# Firefox library is blank and just an icon



## SEBASTIAN42 (May 20, 2007)

My Firefox in x64Win10ProV21H1 would not open the functional window that I expect after clicking on 'Show All Bookmarks'; eventually I used Revo Uninstaller to remove it, and installed Firefox v89. Since that did not fix the problem, I used Revo again to uninstall it, and also deleted all the Firefox entries that RegScanner found in the Registry. Some 10 entries resisted deletion – most related to Avast. Another re-install improved the situation in no way - it updated to v90. Launching Firefox in Safe Mode (by holding SHIFT down) does no better. Is there a solution to this ?


----------



## Gary R (Jul 23, 2008)

If you did not delete your User profile, when uninstalling Firefox, then re-installing a new version will not get rid of the problem, since it's usually a corrupted User profile that is the source of most Firefox problems.

Of course, if you delete your User profile you'll lose your bookmarks, so ideally it would be best if you could export them before you do so. Sadly in your case that does not seem likely, since your problem would suggest that your Bookmarks appear to be the most likely source of corruption.

Hopefully you had the good sense to back them up, because if not it seems likely that you've lost them.

May I ask why you're using Avast, because IMO the average Windows user has no need for a 3rd party AV. Microsoft Defender is perfectly adequate protection, and generally causes far fewer problems, something that could not be said for Avast.


----------



## SEBASTIAN42 (May 20, 2007)

I did not delete my profile - but am quite willing to. Loss of bookmarks is no issue, because I was trying to replace them anyway. I know that Firefox/Mozilla has a file with a name that includes 'profile'. Is removing the Mozilla profile enough, or did you mean my Microsoft/Windows profile ? What are the precise steps to achieve you suggestion ? 

I'm using Avast because it was recommended to me by my PC Guru, after he found fault with Avira. Dont know 'IMO'.
Defender is very ruthless and unforgiving, whereas Avast allows more leeway in deciding what to quarantine.


----------



## Gary R (Jul 23, 2008)

I'm talking about your Firefox profile.

To find its location do the following ...





__





Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help


Firefox stores your personal information and settings in a profile folder. Find out what is in your profile and how to locate it.




support.mozilla.org





... you can back this up before you delete it, just in case it's not the source of the problem, in which case you can restore it.





__





Back up and restore information in Firefox profiles | Firefox Help


Firefox stores your personal information and settings in a profile folder. Learn how to back up and restore this important data.




support.mozilla.org





Avast often seems to comes up when people are having unusual problems. If this is the first real problem you've had with your computer since installing it, then I'd say leave it alone. If however, in the future, you experience more, you might want to consider uninstalling it.

If you do, then do not use the onboard uninstaller, since it doesn't do a very good job, instead use the following tool created by Avast which usually does a much better job .... 









Avast Removal Tool | Download Avast Clear | Avast







www.avast.com


----------



## SEBASTIAN42 (May 20, 2007)

I said that I uninstalled it completely twice - surely that deletes the profile ! - I even cleared out the Registry to the extent that I could


----------



## SEBASTIAN42 (May 20, 2007)

This time, after uninstalling with Revo, I even searched for 'Firefox' & 'Mozilla' in Explore and deleted all references, and did another registry cleanout for those terms; but after re-install there was no improvement.


----------



## Corday (Mar 3, 2010)

Type or paste %APPDATA%\Mozilla\Firefox\Profiles\ in your Start menu. Don't hit enter. If anything shows, you haven't deleted your FF Profile.


----------



## SEBASTIAN42 (May 20, 2007)

"Type into start menu" - do you mean the Windows Search Tool (Cortana ) ? 

That is where I typed it, and the response is "Preview for %APPDATA%\Mozilla\Firefox\Profiles\" is not available right now,
even though Firefox opens (with the disabled Bookmarks Manager) !

To me that points to the opposite problem - there is NO profile instead of a persistent one.


----------



## Gary R (Jul 23, 2008)

OK, let's have a look and see if there's any Firefox remnants that may be causing problems. To do that please do the following, which will list any files, folders, and registry entries present on your machine ....



*Download* *FRST64* to your Desktop.
Double click *Frst64.exe* to launch it.
*FRST* will start to run.
When the tool opens click Yes to the disclaimer.
Copy/Paste or Type the following line into the *Search:* box.



> SearchAll:Mozilla;Firefox



Press the *Search Files* button.
When finished searching a log will open on your Desktop ... *Search.txt*
*Please post it in your next reply.*


----------



## SEBASTIAN42 (May 20, 2007)

Since you mention 'files left', I uninstalled Firefox again and cleared the registry to the extent I could first with Revo; also did an Explorer search and deleted all except what have nothing to do with RUNNING Furefox. Farbar 'log' attached.


----------



## Gary R (Jul 23, 2008)

*Question ..... do you have any Mozilla programs installed other than Firefox ?*

For example Thunderbird.

I ask this so that I do not script for removal something that may be needed for it to function.

Your log shows quite a few remnants, but many are not Firefox specific, and are common to more than one Mozilla product.


----------



## SEBASTIAN42 (May 20, 2007)

No other Mozilla programs installed BY ME - but I notice that maintenance programs (?) get installed automatically.


----------



## Gary R (Jul 23, 2008)

OK, what I suggest we do to start, is to just remove any files and registry settings directly related to firefox, and see whether that resolves things.

If not, then we can expand to remove all the found Mozilla remnants as well.

FRST quarantines anything it removes, so they can generally be restored if the removals cause problems. I say generally, because when restoring anything, problems do occasionally occur.

I'll post back once I've written the "fix".


----------



## SEBASTIAN42 (May 20, 2007)

I said in my post that I had already cleared out all I could from the file system and the registry before I ran Farbar.
Or are you telling me that Farbar can be told to delete some entries it found ?


----------



## Gary R (Jul 23, 2008)

> I said in my post that I had already cleared out all I could from the file system and the registry before I ran Farbar.
> Or are you telling me that Farbar can be told to delete some entries it found ?


Yes, FRST can be scripted to remove entries, and from the log you supplied there are a number still to be removed.


OK, here goes with the Firefox remnants ...


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
Press *Ctrl+y* (Ctrl and y keys at the same time)
A blank randomly named *.txt* Notepad file will open.
Copy and paste the following into it (don't include Code: ) ....


```
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.15805.0_none_04f1e78822144171\firefox.browser
C:\Windows\System32\Tasks_Migrated\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Utilities\64bit\Firefox
C:\Utilities\32bit\Shortcuts\Browsers\Mozilla Firefox.lnk
C:\Data\Firefox

[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]
[-HKEY_USERS\.DEFAULT\Software\Mozilla\Firefox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 88.0.1]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Classes\Applications\firefox.exe]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Mozilla Firefox\mozwer.dll
```

Press *Ctrl+s* to save *fixlist.txt*
*NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system*

Now press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* in the same folder/directory as FRST64.exe
*Please post me the log*

I have not included any entry related to Avast, and there are a considerable number of these, as I do not know what effect removing them will have on Avast.

Avast could of course be directly related to the problem you're experiencing. So if necessary are you prepared to uninstall it ?


----------



## SEBASTIAN42 (May 20, 2007)

Yes, no problem uninstalling Avast.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by 64bit (18-07-2021 17:08:07) Run:1
Running from D:\Farbar
Loaded Profiles: 64bit
Boot Mode: Normal
==============================================

fixlist content:
***

***


==== End of Fixlog 17:08:08 ====


----------



## Gary R (Jul 23, 2008)

Looks like the fix didn't run correctly, if it had then the fixlog would have shown a list of the instructions I scripted for it, plus the results of running the script.


So let's try again, using these slightly modified instructions.

Open a notepad file, and copy/paste the following into it (don't include Code: )....


```
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.15805.0_none_04f1e78822144171\firefox.browser
C:\Windows\System32\Tasks_Migrated\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Utilities\64bit\Firefox
C:\Utilities\32bit\Shortcuts\Browsers\Mozilla Firefox.lnk
C:\Data\Firefox

[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]
[-HKEY_USERS\.DEFAULT\Software\Mozilla\Firefox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 88.0.1]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Classes\Applications\firefox.exe]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Mozilla Firefox\mozwer.dll
```
..... save as *fixlist.txt *to the same location as FRST,*

Next ...*

Launch FRST, and click on the *Fix *button.
Frst will process the fixlist and produce a *fixlog.txt*
Please post it in your next reply.


