently decided to give S&D as 2nd chance as I noticed AV now also was incorporated.

So, would I be better of uninstall my 1.70 and go for what you suggested above?

As for the original problem I came here for, it seems that my HDD still is cheawing away... just by the sound of it, but will have to take a closer look at that once this phase is done.

Joakim/yettyn

Juliet
2021-03-25, 00:07
As for Malwarebytes Anti-Malware, I have version 1.70 Pro installed and realize that's maybe a bit oldish
It is.
Have you allowed it to upgrade when prompted?


So, would I be better of uninstall my 1.70 and go for what you suggested above?
Is this an app your have a paid subscription for?

If not, we can download a free version of the most current which has a 30 day? trial for the premium.

IF, you uninstall the version of Malwabytes you have already on the machine follow the below.

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard



You posted the Malwarebytes AdwCleaner 8.2.0.0 twice.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

yettyn
2021-03-25, 00:49
It is.
Have you allowed it to upgrade when prompted?
Yes, it has allowed me to update definitions before scanning, that's why I have kept it as a backup. I just use it to scan, not the real time protection as I have S&D for that.


Is this an app your have a paid subscription for?
Not any more, bought it almost 10 years ago I think, I don't quite remember, but as it have allowed me to update definitions...



You posted the Malwarebytes AdwCleaner 8.2.0.0 twice.

It created 2 logs, one for the scan and one for the cleaning, so I posted both.

Regarding the FRST fix, it said it removed the Acronis and HP stuff sucessfully, however, then I look in the CP's Programs & Features, as well as the new Apps interface in Win settings, they are still there. Also the specific Acronis accounts are still there, and a few others I don't quite know why as I haven't created them myself. The boinc accounts I know was created by the software used as "donated" CPU time to a research project, but I have since uninstalled that software.

So which of these accounts can I safely remove?

==================== Accounts: =============================

Acronis Agent User (S-1-5-21-1192574728-1841427162-4075779397-1011 - Administrator - Enabled) => C:\Users\Acronis Agent User
Acronis Agent User 2 (S-1-5-21-1192574728-1841427162-4075779397-1013 - Administrator - Enabled) => C:\Users\Acronis Agent User 2
Administrator (S-1-5-21-1192574728-1841427162-4075779397-500 - Administrator - Disabled)
boinc_master (S-1-5-21-1192574728-1841427162-4075779397-1016 - Limited - Enabled) => C:\Users\boinc_master
boinc_project (S-1-5-21-1192574728-1841427162-4075779397-1017 - Limited - Enabled)
DefaultAccount (S-1-5-21-1192574728-1841427162-4075779397-503 - Limited - Disabled)
Guest (S-1-5-21-1192574728-1841427162-4075779397-501 - Limited - Disabled)
Joakim (S-1-5-21-1192574728-1841427162-4075779397-1000 - Administrator - Enabled) => C:\Users\Joakim
WDAGUtilityAccount (S-1-5-21-1192574728-1841427162-4075779397-504 - Limited - Disabled)


Joakim is my personal account I have created with admin permissions and the only one I personally login to use.

I will get back with the malwarebytes scan. My cat is very ill and I have to nurse/monitor him basically 24/7 so a bit hard to stay sharp here...

Thanks again.

Joakim

Juliet
2021-03-25, 00:58
So which of these accounts can I safely remove?
==================== Accounts: =============================

Acronis Agent User (S-1-5-21-1192574728-1841427162-4075779397-1011 - Administrator - Enabled) => C:\Users\Acronis Agent User
Acronis Agent User 2 (S-1-5-21-1192574728-1841427162-4075779397-1013 - Administrator - Enabled) => C:\Users\Acronis Agent User 2

I would delete the ones listed with the Acronis name.

When your finished scanning please post the logs.
I personally wont be able to get back till morning.

Juliet
2021-03-25, 13:12
How is it today?

yettyn
2021-03-25, 23:04
Hi and sorry for my absence, I got caught up in other matters that couldn't wait.

Meanwhile, I think I have solved the problem with my mysterious malware constantly plaguing my HDD... and I think it falls outside of the type that is dealt with here, but it's called "WofCompressedData", the new henchman of Microsoft latest invention "Compact OS". I spotted this by an incident as I was watching Windows's Resource Monitor and Google soon solved the mystery on my behalf.

I opened an elevated command prompt and ran:
compact /compactos:query

and got:
The system is in the compact state

Apparently, someone took the decision for me, without my consent afaik and began to compact all files in my system, which explains the constantly ongoing HDD chewing and loss of not only performance but also rendering some of my old favorite programs non-functional, like VB6. So problem solved really, well I still have to restore my system to a functional uncompressed state, but that's not really a matter for this forum.
For anyone running into the same coming here, here are a few urls that basically tells you all you need to know:
https://www.tenforums.com/general-support/127176-wofcompresseddata-make-stop.html
https://devblogs.microsoft.com/oldnewthing/20190618-00/?p=102597
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/compact-os

As for Malwarebytes Anti-Malware, I decided to uninstall my antique version and try the modern brand, and... I have to say I didn't like it. It's not as bad as the other Bloatware like Avast, AVG etc. but I can see the signs, once having been a great fan of Avast just to eventually have it ruin my system... so it's uninstalled already and for now I will stick with S&D only. I ran the scan and it was clean, except for that it flagged a few of my own programs that contains encryption (but not to hide any mal), with I use in work with my clients. So I'm not gonna post that.

Acronis and the HP software still hangs in the "Programs and Features" installed list, refusing to uninstall but now when I know I'm not really infected I can probably tackle that in other ways, as it's not really a matter for this forum. In anyway, it's been an educational experience and I'm grateful and very much appreciate the assistance you have given. You folks are doing a great job here, donating your time helping those in need.

Thank you

Juliet
2021-03-26, 00:05
Personal matters take precedence.

Sounds like the system was doing a backup compiling files first.....

I was glad to help with what I could.

Let's delete the tools and folders I had you download.



Use this tool to remove quarantined items:

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:


- Delete tools
- Delete now

Click the "Run" button.

When the tool has finished, it will create and open a log report and delete itself.

Juliet
2021-03-27, 15:35
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.