Hello, I ran the scan and these were the notes after is this what you were looking for?
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by Administrator (17-02-2020 21:27:11)
Running from C:\Users\Administrator\Downloads
Windows 10 Home Version 2004 19041.1 (X64) (2019-12-14 17:29:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1911043098-2004026473-3262525351-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1911043098-2004026473-3262525351-503 - Limited - Disabled)
frict (S-1-5-21-1911043098-2004026473-3262525351-1001 - Administrator - Enabled) => C:\Users\frict
Guest (S-1-5-21-1911043098-2004026473-3262525351-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1911043098-2004026473-3262525351-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
8GadgetPack (HKLM-x32\...\{6452120E-72FC-49D7-AB36-7042CC9746FB}) (Version: 31.0.0 - 8GadgetPack.net)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.314 - Adobe)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 13.2.0 - IObit)
Aiseesoft Free Video Converter 2.0.20 (HKLM-x32\...\{F59A2AAF-0CD0-4db0-91C3-6B3812711566}_is1) (Version: 2.0.20 - Aiseesoft Studio)
Alamoon Watermark v1.4 (HKLM-x32\...\Alamoon Watermark_is1) (Version: - )
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.5.0 - ASUSTeK COMPUTER INC.)
ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.2.5.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0060 - ASUSTeK COMPUTER INC.)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.9.7 - ICEpower a/s)
Autodesk Pixlr (HKLM-x32\...\{B0547B43-3AEE-453C-9945-800DDF92052D}) (Version: 1.1.1.0 - Autodesk) Hidden
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 79.0.3060.80 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Best PDF to Word Converter 3.5 (HKLM-x32\...\Best PDF to Word Converter_is1) (Version: - Best PDF Tools)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.1.23 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Disk Cleaner (remove only) (HKLM-x32\...\DiskCleaner) (Version: - )
Driver Booster 7 (HKLM-x32\...\Driver Booster_is1) (Version: 7.2.0 - IObit)
Epic Privacy Browser (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Epic Privacy Browser) (Version: 71.0.3578.98 - Epic)
Foxit PhantomPDF (HKLM-x32\...\{0d5f6162-33b5-11ea-b51e-54bf64a63c26}) (Version: 9.7.1.29511 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.1.29511 - Foxit Software Inc.)
Free Instagram Download 4.1.6.2 (HKLM-x32\...\Free Instagram Download_is1) (Version: - FreeInstagramDownload Co.,Ltd.)
Free NIV Bible (HKLM-x32\...\{4D6729F2-9A2F-4BCC-BB75-9F32B880494A}) (Version: 1.0.0 - Media Freeware)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.106 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 5.2.0.0 - Google LLC.)
Gramblr (HKLM\...\Gramblr) (Version: 2.9.193 - Gramblr Team)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
IObit Malware Fighter 7 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 7.5.0.5842 - IObit)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 2.3.0.2839 - IObit)
IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.3.0.9 - IObit)
JACo Watermark (HKLM-x32\...\{E3DBE9C4-5CD9-4830-BB28-BCF5A4E57FFA}) (Version: 0.5.0 - Cristian Sulea)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Maiar (HKLM-x32\...\Elrond Maiar-Browser) (Version: 72.0.59.100 - Elrond Ltd)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12607.20000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\OneDriveSetup.exe) (Version: 19.163.0818.0005 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox 73.0 (x64 en-CA) (HKLM\...\Mozilla Firefox 73.0 (x64 en-CA)) (Version: 73.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Mozilla Thunderbird 68.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.2.1 (x86 en-US)) (Version: 68.2.1 - Mozilla)
Mozilla Thunderbird 68.4.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.4.2 (x86 en-US)) (Version: 68.4.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
Opera Stable 66.0.3515.72 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Opera 66.0.3515.72) (Version: 66.0.3515.72 - Opera Software)
PDF-XChange Editor (HKLM\...\{EDBD74BD-2F22-465A-955C-13841D34D67F}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{a2a519c9-19be-469b-9146-b5b4e763d1f6}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.)
Photo Pos Pro 3 (HKLM\...\Photo Pos Pro 3) (Version: 3.61 - PowerOfSoftware Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
RealDownloader (HKLM-x32\...\{400538DB-DACD-4DBF-B7AF-0647A19C6DE6}) (Version: 18.1.19.201 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.19 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboForm 8-6-6-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-6-6-6 - Siber Systems)
Skype version 8.56 (HKLM-x32\...\Skype_is1) (Version: 8.56 - Skype Technologies S.A.)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.4.5 - IObit)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.8.7.163 - EnigmaSoft Limited)
Star Watermark Professional versión 2.0.0 (HKLM-x32\...\{C5EE94F0-61BE-4E4D-B75E-650797B36050}_is1) (Version: 2.0.0 - Star-Watermark.com)
StudioTax 2019 (HKLM-x32\...\{FA46D00B-0F30-4FF5-BB47-EF8D8E5F3B7C}) (Version: 15.0.0.0 - BHOK IT Consulting)
TalkHelper PDF Converter version 2.2.3.0 (HKLM-x32\...\{B9CB8F39-DBBD-4318-85EB-60937265D62D}_is1) (Version: 2.2.3.0 - TalkHelper Team)
tinySpell 1.9.62 (HKLM-x32\...\tinySpell_is1) (Version: - KEDMI Scientific Computing)
Torch (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Torch) (Version: 69.0.0.1674 - Torch Media, Inc) <==== ATTENTION
uMark 5 (HKLM-x32\...\uMark) (Version: 5.5 - Uconomix)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Visual Watermark version 5.3 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\{ADD0F13D-4EB0-4324-AF83-24870EC44BF6}_is1) (Version: 5.3 - Portfoler sp. z o. o.)