----------



## SEBASTIAN42 (May 20, 2007)

I did it again with your new (?) code and got the same empty result. When I press CTRL Y a notepad file opens with a ready-made name - are you sure you want me to change that to 'fixlist.txt' ?


----------



## Gary R (Jul 23, 2008)

Sorry to be late getting back to you. Got called away and just got back.

Do *not* follow the instructions in *post #15

DO* follow the instructions in *post #17* which are not the same as the earlier post.

In the first post FRST opens a Notepad file for you when you hit Ctrl+Y, and names it randomly. In the later set of instructions YOU open Notepad manually, and YOU need to name it *fixlist.txt *and save it to the same location as FRST.

FRST recognises that name and will act on it when you hit the *Fix* button.


----------



## SEBASTIAN42 (May 20, 2007)

I had done that before


Gary R said:


> Sorry to be late getting back to you. Got called away and just got back.
> 
> Do *not* follow the instructions in *post #15
> 
> ...



Fix result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by 64bit (19-07-2021 08:57:31) Run:3
Running from C:\Utilities\64bit\Farbar
Loaded Profiles: 64bit
Boot Mode: Normal
==============================================

fixlist content:
***
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.15805.0_none_04f1e78822144171\firefox.browser
C:\Windows\System32\Tasks_Migrated\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Utilities\64bit\Firefox
C:\Utilities\32bit\Shortcuts\Browsers\Mozilla Firefox.lnk
C:\Data\Firefox

[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]
[-HKEY_USERS\.DEFAULT\Software\Mozilla\Firefox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 88.0.1]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Classes\Applications\firefox.exe]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Mozilla Firefox\mozwer.dll
***

"C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.15805.0_none_04f1e78822144171\firefox.browser" => not found
C:\Windows\System32\Tasks_Migrated\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => moved successfully
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => moved successfully
"C:\Utilities\64bit\Firefox" => not found
"C:\Utilities\32bit\Shortcuts\Browsers\Mozilla Firefox.lnk" => not found
"C:\Data\Firefox" => not found
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 90.0 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox => removed successfully
HKEY_USERS\.DEFAULT\Software\Mozilla\Firefox => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe => removed successfully
HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB => not found
HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 88.0.1 => not found
HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 90.0 => not found
HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Classes\Applications\firefox.exe => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\\C:\Program Files\Mozilla Firefox\mozwer.dll" => removed successfully

==== End of Fixlog 08:57:31 ====


----------



## Gary R (Jul 23, 2008)

OK, looks like the removals went ahead OK this time.

If you haven't already done so, please reboot your computer, and then uninstall Avast using .... Avast Uninstall Utility | Download aswClear for Avast Removal

Reboot your computer again once Avast has finished uninstalling.

Now re-install Firefox, and let me know whether it now works OK or not.


----------



## SEBASTIAN42 (May 20, 2007)

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by 64bit (19-07-2021 08:57:31) Run:3
Running from C:\Utilities\64bit\Farbar
Loaded Profiles: 64bit
Boot Mode: Normal
==============================================

fixlist content:
***
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.15805.0_none_04f1e78822144171\firefox.browser
C:\Windows\System32\Tasks_Migrated\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
C:\Utilities\64bit\Firefox
C:\Utilities\32bit\Shortcuts\Browsers\Mozilla Firefox.lnk
C:\Data\Firefox

[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]
[-HKEY_USERS\.DEFAULT\Software\Mozilla\Firefox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 88.0.1]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Mozilla\Mozilla Firefox 90.0]
[-HKEY_USERS\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Classes\Applications\firefox.exe]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Mozilla Firefox\mozwer.dll
***

"C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.15805.0_none_04f1e78822144171\firefox.browser" => not found
C:\Windows\System32\Tasks_Migrated\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => moved successfully
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => moved successfully
"C:\Utilities\64bit\Firefox" => not found


Gary R said:


> OK, looks like the removals went ahead OK this time.
> 
> If you haven't already done so, please reboot your computer, and then uninstall Avast using .... Avast Uninstall Utility | Download aswClear for Avast Removal
> 
> ...


Oddly, the install process mentioned 'upgrade', so there must have been Firefox remnants. There is no improvement.


----------



## Gary R (Jul 23, 2008)

Please run a system scan with FRST and post me the logs it creates (*Frst.txt* and *Addition.txt*) so I can see if there's anything on your machine that might be a possible cause of your problem, because as things stand I can't see why you're having it.

To do that just launch FRST and then click on the *Scan *button.

The logs are usually long, so easiest if you attach them.


----------



## SEBASTIAN42 (May 20, 2007)

Gary R said:


> Please run a system scan with FRST and post me the logs it creates (*Frst.txt* and *Addition.txt*) so I can see if there's anything on your machine that might be a possible cause of your problem, because as things stand I can't see why you're having it.
> 
> To do that just launch FRST and then click on the *Scan *button.
> 
> The logs are usually long, so easiest if you attach them.


Attachment was my first 'instinct' but twice, an error prevented me from attaching, so I pasted content instead. I expect the same problem again.


----------



## SEBASTIAN42 (May 20, 2007)

Sure enough "something went wrong" again. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021
Ran by 64bit (administrator) on VENTO (Gigabyte Technology Co., Ltd. GA-880GM-UD2H) (19-07-2021 20:37:11)
Running from C:\Utilities\64bit\Farbar
Loaded Profiles: 64bit
Platform: Windows 10 Pro Version 21H1 19043.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Kleptomania\KMania.exe
() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
(Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exe
(Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellCenter64.exe
(Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files (x86)\Actual Window Manager\LogonScreenService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Code Sector) [File not signed] C:\Program Files\TeraCopy\TeraCopyService.exe
(Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Insight Software Solutions, Inc.) [File not signed] C:\Program Files (x86)\Macro Express Pro\MacExp.exe
(Insight Software Solutions, Inc.) [File not signed] C:\Program Files (x86)\Macro Express Pro\MEProx64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7711048 2016-09-28] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files\Wondershare\UniConverter\WSVCUUpdateHelper.exe [33968 2021-04-25] (Wondershare Technology Co.,Ltd -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [188808 2021-06-22] (Mixbyte Inc -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Run: [Kleptomania] => C:\Program Files (x86)\Kleptomania\KMania.exe [973312 2017-10-16] () [File not signed]
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-03-05] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Run: [Actual Window Manager] => C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe [2206464 2021-02-12] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools)
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-17] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
AppInit_DLLs: ldntvdm.dll => C:\WINDOWS\system32\ldntvdm.dll [13824 2018-06-20] () [File not signed]
Startup: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Boilerplate.AHK.lnk [2020-08-22]
ShortcutTarget: Boilerplate.AHK.lnk -> C:\Data\Batch files\Boilerplate.AHK () [File not signed]
Startup: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty_Recycle_Bin.lnk [2020-07-12]
ShortcutTarget: Empty_Recycle_Bin.lnk -> C:\Data\Batch files\Empty_Recycle_Bin.vbs () [File not signed]
Startup: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\This PC [2021-05-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express Pro.lnk [2020-08-02]
ShortcutTarget: Macro Express Pro.lnk -> C:\Program Files (x86)\Macro Express Pro\MacExp.exe (Insight Software Solutions, Inc.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {395480AD-D38F-4C13-8E63-7A24941A1817} - System32\Tasks\Opera scheduled Autoupdate 1626276139 => C:\Program Files (x86)\Opera\launcher.exe [2264784 2021-07-14] (Opera Software AS -> Opera Software)
Task: {44CE1D64-FCA7-460D-B58F-E1FF9877BAD3} - System32\Tasks\SafeZone scheduled Autoupdate 1534586109 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {63F20289-5EB8-4BA7-8DB4-8BE77BC6F90D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-03-03] (Google Inc -> Google Inc.)
Task: {7EA38267-7AF0-4E01-BB72-0FE199843A06} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {8E2325B6-8F46-48E9-B27A-A98467AAD5D0} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1161377928-100096128-3991036370-500 => C:\Users\64bit\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AutoPico Daily Restart" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d74f2c40b6a8c9" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1161377928-100096128-3991036370-500" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1626276139" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1534586109" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {B67A34CC-F2BE-4B86-BE3C-1B4533824306} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {B6C180EB-E4B2-4427-855B-C19F7FDAED71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-03-03] (Google Inc -> Google Inc.)
Task: {CE0920FD-5459-4620-B974-29ED3F610429} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe
Task: {ED277869-A460-498C-81DE-86CCC1868F62} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F2058DCA-070D-4424-AD7D-7E76C3BFEC5C} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [14836656 2014-04-30] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.)
Task: {FD5176C4-453D-4F03-89FE-C4CFAF3B7FDC} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{888cc647-2cc5-4371-bb2f-7d55c3f17cfd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c4afb7ce-9e15-461b-aa4d-c2a16a17be3f}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\64bit\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-24]
Edge Extension: (IDM Integration Module) - C:\Users\64bit\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-05-06]
Edge HKU\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2020-12-26]

FireFox:
========
FF DefaultProfile: 8a2v4xio.default
FF ProfilePath: C:\Users\64bit\AppData\Roaming\Mozilla\Firefox\Profiles\8a2v4xio.default [2021-07-17]
FF ProfilePath: C:\Users\64bit\AppData\Roaming\Mozilla\Firefox\Profiles\sgduezls.default-release [2021-07-19]
FF HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\64bit\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\64bit\AppData\Roaming\IDM\idmmzcc5 [2021-02-22] [Legacy] [not signed]
FF HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default [2021-07-18]
CHR Notifications: Default -> hxxps://app.mysms.com
CHR StartupUrls: Default -> "hxxps://www.google.com.au/","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-d6194eaa"
CHR DefaultSearchURL: Default -> hxxps://www.google.com.au/favicon.ico
CHR Extension: (Google Translate) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-07-12]
CHR Extension: (Slides) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-03]
CHR Extension: (Free Download Manager) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2021-02-23]
CHR Extension: (280daily) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aibhdihcdjelmifgpkcalcafldalpkbm [2019-03-03]
CHR Extension: (Flash Video Downloader) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-03-03]
CHR Extension: (Docs) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-03]
CHR Extension: (Dictanote) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2019-03-03]
CHR Extension: (Google Drive) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-18]
CHR Extension: (Todoist for Chrome) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjohebimpjdhhocbknplfelpmdhifhd [2019-03-03]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-06-06]
CHR Extension: (YouTube) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-03]
CHR Extension: (Telegram) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2019-03-03]
CHR Extension: (Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\deigijodonbmdapahgkdjljmcngipaab [2019-03-19]
CHR Extension: (Session Buddy) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2020-07-12]
CHR Extension: (Bulk Media Downloader) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfdcgbfcboceiclmjaofdannmjdeaoi [2021-02-23]
CHR Extension: (Sheets) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-03]
CHR Extension: (mysms) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfhfkdhimodlhfnnefonjfnhfaddlo [2020-08-02]
CHR Extension: (Google Docs Offline) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-25]
CHR Extension: (Avast Online Security) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-03-27]
CHR Extension: (Text Editor) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2020-07-12]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2019-03-03]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2019-03-03]
CHR Extension: (Badge) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hobgfokkfmmdehpedkjgkhjcnejfoodf [2020-08-02]
CHR Extension: (My Diary) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfnkanfehhehlajnhpajibfcfgkaikl [2019-03-03]
CHR Extension: (Mate Translate – translator, dictionary) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2021-06-25]
CHR Extension: (Voice Recognition) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2019-03-03]
CHR Extension: (Excel Online) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2019-03-03]
CHR Extension: (Dropbox) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2019-03-03]
CHR Extension: (Multi Forward for Gmail) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2019-03-03]
CHR Extension: (Google Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-06-06]
CHR Extension: (Evernote Web) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-03-03]
CHR Extension: (Google Maps) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2019-03-03]
CHR Extension: (Yellow highlighter pen for web) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2019-03-03]
CHR Extension: (Google Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-22]
CHR Extension: (IDM Integration Module) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-06-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-27]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2021-06-25]
CHR Extension: (AdBlocker Ultimate) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2020-12-18]
CHR Extension: (diagrams.net Desktop) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebppomjfocnoigkeepgbmcifnnlndla [2021-06-25]
CHR Extension: (SendLeap) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnjmiobjppgfeicepedmfnpjjmfjlha [2020-10-30]
CHR Extension: (Gmail) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-26]
CHR HKU\S-1-5-21-1161377928-100096128-3991036370-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.17.7.7150\BVDChromeExt.crx [2019-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.22.9.7557\BVDChromeExt.crx [2021-06-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-26]