Vivaldi (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Vivaldi) (Version: 2.10.1745.27 - Vivaldi Technologies AS.)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Web-for-Instagram-Direct-DM 3.7.0 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\c9ce3cab-2aed-5759-bde7-812e0eddb69b) (Version: 3.7.0 - Web for Instagram Direct DM)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.10.0 - ASUSTeK COMPUTER INC.)
Zoom (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
Packages:
=========
[WaterMark] -> C:\Program Files\WindowsApps\41445MartinSchneider.Wasserzeichen_1.0.2.3_neutral__k57yh7h9fx8by [2020-01-01] (Martin Schneider)
ASUS Battery Health Charging -> C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.) [Startup Task]
ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.8.0_x64__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.23.0_x64__dxp88312j1fgj [2020-01-01] (ICEpower)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.5.8.0_x86__kgqvnymyfvs32 [2020-02-17] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation)
Digital Live Tile Clock -> C:\Program Files\WindowsApps\7566gishtaki.DigitalLiveTileClock_1.2.0.0_x64__hcz95sfhvvan4 [2020-02-15] (gishtaki)
eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2020-01-01] (Instagram)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt [2020-01-03] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2020-01-01] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
My Calendar -> C:\Program Files\WindowsApps\25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2 [2020-01-14] (kineapps)
NcsiUwpApp -> C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe [2019-12-14] (Microsoft)
One Calendar -> C:\Program Files\WindowsApps\64885BlueEdge.OneCalendar_2019.210.3.0_x64__8kea50m9krsh2 [2020-01-14] (Code Spark)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2020-01-01] (Realtek Semiconductor Corp)
RoboForm Password Manager -> C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.7.0_x86__7kk3kr9e0p1np [2020-01-01] (Siber Systems Inc)
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.0.6.0_x64__r1b4jsc7ddp3p [2020-02-09] (Total PC Cleaner)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-01-01] (Twitter Inc.)
UDK Package -> C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy [2019-12-14] (Microsoft Corporation)
UX.Client.ST -> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy [2019-12-14] (Microsoft Windows)
Windows Search -> C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy [2020-02-14] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1911043098-2004026473-3262525351-500_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\Administrator\AppData\Local\Vivaldi\Application\2.10.1745.27\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellServiceObjects: OneDrive network states cache SSO -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} => C:\Windows\System32\Windows.FileExplorer.Common.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
ShellServiceObjects-x32: OneDrive network states cache SSO -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} => C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2019-12-16] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch Apps\Solitaire.lnk -> C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --profile-directory=Default --app-id=lkbhppfbabandkdmgjmifahoabeodiep
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c94b4caab52db911\Torch.lnk -> C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2020-02-15 09:56 - 2019-01-26 14:23 - 000014848 _____ () [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\AccentColor.64.dll
2020-02-15 09:54 - 2019-10-17 08:38 - 000645120 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2020-02-15 09:56 - 2019-10-08 16:17 - 000701440 _____ (Helmut Buhler) [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll
2020-02-15 09:56 - 2019-10-05 14:03 - 000483840 _____ (Helmut Buhler) [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll
2019-06-10 12:23 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2019-06-10 12:23 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 02:31 - 2020-02-13 08:26 - 000002056 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\Pictures\PANASONIC PRACTICE\P1010901.JPG
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "UMonit"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_8901C211194C0DFF277C9606C1448E31"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "Opera Browser Assistant"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6B534208-B18F-4205-919C-8FF3033F3942}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BBEA2EC7-1D78-40D5-B0D7-32DD7DE5537A}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\63.0.3368.94\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{A60C65BA-DC39-47A8-AC2A-C8CDA2B556CD}] => (Allow) C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc. -> Torch Media Inc.)
FirewallRules: [{34CE2571-04CF-4E24-B772-768847AF4D8A}] => (Allow) C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc. -> Torch Media Inc.)
FirewallRules: [{EC44F8F1-E0AD-4AF3-87D0-E72909DE0C8D}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6FA28190-0E40-4708-91E4-AF64660E3A3C}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{678B1CEB-72CA-4B87-8785-F164D402EA84}] => (Allow) C:\Users\Administrator\AppData\Local\Epic Privacy Browser\Application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [{0470ECDA-10D5-4F33-A505-C0602637142E}] => (Allow) C:\Program Files (x86)\Elrond\Maiar-Browser\Application\maiar.exe (Elrond Network SRL -> Elrond, Ltd.)