Opera: 
=======
OPR Profile: C:\Users\64bit\AppData\Roaming\Opera Software\Opera Stable [2021-07-15]
OPR Extension: (Rich Hints Agent) - C:\Users\64bit\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-15]
StartMenuInternet: (HKU\S-1-5-21-1161377928-100096128-3991036370-1001) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2018-11-16] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 aim_LSService; C:\Program Files (x86)\Actual Window Manager\LogonScreenService.exe [609024 2021-02-12] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [483184 2019-01-22] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [715496 2013-11-19] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.)
S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [715496 2013-11-19] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [86920 2021-06-22] (Mixbyte Inc -> Freemake)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [7462200 2021-07-15] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14283048 2021-04-30] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [93184 2016-07-29] (Code Sector) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files\Wondershare\UniConverter\Transfer\DriverInstall.exe [114352 2021-04-25] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [18576 2020-09-07] (Glarysoft LTD -> Glarysoft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-07-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-15] (Malwarebytes Inc -> Malwarebytes)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [72632 2016-09-20] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-19 18:30 - 2021-07-19 18:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-19 17:20 - 2021-07-19 17:19 - 012210760 *_* (AVAST Software) C:\Users\64bit\Desktop\avastclear.exe
2021-07-19 12:44 - 2021-07-19 12:44 - 000001385 *_* C:\Users\Public\Desktop\TubeMate Downloader.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000001365 *_* C:\Users\Public\Desktop\TubeMate Player.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000001310 *_* C:\Users\Public\Desktop\MP4 Downloader Pro.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000001290 *_* C:\Users\Public\Desktop\MP4 Converter.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000001275 *_* C:\Users\Public\Desktop\MP4 Player.lnk
2021-07-19 12:44 - 2021-07-19 12:44 - 000000000 ____D C:\Users\64bit\AppData\Roaming\TubeMate Software
2021-07-19 12:44 - 2021-07-19 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows TubeMate
2021-07-19 12:44 - 2021-07-19 12:44 - 000000000 ____D C:\Program Files (x86)\TubeMate Software
2021-07-19 12:36 - 2021-07-19 12:36 - 000000990 *_* C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-07-19 12:36 - 2021-07-19 12:36 - 000000978 *_* C:\Users\Public\Desktop\4K Video Downloader.lnk
2021-07-19 12:35 - 2021-07-19 12:35 - 000000000 ____D C:\Program Files (x86)\4KDownload
2021-07-19 12:29 - 2021-07-19 12:29 - 000001135 *_* C:\ProgramData\Microsoft\Windows\Start Menu\Programs\icofx 3.lnk
2021-07-19 12:29 - 2021-07-19 12:29 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Neos Eureka S.r.l
2021-07-19 12:29 - 2021-07-19 12:29 - 000000000 ____D C:\Users\64bit\AppData\Roaming\icofx3
2021-07-19 12:29 - 2021-07-19 12:29 - 000000000 ____D C:\ProgramData\icofx3
2021-07-19 12:29 - 2021-07-19 12:29 - 000000000 ____D C:\Program Files (x86)\icofx3
2021-07-18 19:57 - 2021-07-18 19:57 - 000002221 *_* C:\Users\Public\Desktop\Xilisoft AVI MPEG Joiner 2.lnk
2021-07-18 19:48 - 2021-07-18 19:48 - 000002212 *_* C:\Users\Public\Desktop\Xilisoft Video Splitter 2.lnk
2021-07-18 17:30 - 2021-07-18 17:30 - 000002872 *_* C:\Users\64bit\Desktop\fixlist.txt
2021-07-18 17:30 - 2021-07-18 17:30 - 000000333 *_* C:\Users\64bit\Desktop\Fixlog.txt
2021-07-18 17:06 - 2021-07-19 20:37 - 000000000 ____D C:\FRST
2021-07-18 14:20 - 2021-07-18 14:20 - 000002256 *_* C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2021-07-18 14:15 - 2021-07-18 14:15 - 000002202 *_* C:\Users\Public\Desktop\Xilisoft HD Video Converter.lnk
2021-07-18 14:03 - 2021-07-18 19:57 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Xilisoft
2021-07-18 14:03 - 2021-07-18 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2021-07-18 14:03 - 2021-07-18 14:03 - 000002157 *_* C:\Users\Public\Desktop\Xilisoft MP4 Converter.lnk
2021-07-18 14:02 - 2021-07-18 19:57 - 000000000 ____D C:\ProgramData\Xilisoft
2021-07-18 14:02 - 2021-07-18 19:57 - 000000000 ____D C:\Program Files (x86)\Xilisoft
2021-07-18 13:51 - 2021-07-18 13:51 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Origen
2021-07-17 17:41 - 2021-07-19 20:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-17 17:41 - 2021-07-19 18:30 - 000001010 *_* C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-17 17:41 - 2021-07-19 18:30 - 000000998 *_* C:\Users\Public\Desktop\Firefox.lnk
2021-07-17 17:41 - 2021-07-17 17:41 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Mozilla
2021-07-17 17:40 - 2021-07-19 18:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-17 13:55 - 2021-07-17 13:55 - 000007680 *_* (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-17 13:55 - 2021-07-17 13:55 - 000006656 *_* (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-17 13:54 - 2021-07-17 13:54 - 002371072 *_* C:\WINDOWS\system32\rdpnano.dll
2021-07-17 13:54 - 2021-07-17 13:54 - 000452608 *_* (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-17 13:54 - 2021-07-17 13:54 - 000084992 *_* (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-17 13:54 - 2021-07-17 13:54 - 000067584 *_* (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-17 13:54 - 2021-07-17 13:54 - 000007680 *_* (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-17 13:54 - 2021-07-17 13:54 - 000006656 *_* (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-17 13:53 - 2021-07-17 13:53 - 001314128 *_* (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-17 13:53 - 2021-07-17 13:53 - 000570880 *_* (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-17 13:53 - 2021-07-17 13:53 - 000011357 *_* C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-17 13:52 - 2021-07-17 13:52 - 002260992 *_* C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-17 13:52 - 2021-07-17 13:52 - 001823280 *_* (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-17 13:52 - 2021-07-17 13:52 - 001393504 *_* (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-17 13:52 - 2021-07-17 13:52 - 000097792 *_* C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-17 13:52 - 2021-07-17 13:52 - 000060928 *_* C:\WINDOWS\system32\runexehelper.exe
2021-07-17 13:18 - 2021-07-17 13:18 - 000000000 ___HD C:\$WinREAgent
2021-07-17 13:15 - 2021-07-18 16:54 - 000003214 *_* C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d74f2c40b6a8c9
2021-07-15 01:29 - 2021-07-15 01:29 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stylet Click & Gone - One Click App Killer
2021-07-15 01:29 - 2021-07-15 01:29 - 000000000 ____D C:\Program Files (x86)\Stylet Click & Term 1.0
2021-07-15 01:22 - 2021-07-18 16:54 - 000003532 *_* C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1626276139
2021-07-15 01:22 - 2021-07-15 01:22 - 000001241 *_* C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-07-15 01:21 - 2021-07-15 01:21 - 000248992 *_* (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-07-15 01:21 - 2021-07-15 01:21 - 000019912 *_* (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-07-15 01:21 - 2021-07-15 01:21 - 000002041 *_* C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-14 23:52 - 2021-07-14 23:52 - 000000080 *_* C:\Users\64bit\Desktop\profile.txt
2021-06-25 23:32 - 2021-06-25 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2021-06-25 23:32 - 2021-06-25 23:32 - 000000000 ____D C:\Program Files (x86)\XetoWare
2021-06-25 23:32 - 2015-02-15 21:01 - 001296896 *_* (Clever Components) C:\WINDOWS\SysWOW64\clmultidx7.ocx
2021-06-25 23:32 - 2011-02-16 09:00 - 000132880 *_* (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.ocx
2021-06-25 23:32 - 2006-10-16 23:15 - 000152848 *_* (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2021-06-25 23:21 - 2021-06-25 23:26 - 000000000 ____D C:\Users\64bit\Documents\WonderFox Soft
2021-06-25 23:15 - 2021-06-25 23:15 - 000000000 ____D C:\Users\64bit\Documents\WinX YouTube Downloader
2021-06-25 23:08 - 2021-06-25 23:13 - 000000000 ____D C:\Users\64bit\AppData\Roaming\VideoProc
2021-06-25 23:08 - 2021-06-25 23:08 - 000000000 ____D C:\Users\64bit\Documents\VideoProc
2021-06-25 23:08 - 2021-06-25 23:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Digiarty
2021-06-25 23:08 - 2021-06-25 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\Users\64bit\Documents\Freemake
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\ProgramData\Freemake
2021-06-25 22:39 - 2021-06-25 22:39 - 000000000 ____D C:\Program Files (x86)\Freemake
2021-06-25 22:30 - 2021-06-25 22:33 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Bigasoft Video Downloader Pro
2021-06-25 22:30 - 2021-06-25 22:30 - 000000000 ____D C:\Users\64bit\Documents\Bigasoft Video Downloader Pro
2021-06-25 22:30 - 2021-06-25 22:30 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2021-06-25 22:30 - 2021-06-25 22:30 - 000000000 ____D C:\Program Files (x86)\Bigasoft
2021-06-25 14:41 - 2021-06-25 14:41 - 000001238 *_* C:\Users\64bit\Desktop\Shutdown.lnk
2021-06-25 14:08 - 2021-06-25 14:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Window Manager
2021-06-25 14:08 - 2021-06-25 14:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Actual Tools
2021-06-25 14:08 - 2021-06-25 14:08 - 000000000 ____D C:\ProgramData\Actual Tools
2021-06-25 14:08 - 2021-06-25 14:08 - 000000000 ____D C:\Program Files (x86)\Actual Window Manager
2021-06-25 12:34 - 2021-06-25 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Launch Bar
2021-06-25 12:08 - 2021-06-25 12:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Tordex
2021-06-24 16:13 - 2021-06-25 12:35 - 000000000 ____D C:\Program Files\TrueLaunchBar
2021-06-24 14:57 - 2021-06-24 14:57 - 000000000 ____D C:\Users\64bit\AppData\Roaming\JAM Software
2021-06-24 14:57 - 2021-06-24 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize
2021-06-24 14:57 - 2021-06-24 14:57 - 000000000 ____D C:\Program Files\JAM Software
2021-06-24 14:56 - 2021-06-24 14:56 - 002755584 *_* (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-24 14:55 - 2021-06-24 14:55 - 002755584 *_* (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-24 14:54 - 2021-06-24 14:54 - 001864192 *_* (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-24 14:54 - 2021-06-24 14:54 - 000468440 *_* C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-24 14:54 - 2021-06-24 14:54 - 000423936 *_* (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-24 14:54 - 2021-06-24 14:54 - 000223744 *_* C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-24 14:53 - 2021-06-24 14:53 - 002260480 *_* (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-24 14:52 - 2021-06-24 14:52 - 000657464 *_* C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-24 14:52 - 2021-06-24 14:52 - 000563712 *_* (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-24 14:52 - 2021-06-24 14:52 - 000287232 *_* C:\WINDOWS\system32\CoreMas.dll
2021-06-24 14:52 - 2021-06-24 14:52 - 000272384 *_* C:\WINDOWS\system32\TpmTool.exe
2021-06-24 14:34 - 2021-06-24 14:34 - 000000000 ____D C:\Users\64bit\AppData\Local\mbamtray
2021-06-24 14:34 - 2021-06-24 14:34 - 000000000 ____D C:\Users\64bit\AppData\Local\mbam
2021-06-24 14:33 - 2021-07-15 01:21 - 000199128 *_* (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-19 20:36 - 2021-05-23 02:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-19 20:24 - 2021-05-23 03:05 - 000795738 *_* C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-19 20:24 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-19 20:22 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-19 20:22 - 2019-03-03 20:18 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-19 20:21 - 2019-11-24 22:23 - 000000000 ____D C:\Users\64bit\AppData\Local\Greenshot
2021-07-19 20:20 - 2021-05-23 03:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-19 20:20 - 2021-05-22 22:28 - 000000000 ____D C:\Program Files\TeamViewer
2021-07-19 20:20 - 2020-05-29 19:23 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-19 20:20 - 2019-03-26 23:01 - 000000416 *_* C:\WINDOWS\SysWOW64\AbBakConfig.dat
2021-07-19 20:20 - 2019-03-26 23:00 - 000000150 *_* C:\WINDOWS\SysWOW64\winsevr.dat
2021-07-19 20:20 - 2019-03-26 22:59 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2021-07-19 20:20 - 2018-08-18 22:19 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-19 18:44 - 2019-12-07 19:03 - 000262144 *_* C:\WINDOWS\system32\config\BBI
2021-07-19 18:32 - 2019-04-18 14:39 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-19 18:31 - 2018-10-03 14:23 - 000000000 ____D C:\Users\64bit\AppData\LocalLow\Mozilla
2021-07-19 18:30 - 2018-09-01 23:43 - 000000000 ____D C:\Users\64bit\AppData\Roaming\TeraCopy
2021-07-19 18:24 - 2018-08-18 22:52 - 000000000 ____D C:\Users\64bit\AppData\Local\AVAST Software
2021-07-19 18:10 - 2019-08-25 20:44 - 000000214 *_* C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-07-19 18:06 - 2019-10-11 20:01 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-07-19 17:49 - 2021-05-23 03:17 - 000004264 *_* C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-19 17:46 - 2018-08-18 19:53 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-19 13:52 - 2018-08-17 02:29 - 000000000 ____D C:\Users\64bit\Desktop\Holding
2021-07-19 12:44 - 2019-06-26 20:08 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Tomabo
2021-07-18 16:54 - 2021-05-23 03:17 - 000003408 *_* C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-18 16:54 - 2021-05-23 03:17 - 000003346 *_* C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-18 16:54 - 2021-05-23 03:17 - 000003338 *_* C:\WINDOWS\system32\Tasks\SafeZone scheduled Autoupdate 1534586109
2021-07-18 16:54 - 2021-05-23 03:17 - 000003184 *_* C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-18 16:54 - 2021-05-23 03:17 - 000003122 *_* C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-18 16:54 - 2021-05-23 03:17 - 000002854 *_* C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1161377928-100096128-3991036370-500
2021-07-18 16:54 - 2021-05-23 03:17 - 000002612 *_* C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-07-18 16:54 - 2021-05-23 03:17 - 000002528 *_* C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2021-07-18 14:03 - 2021-05-23 03:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-07-18 13:22 - 2019-06-06 13:55 - 000000000 ____D C:\Program Files\KMSpico
2021-07-17 23:19 - 2018-08-18 19:57 - 000000000 ____D C:\Users\64bit\AppData\Roaming\vlc
2021-07-17 17:41 - 2018-10-03 14:23 - 000000000 ____D C:\Users\64bit\AppData\Local\Mozilla
2021-07-17 17:30 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-17 17:26 - 2021-05-23 02:46 - 000381056 *_* C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-17 17:06 - 2019-12-07 19:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-17 17:06 - 2019-12-07 19:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-17 16:47 - 2019-05-19 18:23 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2021-07-17 16:47 - 2018-08-17 23:32 - 000000000 ____D C:\Program Files (x86)\net.downloadhelper.coapp
2021-07-17 16:47 - 2018-08-17 23:31 - 000000000 ____D C:\Program Files (x86)\Free Download Manager
2021-07-17 16:47 - 2018-08-17 22:14 - 000000000 ____D C:\Data
2021-07-17 13:59 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-17 13:53 - 2018-08-16 19:56 - 000414038 __RSH C:\bootmgr
2021-07-17 13:27 - 2018-08-18 22:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-17 13:26 - 2020-09-28 00:36 - 000002443 *_* C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-17 13:26 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-17 13:26 - 2018-08-16 02:14 - 000000000 ____D C:\Users\64bit\AppData\Local\Packages
2021-07-17 13:23 - 2019-03-03 20:19 - 000002306 *_* C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-17 13:18 - 2018-08-18 22:27 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-16 11:16 - 2019-06-06 02:44 - 000000000 ____D C:\Program Files (x86)\Opera
2021-07-15 15:17 - 2021-05-23 02:29 - 000000000 ____D C:\Users\64bit
2021-07-15 01:21 - 2019-12-07 19:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-07-15 00:51 - 2021-02-22 23:16 - 000000000 ____D C:\Users\64bit\AppData\Roaming\DMCache
2021-06-25 23:37 - 2020-07-12 00:49 - 000000000 ____D C:\Users\64bit\AppData\Roaming\MightyText
2021-06-25 23:30 - 2019-11-15 19:48 - 000000000 ____D C:\Program Files (x86)\Universal USB Installer
2021-06-25 23:26 - 2018-08-23 22:36 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2021-06-25 23:26 - 2018-08-23 22:36 - 000000000 ____D C:\Program Files (x86)\WonderFox Soft
2021-06-25 23:21 - 2019-08-31 01:32 - 000000000 ____D C:\Users\64bit\AppData\Roaming\WinX YouTube Downloader
2021-06-25 23:08 - 2019-08-31 01:32 - 000000000 ____D C:\Program Files (x86)\Digiarty
2021-06-25 23:05 - 2019-08-25 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-06-25 22:39 - 2020-07-11 23:04 - 000001686 *_* C:\Users\64bit\Documents\starburn.txt
2021-06-25 21:02 - 2019-08-25 19:22 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Wondershare
2021-06-25 21:02 - 2019-08-25 19:22 - 000000000 ____D C:\Users\64bit\AppData\Local\Wondershare
2021-06-25 21:01 - 2019-08-25 19:21 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-06-25 20:58 - 2019-07-30 22:33 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Allavsoft
2021-06-25 20:51 - 2021-02-22 22:27 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Signal
2021-06-25 20:51 - 2020-08-02 14:49 - 000000000 ____D C:\Users\64bit\AppData\Roaming\Telegram Desktop
2021-06-25 20:28 - 2021-05-24 22:26 - 000000000 ____D C:\Users\64bit\AppData\Local\Pushbullet
2021-06-25 13:22 - 2018-08-17 23:33 - 000000000 ____D C:\Program Files (x86)\CCleaner
2021-06-24 18:25 - 2020-01-04 23:14 - 000001024 ____H C:\AMTAG.BIN
2021-06-24 18:25 - 2020-01-04 23:13 - 000006537 *_* C:\WINDOWS\GA_OF.dat
2021-06-24 17:17 - 2021-03-27 11:02 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-24 15:34 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-24 15:04 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\servicing
2021-06-24 15:00 - 2019-08-25 20:17 - 000000000 ____D C:\Program Files\Unlocker
2021-06-24 14:51 - 2018-11-16 12:32 - 000000000 ____D C:\Program Files (x86)\JAM Software
2021-06-24 14:48 - 2021-02-22 22:03 - 000001130 *_* C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2021-06-24 14:48 - 2021-02-22 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-06-24 14:19 - 2021-05-23 00:55 - 000000000 ____D C:\Users\64bit\AppData\Local\ElevatedDiagnostics
2021-06-24 13:38 - 2021-05-24 21:54 - 000000000 ____D C:\WINDOWS\Panther