FirewallRules: [{F10D67CE-A086-4AD4-A3F3-53AD6C14C7DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{41E6FF2A-96A4-486F-AD6D-227E0C0BBDAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D5E98ED-87AF-4DBB-97F8-A54EF556A7D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B3ABF713-62A8-41C0-9515-9D641835ECB9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{43DE802A-48D7-41F6-A826-E568957C0F77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69F4BA2F-4CD7-4C06-A873-CA1FCEB8C9A8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1EC6939C-3C90-42D1-8271-EB434F86B6C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DC46710-DB36-4F6A-A9F4-289D19EDE973}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DD2A067-6105-47C9-99FC-E98EA6BA989D}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{B6701615-531D-4C45-A532-99042F364A33}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{042B57DA-27D5-40CF-8D2C-39730C8CDCF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6F512CB4-F8BA-414A-82D4-E67EC1127FF1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{969D1FF2-F12E-4C57-89F9-79035ECCD944}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{988584FA-D508-4DE3-8A22-B99FD8E5FAD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{59C6E009-6720-44CF-A190-AAA9B31F74D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{57F60510-9B2C-43A7-9CB1-5FB7AB5851B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01B99E80-F0FF-4546-A788-116327432FB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5742BA46-67ED-459F-98B2-6AAEF94C5191}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{74B05E48-1A68-42FA-99D0-421370A436A5}] => (Allow) C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A2B9AE91-85A2-4A55-B101-986E612E8B00}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\66.0.3515.44\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{CBBCD7EE-647E-4634-B6F7-98242D5C0208}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{99D8A3FB-8FEF-4EC6-AC5D-5D38B6C088E8}] => (Allow) C:\Users\Administrator\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{286CE21F-1267-47BC-A84F-2B17C49EC049}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8D2C1BD9-0D3E-43B4-BDE4-817B6EA82D40}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E864326-C9DA-4BDF-B1AB-6A4739EA5744}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{48F015D0-F35E-44FF-A7D1-F5FE5297FC47}] => (Allow) C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{CA0E9CA3-EA08-4839-AEAE-AC826DB7140A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/17/2020 08:52:04 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).
Error: (02/17/2020 08:32:29 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {759DBF09-D988-758D-88D9-8D75A4F1CB03}. The error code was 0x80010114.
Error: (02/17/2020 08:11:19 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).
Error: (02/17/2020 07:58:36 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).
Error: (02/17/2020 07:55:26 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {76C7BF09-D988-76B7-88D9-B7767CF1E603}. The error code was 0x80010114.
Error: (02/17/2020 07:29:01 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {76C7BF09-D988-76B7-88D9-B7767CF1E603}. The error code was 0x80010114.
Error: (02/17/2020 06:48:55 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {04377058-D988-76B7-88D9-B7767CF1E603}. The error code was 0x800401fd.
Error: (02/17/2020 05:37:06 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).
System errors:
=============
Error: (02/17/2020 08:57:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
Error: (02/17/2020 08:53:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/17/2020 08:51:39 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.
Error: (02/17/2020 08:23:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
Error: (02/17/2020 08:19:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/17/2020 08:17:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sppsvc service.
Error: (02/17/2020 08:17:00 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.
Error: (02/17/2020 08:12:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Windows Defender:
===================================
Date: 2020-02-16 06:25:07.7580000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Administrator\AppData\Local\Temp\adobe_flash_player_1564798518.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe
Security intelligence Version: AV: 1.307.2684.0, AS: 1.307.2684.0, NIS: 1.307.2684.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-20 21:06:59.2270000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {3A44049F-2DFA-4988-8874-D0BE19F07770}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-01-20 20:30:51.8820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {97CD3071-BEE7-4396-8D45-31F35FB6B7E5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-01-20 19:01:48.5560000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {EA29F382-B951-4A97-86A8-A5194CE5F8AB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-01-20 17:33:24.4930000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C18305C9-6D2B-45C9-B99D-31E0F6249DDD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===================================
Date: 2020-02-17 21:10:54.8500000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-17 21:09:42.0220000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-17 21:09:41.7550000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-17 21:09:41.6500000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-17 21:09:41.3220000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-17 21:09:41.1420000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-17 21:09:41.0030000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-17 21:09:40.9690000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. X540MA.314 10/01/2019
Motherboard: ASUSTeK COMPUTER INC. X540MA
Processor: Intel(R) Pentium(R) Silver N5000 CPU @ 1.10GHz
Percentage of memory in use: 64%
Total physical RAM: 8014.97 MB
Available physical RAM: 2875.32 MB
Total Virtual: 17742.97 MB
Available Virtual: 12033.1 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:930.41 GB) (Free:704.69 GB) NTFS
\\?\Volume{f7340b35-5178-475c-b150-4f4796ac1c10}\ (RECOVERY) (Fixed) (Total:0.83 GB) (Free:0.42 GB) NTFS
\\?\Volume{c7a0bbfa-feb8-4241-abe0-c3341def21ec}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BD3FA6B9)
Partition: GPT.
==================== End of Addition.txt =======================