==================== Files in the root of some directories ========

2017-01-14 21:37 - 2017-01-14 21:37 - 002174976 *_* (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2020-01-04 23:24 - 2020-01-04 23:24 - 001276928 *_* () C:\Users\64bit\AppData\Roaming\smss.exe
2019-10-07 19:59 - 2019-10-07 19:59 - 000000410 *_* () C:\Users\64bit\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by 64bit (19-07-2021 20:40:00)
Running from C:\Utilities\64bit\Farbar
Windows 10 Pro Version 21H1 19043.1110 (X64) (2021-05-22 17:19:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

64bit (S-1-5-21-1161377928-100096128-3991036370-1001 - Administrator - Enabled) => C:\Users\64bit
Administrator (S-1-5-21-1161377928-100096128-3991036370-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1161377928-100096128-3991036370-503 - Limited - Disabled)
Guest (S-1-5-21-1161377928-100096128-3991036370-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1161377928-100096128-3991036370-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
4K Video Downloader (HKLM\...\{8D675A5F-BA7D-4FC8-8B38-2D1D5A5DB905}) (Version: 4.16.2.4280 - Open Media LLC)
[email protected] Partition Recovery 18 (HKLM\...\{9D7E3F86-DAA8-4894-96D6-A0AB26291A16}_is1) (Version: 18 - LSoft Technologies Inc)
Actual Window Manager 8.14.5 (HKLM-x32\...\Actual Windows Manager_is1) (Version: 8.14.5 - Actual Tools)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_1) (Version: 20.0.1 - Adobe Systems Incorporated)
AIDA64 Extreme v5.97 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.97 - FinalWire Ltd.)
Allavsoft 3.17.7.7150 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation)
AOMEI Backupper Professional (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant 8.6 (HKLM-x32\...\{04F850ED-FD0F-4ED1-AE1B-4498165BF3D2}_is1) (Version: - AOMEI Technology Co., Ltd.)
AutoHotkey 1.1.27.03 (HKLM\...\AutoHotkey) (Version: 1.1.27.03 - Lexikos)
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
Bigasoft Video Downloader Pro 3.22.9.7557 (HKLM-x32\...\{C7056BA6-D954-43A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation)
Casper 8.0 (HKLM\...\{6A58EB2E-5883-4515-910D-699C4396797B}) (Version: 8.0.4422 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.69 - Piriform)
Clipboard Magic version 5.05 (HKLM-x32\...\Clipboard Magic_is1) (Version: 5.05 - CyberMatrix Corporation, Inc.)
CloseAll (HKLM-x32\...\CloseAll) (Version: 3.0 - NTWind Software)
CPUID CPU-Z 1.95 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.95 - CPUID, Inc.)
DiskGenius 5.3.0 (HKLM\...\{2661F2FA-56A7-415D-8196-C4CB3D3ACFFE}_is1) (Version: - Eassos Co., Ltd.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Eassos PartitionGuru 4.9.5 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.)
EmEditor (64-bit) (HKLM\...\{E6B168F6-063F-41B3-AA51-8715318FF209}) (Version: 19.0.0 - Emurasoft, Inc.)
Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: v3.7.28.0 - TANK Studios LTD)
Folder Size Explorer (HKLM-x32\...\{7C3E7EA4-DCEC-4E49-8459-B6F15DBD9795}) (Version: 1.7.1 - Bazwise)
Free YouTube Downloader (HKLM-x32\...\{D310A35E-DE1E-4804-9AD7-67EFA4A6FB54}_is1) (Version: 2016.3.27 - XetoWare)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.5 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 1.0.1 - Alexander Shaduri)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.70 - Janos Mathe)
HD Video Converter Factory 15.4 (HKLM-x32\...\HD Video Converter Factory) (Version: 15.4 - WonderFox Soft, Inc.)
icofx 3.5 (HKLM-x32\...\icofx 3_is1) (Version: 3.5 - IcoFX Software S.R.L.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.38.16 - Tonec Inc.)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
IrfanView 4.56 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.56 - Irfan Skiljan)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kleptomania version 5.0 (HKLM-x32\...\{59C08933-1E83-4A8B-A2A9-FD895CFCC95D}_is1) (Version: 5.0 - StructuRise)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Macro Express Pro (HKLM-x32\...\Macro Express Pro) (Version: 4.2.1.1 - Insight Software Solutions, Inc.)
Malwarebytes version 4.4.2.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Messenger for Desktop (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\{4e2a4302-5df4-5868-a685-36c844414384}) (Version: 3.0.14 - MFD LABS LTD)
Messenger for Desktop (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\4e2a4302-5df4-5868-a685-36c844414384) (Version: 3.0.8 - MFD LABS LTD)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MightyText (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\MightyText) (Version: 5.3.1 - MightyText)
MiniTool Power Data Recovery 8.0 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 8.0 - MiniTool Software Limited)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 90.0 (x64 en-US)) (Version: 90.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0 - Mozilla)
MP4 Downloader Pro 4 (HKLM-x32\...\MP4 Downloader Pro_is1) (Version: - Tomabo)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version: - )
NTVDM x64 (HKLM\...\ConhostFullScreen) (Version: 1.0.0.0 - leecher1337)
Opera Stable 20.0.1387.64 (HKLM-x32\...\Opera 20.0.1387.64) (Version: 20.0.1387.64 - Opera Software ASA)
Opera Stable 77.0.4054.254 (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Opera 77.0.4054.254) (Version: 77.0.4054.254 - Opera Software)
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registrar Registry Manager 9.01 (HKLM\...\Registrar32_is1) (Version: - Resplendence Software Projects Sp.)
Revo Uninstaller Pro 4.4.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.5 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.101 (HKLM-x32\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software) Hidden
Signal 5.6.2 (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.6.2 - Open Whisper Systems)
Skype version 8.67 (HKLM-x32\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.)
SolveigMM Video Splitter Business Edition x64 (HKLM\...\SolveigMM Video Splitter Business Edition x64 7.3.1906.10) (Version: 7.3.1906.10 - Solveig Multimedia)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.17.7 - TeamViewer)
Telegram Desktop version 2.5.9 (HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.9 - Telegram FZ-LLC)
TeraCopy 3.0 RC (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TeraCopy v3.0 (HKLM-x32\...\TeraCopy v3.0) (Version: v3.0 - Code Sector)
TreeSize V8.1.2 (64 bit) (HKLM\...\TreeSize_is1) (Version: 8.1.2 - JAM Software)
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 7.3.0.0 - Tordex)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
vDosWP (HKLM-x32\...\{49883946-559B-4FE0-866F-7674B9516A75}_is1) (Version: 2018.10.14 - wpdos.org)
VideoProc (HKLM-x32\...\VideoProc) (Version: 3.8 - Digiarty, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.16.0.0 - Winaero)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows TubeMate 3 (HKLM-x32\...\Windows TubeMate_is1) (Version: - TubeMate Software)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WinX YouTube Downloader (HKLM-x32\...\WinX YouTube Downloader) (Version: 5.5 - Digiarty, Inc.)
WonderFox DVD Video Converter 16.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 16.0 - WonderFox Soft, Inc.)
Wondershare AllMyTube(Build 7.4.9.2) (HKLM-x32\...\AllMyTube_is1) (Version: 7.4.9.2 - Wondershare)
Wondershare Filmora(Build 7.8.9) (HKLM-x32\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 11.7.4.2) (HKLM-x32\...\UniConverter_is1) (Version: 11.7.4.2 - Wondershare Software)
Wondershare UniConverter(Build 12.6.2.5) (HKLM\...\UniConverter_is1) (Version: 12.6.2.5 - Wondershare Software)
Xilisoft AVI MPEG Joiner 2 (HKLM-x32\...\Xilisoft AVI MPEG Joiner 2) (Version: 2.2.0.20170209 - Xilisoft)
Xilisoft HD Video Converter (HKLM-x32\...\Xilisoft HD Video Converter) (Version: 7.8.21.20170920 - Xilisoft)
Xilisoft MP4 Converter (HKLM-x32\...\Xilisoft MP4 Converter) (Version: 7.8.24.20200219 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.25.20200718 - Xilisoft)
Xilisoft Video Splitter 2 (HKLM-x32\...\Xilisoft Video Splitter 2) (Version: 2.2.0.20170209 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\64bit\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\64bit\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{D4D48C93-BDC7-4E76-B530-2E4D13B0150F}\InprocServer32 -> C:\Users\64bit\AppData\Local\Programs\EmEditor\emedshl64.dll (Emurasoft, Inc. -> Emurasoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57}\InprocServer32 -> C:\Users\64bit\AppData\Local\Programs\EmEditor\emedshl64.dll (Emurasoft, Inc. -> Emurasoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1161377928-100096128-3991036370-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
ContextMenuHandlers5: [Actual Window Manager] -> {CE577978-3FCA-430D-B0CE-D637788F9C5A} => C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellExtension64.dll [2021-02-12] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-28] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1161377928-100096128-3991036370-1001: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Users\64bit\AppData\Local\Programs\EmEditor\emedshl64.dll [2019-07-30] (Emurasoft, Inc. -> Emurasoft, Inc.)
ContextMenuHandlers2_S-1-5-21-1161377928-100096128-3991036370-1001: [EmEditor] -> [CC]{D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\64bit\Desktop\Restart.lnk -> C:\Data\Batch files\Restart.bat ()
Shortcut: C:\Users\64bit\Desktop\Shutdown.lnk -> C:\Data\Batch files\Shutdown.bat ()
Shortcut: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Greenshot.lnk -> C:\Data\Batch files\Greenshot.bat ()
Shortcut: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KillGreenshot.lnk -> C:\Data\Batch files\KillGreenshot.bat ()
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mysms.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gagfhfkdhimodlhfnnefonjfnhfaddlo
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SendLeap.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chats\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chats\mysms.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gagfhfkdhimodlhfnnefonjfnhfaddlo
ShortcutWithArgument: C:\Users\64bit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chats\SendLeap.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha

==================== Loaded Modules (Whitelisted) =============

2018-08-18 17:53 - 2017-10-16 01:21 - 003420672 *_* () [File not signed] C:\Program Files (x86)\Kleptomania\TextractSmart.dll
2021-05-24 21:00 - 2016-09-19 12:09 - 000813056 *_* () [File not signed] C:\Program Files\NetWorx\sqlite.dll
2014-12-31 04:00 - 2014-12-31 04:00 - 001668096 *_* () [File not signed] C:\Program Files\TrueLaunchBar\cairo.dll
2018-08-18 07:39 - 2018-06-20 00:27 - 000013824 *_* () [File not signed] C:\WINDOWS\system32\ldntvdm.dll
2015-02-24 04:26 - 2015-02-24 04:26 - 004314624 *_* (FreeImage) [File not signed] C:\Program Files\TrueLaunchBar\FreeImage.dll
2020-08-02 13:21 - 2010-10-29 10:45 - 000071680 *_* (Insight Software Solutions) [File not signed] C:\Program Files (x86)\Macro Express Pro\mexhook.dll
2020-08-02 13:21 - 2010-10-29 11:45 - 000042496 *_* (Insight Software Solutions, Inc.) [File not signed] C:\Program Files (x86)\Macro Express Pro\mexhookx64.dll
2021-06-24 13:58 - 2021-06-24 13:58 - 000065536 *_* (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2015-10-04 08:13 - 2015-10-04 08:13 - 004453560 ____N (Olga Kobets -> Tordex) [File not signed] C:\Program Files\TrueLaunchBar\tlb.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [410]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-1161377928-100096128-3991036370-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-12-13] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-12-13] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-20] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 09:38 - 2020-07-11 23:02 - 000000914 *_* C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 platform.wondershare.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\AOMEI Backupper
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "WSVCUUpdateHelper.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\StartupFolder: => "LaunchThisPC.lnk"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\StartupFolder: => "EmEditor.lnk"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_13AB1318FCCC868757829229F648A965"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\StartupApproved\Run: => "GUDelayStartup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{51B5C010-3054-4A0C-8DCB-2E608D50C9C0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A15BB8FC-09FB-4527-9D92-57A24618BF4D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B14DA162-795E-4790-A7DA-01E6DE81A8A7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1F5C53F1-4568-41CC-8B1A-355E6780A66D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{20B685D9-91A4-4244-8D78-66EFA3D1CFA3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A545A5BE-030E-4C98-B00B-D8CD695279C8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7523D4C-E92A-4B87-AE49-6D035EFB4168}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{2CE70170-5363-44F3-B9B7-B92E1D0E178F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{50E906A9-32AA-4ED0-B142-C255255DCA65}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{F1679CF0-DA81-46C9-A931-5FEEB92054EB}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [TCP Query User{9DCABEF8-28F2-4BB4-BBFE-D188A7A351A1}C:\users\64bit\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\64bit\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> MightyText)
FirewallRules: [UDP Query User{2A2C5FCA-9306-40F1-B6AC-C8DDAE047583}C:\users\64bit\appdata\local\mightytext\app-5.3.1\mightytext.exe] => (Allow) C:\users\64bit\appdata\local\mightytext\app-5.3.1\mightytext.exe (Openphone Inc. -> MightyText)
FirewallRules: [{62642650-44A1-4098-B8DD-619F8E3A6847}] => (Allow) C:\Program Files\NetWorx\networx.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect)
FirewallRules: [{2658B373-795B-45BF-B74A-C91A51B8DD60}] => (Allow) C:\Program Files (x86)\Opera\77.0.4054.254\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{4B01B7FF-1867-4E8E-873C-15E1648D7928}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BCCA7F6C-CF0D-4F37-BE0D-DEF8E828E838}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD3995BC-BEB4-4A05-84DE-6740BA206AEC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Downloader Pro\MP4DownloaderPro.exe] => Enabled:MP4 Downloader Pro
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TubeMate Software\Windows TubeMate\TubeMateDownloader.exe] => Enabled:TubeMate Downloader
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TubeMate Software\Windows TubeMate\Modules\MS_ytdl.exe] => Enabled:MS_ytdl
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TubeMate Software\Windows TubeMate\Modules\MS_yg.exe.exe] => Enabled:MS_yg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Downloader Pro\Components\MS_ytdl.exe] => Enabled:MS_ytdl

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:74.53 GB) (Free:31.2 GB) (42%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2021 08:20:53 PM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...

Error: (07/19/2021 06:24:42 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (07/19/2021 06:24:24 PM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...

Error: (07/19/2021 05:52:17 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (07/19/2021 05:52:17 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/19/2021 05:46:24 PM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...

Error: (07/19/2021 01:44:28 PM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...

Error: (07/19/2021 08:52:46 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' ---> System.IO.FileLoadException: Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly ...


System errors:
=============
Error: (07/19/2021 08:20:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2021 06:24:21 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2021 06:23:05 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/19/2021 06:23:05 PM) (Source: DCOM) (EventID: 10010) (User: VENTO)
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (07/19/2021 06:21:50 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/19/2021 06:21:49 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/19/2021 06:21:49 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/19/2021 06:21:19 PM) (Source: DCOM) (EventID: 10005) (User: VENTO)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}


CodeIntegrity:
===============
Date: 2021-07-19 20:20:29
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-07-19 18:06:24
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-07-19 17:48:18
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-07-19 17:47:27
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-07-19 17:46:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: Award Software International, Inc. F7 07/26/2010
Motherboard: Gigabyte Technology Co., Ltd. GA-880GM-UD2H
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 29%
Total physical RAM: 7676.15 MB
Available physical RAM: 5389.07 MB
Total Virtual: 8892.15 MB
Available Virtual: 6651.71 MB

==================== Drives ================================

Drive c: (EXPER) (Fixed) (Total:74.53 GB) (Free:31.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 1418E4C9)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


----------



## Gary R (Jul 23, 2008)

Looking over your logs now. Dependent on how much I have to research this may take a while, I'll get back to you as soon as possible.


----------



## SEBASTIAN42 (May 20, 2007)

Thank you - take as much time as it takes..


----------



## Gary R (Jul 23, 2008)

There's a few things on your computer of concern, and one or more of them may be related to your problem.

I'll list what I've found, and what I think you should do about them below ....

*First ....*



> µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )


Use of P2P software is the quickest way I know of to contract an infection, and I strongly recommend that you uninstall any P2P programs.

*Next ....*

You have far too many Chrome extensions installed, the more you use, the less stable Chrome will be. Below I have listed those that I could get no clear details of ....



> CHR Extension: (280daily) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aibhdihcdjelmifgpkcalcafldalpkbm [2019-03-03]
> CHR Extension: (Todoist for Chrome) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjohebimpjdhhocbknplfelpmdhifhd [2019-03-03]
> CHR Extension: (Telegram) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2019-03-03]
> CHR Extension: (Hangouts) - C:\Users\64bit\AppData\Local\Google\Chrome\User Data\Default\Extensions\deigijodonbmdapahgkdjljmcngipaab [2019-03-19]
> ...


You also have a questionable Opera extension installed ....



> OPR Extension: (Rich Hints Agent) - C:\Users\64bit\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-15]


I recommend you uninstall them ....









How To Remove My Chrome Extensions


Learn how to delete Chrome extensions. Includes link to Google's Clean Up tool and command to temporarily disable all extensions.




www.timeatlas.com










Business IT Support, Data Protection and Technology Solutions


Providing a strategic range of IT Support, Managed Services, Managed Security Services, and Technology solutions for commercial businesses.




www.smithtechres.com





*Next ....*

Did you set these restrctions yourself ?



> HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoNetConnectDisconnect] 1
> HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 1


*Next ....*

Open a Notepad file and copy/paste the contents of the code box below into it (don't include Code: ) ...


```
VirusTotal: C:\Program Files (x86)\Kleptomania\KMania.exe;C:\Program Files\AutoHotkey\AutoHotkey.exe;C:\WINDOWS\system32\ldntvdm.dll
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
C:\Program Files\AVAST Software
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {44CE1D64-FCA7-460D-B58F-E1FF9877BAD3} - System32\Tasks\SafeZone scheduled Autoupdate 1534586109 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AutoPico Daily Restart" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d74f2c40b6a8c9" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1161377928-100096128-3991036370-500" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1626276139" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1534586109" /ENABLE
Task: {A63E9F94-247B-440B-81EB-783A48256853} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {B67A34CC-F2BE-4B86-BE3C-1B4533824306} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {CE0920FD-5459-4620-B974-29ED3F610429} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe
CHR Notifications: Default -> hxxps://app.mysms.com
2021-07-19 18:24 - 2018-08-18 22:52 - 000000000 ____D C:\Users\64bit\AppData\Local\AVAST Software
2021-07-19 17:49 - 2021-05-23 03:17 - 000004264 _ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-19 17:46 - 2018-08-18 19:53 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-18 14:03 - 2021-05-23 03:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [410]
FirewallRules: [{B7523D4C-E92A-4B87-AE49-6D035EFB4168}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{2CE70170-5363-44F3-B9B7-B92E1D0E178F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
EmptyTemp:
CMD: ipconfig /flushdns
```
Save as *fixlist.txt* in the same location as FRST.


Start FRST and when it opens ....
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* in the same folder/directory as FRST64.exe
*Please post me the log*


----------



## SEBASTIAN42 (May 20, 2007)

About Chrome extensions - I dont remember installing any/many - I recognise a lot of the names, and they must have derived from programs which I installed of which Opera is the most recent and therefore the most likely to have made the difference to Firefox.

I did not set the restrictions you reference.

How about for starters I uninstall Opera, and see if Firefox comes good, before doing any further modifications ?


----------



## SEBASTIAN42 (May 20, 2007)

So far I've done all you suggested short of undoing the registry restrictions (change '1' to '0' ?) because you dont give the full path, so I dont know how to find them. If you give me the full path, I'll do that. I will wait with running your code until that is resolved one way or another. No improvement yet.


----------



## Gary R (Jul 23, 2008)

To remove the two restrictions, if you want to do it manually then .....

*HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer* set value of *NoNetConnectDisconnect* to *0

HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer* set value of *NoManageMyComputerVerb* to *0*

Don't forget to reboot afterwards or the registry edit will not be processed.

Alternatively, just ad these two lines to the FRST fix ...



> > HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoNetConnectDisconnect] 1
> > HKU\S-1-5-21-1161377928-100096128-3991036370-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 1


.... and FRST will remove them.

Either way, you do need to run the FRST "fix" I gave you to run, as that's the most likely to resolve things. Note the entry ...



> HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION


... which is IMO very likely to be the culprit, and will be reset to default by FRST when the fixlist is processed.


----------



## SEBASTIAN42 (May 20, 2007)

HKLM\SOFTWARE\Policies\Mozilla\Firefox: contains only DEFAULT - NOTHING about restriction. 

Running fixlist.txt caused no improvement.

I set HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect value to 0

HKU\S-1-5-21-1161377928-100096128-3991036370-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoManageMyComputerVerb does not exist, so its value can not be changed.

I rebooted and launched Firefox again - NO improvement.


----------



## Gary R (Jul 23, 2008)

Please post the fixlog so I can look it over.


----------



## SEBASTIAN42 (May 20, 2007)

I no longer have that, because I had been doing 'those tests' on a clone of the system, and since nothing had worked, I've cloned the original system back to that drive. We'd be starting from scratch....


----------



## Gary R (Jul 23, 2008)

In that case, I'm going to have to withdraw from this topic. Without proper feedback I don't believe we're going to resolve things.

I wish you luck in finding a solution.


----------



## SEBASTIAN42 (May 20, 2007)

Thank you for your efforts.


----------



## Gary R (Jul 23, 2008)

You're welcome, sorry we didn't resolve things.

Question .... have you tried performing a DISM and a SFC, just in case you have some system corruption that is manifesting itself in an unusual manner.

See .... Problems with Windows 10? The DISM tool can help – here's how.

Clutching at straws a bit I know, but I've seen some weird problems solved this way.


----------



## SEBASTIAN42 (May 20, 2007)

Gary R said:


> You're welcome, sorry we didn't resolve things.
> 
> Question .... have you tried performing a DISM and a SFC, just in case you have some system corruption that is manifesting itself in an unusual manner.
> 
> ...


I had not, but I can do so.

By the way, I can now state categorically that the Bookmarks problem PRECEDED the installation of Opera. And Bookmarks worked fine for years although uTorrent was installed. Lifting the restrictions in the Registry did not restore the Bookmarks function, but then again, I could only find one, when you said there were two.


----------



## SEBASTIAN42 (May 20, 2007)

The DISM ScanHealth reported : "The Component store is repairable"; so I ran the DISM RepairHealth. SFC /scannow claimed to have fixed corrupted files, and Mbam quarantined item it found, but Firefox' bookmarks are still a blank icon.


----------



## Gary R (Jul 23, 2008)

Found this article for recovering lost bookmarks, might be worth checking through it ....






Lost bookmarks - MozillaZine Knowledge Base







kb.mozillazine.org


----------



## SEBASTIAN42 (May 20, 2007)

Thank you. I will look when I can. But it is not bookmarks that I have lost, it is the bookmarks manager.


----------



## Gary R (Jul 23, 2008)

Yes, I know, but there may be something in there that points toward a solution. I've not yet had time to read through the whole article, but if I get time today I'll try to look it over.

The people most likely to be able to provide you with a solution are Mozilla Support ...





__





Mozilla Support







support.mozilla.org





... so probably best if you signed up there, and asked them if they know what's happened.


----------



## SEBASTIAN42 (May 20, 2007)

"The people most likely to be able to provide you with a solution are Mozilla Support " - that is pretty obvious, and so I am liklely to have done it without getting a response, but I will follow that up.


----------



## Gary R (Jul 23, 2008)

You'd be surprised how many people don't do the obvious, and since you hadn't mentioned that you had raised a query with Mozilla, then IMO it was worth me posting a reminder to you to do so.


----------



## Corday (Mar 3, 2010)

I also recommend Index page • mozillaZine Forums They have very knowledgeable Mods.


----------



## SEBASTIAN42 (May 20, 2007)

Corday said:


> I also recommend Index page • mozillaZine Forums They have very knowledgeable Mods.


I have now asked the Firefox Forum, but - I've received no reply - a work in progress.
I will approach the mozillaZINE forums.

I got the suggestion to try a portable Firefox - and clicking on its 'Show all Bookmarks' also creates another icon in the TaskBar, but it behaves the way I expect Firefox to behave. So I have a work-around without solving the mystery.


----------



## SEBASTIAN42 (May 20, 2007)

I still had a clone of the system made in December when Firefox still worked, and I have a record of all the changes I made since then, so I am starting over with that clone and re-doing all the changes - and will monitor whether Firefox Bookmarks Manager stays functional. Will keep cloning so I always have a version of the system BEFORE it got damaged. I'll let you know if I discover the culprit that damaged Firefox.


----------



## Gary R (Jul 23, 2008)

Let us know how that goes if you discover anything, I for one would be interested to know what's caused your problem.


----------



## SEBASTIAN42 (May 20, 2007)

I can not yet satisfy your curiosity about the cause of my problem; but I can tell you that I have spent hours on repeating the various tweaks I did on the system since December. I've not yet attempted the most risky procedure of re-installing new software and updating 'old' software, but I will get round to that. I frequently check that the Firefox Bookmarks Manager is still functional, and certainly it is no longer a blank icon. However it is not FULLY functional to the extent that when I set VIEW to 'sorted' & 'from A to Z', it does not have effect; and when I check the setting again, it is UNSORTED which is ticked.


----------



## SEBASTIAN42 (May 20, 2007)

I have pretty, much restored my system with all updates and tweaks to where it was when I found Firefox Bookmarks Manager disabled, yet Library still opens the way it should, so I think you hope in vain for an explanation to know the cause of my troubles. Thank you for your valient but vain attempts at tracking down the culprit.


----------



## Gary R (Jul 23, 2008)

Yes, I think we're just going to have to put this one down to Gremlins (the Mogwai have a lot to answer for) and live in ignorance.

Glad you were able to resolve things though.


----------

