Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-01-2019 01 Ran by User (11-01-2019 18:47:49) Running from C:\Users\User\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-12-16 13:02:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3088101763-2072606618-2741787397-500 - Administrator - Disabled) Guest (S-1-5-21-3088101763-2072606618-2741787397-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3088101763-2072606618-2741787397-1002 - Limited - Enabled) User (S-1-5-21-3088101763-2072606618-2741787397-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.) Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software) BurnAware Free 4.0 Beta 4 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies) CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform) CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 18.10.20.0 - Foolish IT LLC) DVDFab 9.2.0.8 (06/08/2015) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.) Evaer Video Recorder for Skype 1.8.9.16 (HKLM\...\Evaer Video Recorder for Skype) (Version: 1.8.9.16 - Evaer Technology) Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Google Chrome (HKLM\...\{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}) (Version: 71.0.3578.98 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel(R) Network Connections 22.6.6.0 (HKLM\...\PROSetDX) (Version: 22.6.6.0 - Intel) iSkysoft Video Converter Ultimate(Build 5.2.1.0) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.2.1.0 - iSkysoft Software) Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation) K-Lite Codec Pack 14.5.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 14.5.5 - KLCP) MailWasher (HKLM\...\{6274A6B6-DF02-48A4-940D-F18775909906}) (Version: 7.11 - Firetrust) Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 64.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x86 en-US)) (Version: 64.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla) Mozilla Thunderbird 60.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 60.4.0 (x86 en-US)) (Version: 60.4.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - ) Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) Nero SoundTrax (HKLM\...\{3D62438A-C6E0-4160-B3CC-D6B5158782D3}) (Version: 12.0.03300 - Nero AG) Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic) Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation) Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0005 - Nero AG) Hidden QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RealDownloader (HKLM\...\{496CA6A6-13F4-49AA-9A27-CD96CF65B29A}) (Version: 18.1.6.161 - RealNetworks, Inc.) Hidden RealDownloader (HKLM\...\{8F577DD0-0437-4583-8290-7911443783FD}) (Version: 18.1.6.167 - RealNetworks) Hidden RealDownloader (HKLM\...\{ced10285-8c68-4b5c-a44d-abbb810ed087}) (Version: 18.1.6.167 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (RealTimes) (HKLM\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks) Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden RogueKiller version 13.0.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.19.0 - Adlice Software) Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Samsung Kies3 (HKLM\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) Skype version 8.34 (HKLM\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.) SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden vc2012_redist (HKLM\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Video Downloader (HKLM\...\{BB311CA2-573F-4B20-B066-AB7560E8C6F8}) (Version: 1.3.0 - RealNetworks) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN) vs2015_redist x86 (HKLM\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden WinRAR 5.61 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) Xvid MPEG-4 Video Codec (HKLM\...\xvid) (Version: - Xvid Development Team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{02835AE8-A267-4B1F-A05C-36D2DEA350DC}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{44CD0A52-D0B4-4D03-A572-A9BDAD6E2D33}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBAC09B1-05A9-4E4F-93BA-1E409D52A268}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {B5FA2AE6-7A94-4382-8EA9-58C725AAB854} => C:\Windows\System32\ISCM32.dll [2014-07-28] () ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files\Real\RealPlayer\RPDS\Bin\rpcontextmenu.dll [2017-01-15] (RealNetworks, Inc.) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\ATI.ACE\Core-Static\atiacmxx.dll [2015-08-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {165FB4A4-4F9C-48C1-8A9D-898AA30B44EB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.) Task: {4165E832-B2EF-4C17-A934-30EC39BE9559} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3088101763-2072606618-2741787397-1000 Task: {4B550C72-434C-49E6-BA40-C9B208585E37} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.) Task: {53ED066D-E855-470A-AA14-EEB63CB88F8A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-21] (AVAST Software) Task: {603DE812-9B4A-4E6C-BB70-5339602EFB0A} - System32\Tasks\RealDownloader Update Check => C:\Program Files\Real\RealDownloader\downloader2.exe [2017-05-05] () Task: {66044F68-2F6C-41AE-BAAE-9D6CEE9B1F75} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {66389118-491A-4AC0-AFE9-88A8D08530BF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-08] (Adobe Systems Incorporated) Task: {6752E050-EDAF-4A80-8BFA-6C6C879141BA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-01-10] (AVAST Software) Task: {76E8C3FD-A50B-41BA-80F8-4AE5CF24176F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated) Task: {7EDDB5B7-DF5A-430F-8CEA-3E2FBDEAAA94} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {7F5A053F-30A6-422F-B5DC-418BE2990227} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {83C36D99-EF36-4CD3-A7D2-6A89F34E497E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd) Task: {95F1ECCA-C3ED-470B-83BC-60511ACCC18D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {993736DC-B4B0-4EBB-89CC-1C6898F0756A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {9939E53A-06F3-4C67-B485-ACCB4AD5E183} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {99F20CF6-4E70-44FE-870F-39C0B23A8A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9DE37BD2-8031-439E-B080-86C83123C71D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\recordingmanager.exe [2016-11-11] (RealNetworks, Inc.) Task: {9FCEF446-4D17-41D0-95E8-06FF874081EA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {AB261BCC-6A99-4C34-86F0-081AC90B138D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.) Task: {B143E8D0-643C-48C0-828B-E6BFEE7600BD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.) Task: {BB067E4F-ED11-47AE-A781-8F36F07233C0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated) Task: {C6CB6D89-5333-4BE1-99B1-C066F35E1C86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd) Task: {CFFAA8EA-3404-4DA0-9C08-CC0B4C822B1A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {D6841684-8B0A-4C04-A51E-D3740F73BEDD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {ED2C37D8-5102-4C00-86A7-23884E604093} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.) Task: {F0C5773B-3E26-4B73-B780-11CDAC6BC0C3} - System32\Tasks\klcp_update => CodecTweakTool.exe Task: {FDE76761-4FC2-4004-B5D6-FB144C9A1866} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-11-21 14:36 - 2018-11-21 14:36 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll 2018-11-21 14:36 - 2018-11-21 14:36 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-11-21 14:36 - 2018-11-21 14:36 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-11-21 14:36 - 2018-11-21 14:36 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-11-21 14:36 - 2018-11-21 14:36 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2019-01-11 17:25 - 2019-01-11 17:25 - 005739664 _____ () C:\Program Files\AVAST Software\Avast\defs\19011102\algo.dll 2018-03-06 17:54 - 2018-03-06 17:54 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-12-23 12:57 - 2018-11-15 11:01 - 002234688 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-12-18 12:48 - 2018-12-12 04:58 - 004430304 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-18 12:48 - 2018-12-12 04:58 - 000097248 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libegl.dll 2019-01-08 22:57 - 2019-01-08 22:57 - 017906176 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer32_32_0_0_114.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1001movie.com -> 1001movie.com There are 6126 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-08-11 17:23 - 2019-01-04 17:58 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\AMD\ATI.ACE\Core-Static HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: Browser => 3 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LiveUpdateSvc => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: RealNetworks Downloader Resolver Service => 3 MSCONFIG\Services: RealPlayer Cloud Service => 3 MSCONFIG\Services: RealPlayerUpdateSvc => 2 MSCONFIG\Services: RealTimes Desktop Service => 2 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: WSearch => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RealDownloader => C:\Program Files\Real\RealDownloader\downloader2.exe MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation) FirewallRules: [{D993345C-7FFF-4443-8E97-420AF88FA86A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) FirewallRules: [TCP Query User{04683AB8-F080-4D15-8C77-147BEC16B732}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe (CyberLink Corp.) FirewallRules: [UDP Query User{02E8DC56-7B4A-4131-96A1-21740F3B0857}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe (CyberLink Corp.) FirewallRules: [{091E8D46-4FAC-4AF5-B8BD-D47416DC43D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{C1FE3565-1713-4622-A659-01B732063B7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [TCP Query User{B0EB3D61-B620-427F-8F52-EAEBAEE14732}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation) FirewallRules: [UDP Query User{DAE9D903-A243-467D-813D-174DC25FC801}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{7766F7AD-417B-46C3-BB47-274C3302DA54}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) FirewallRules: [{195B7592-763A-4283-9B8B-4B0080C26389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{F831488E-7E72-4F58-9CC4-13576C537F25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{3B89D270-D1DD-4C78-8660-EB6EF5D8083F}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.) FirewallRules: [{E4F92858-1991-43BF-A757-51DD7E5264F0}] => (Block) LPort=445 FirewallRules: [{2EC0CA5F-4F6B-4CFC-86BF-091630C7A049}] => (Block) LPort=445 FirewallRules: [{15EEE754-46F1-421B-8306-8FFFD862D998}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe (Firetrust) FirewallRules: [{60B2501B-E272-4FD8-B655-0FED36FA4535}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe (Firetrust) FirewallRules: [{BA71F166-180F-4F08-A629-7FE352A11330}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) FirewallRules: [TCP Query User{72D8DD55-AE36-46F8-B787-9AA03E38EFA3}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe No File FirewallRules: [UDP Query User{AEAC77E7-17C3-4005-A0A3-3074F7D2CC7A}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe No File FirewallRules: [TCP Query User{E8FB98BD-E63B-4D91-8AC6-2724C5B50261}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe No File FirewallRules: [UDP Query User{5D6BE6CC-DE67-4239-A691-C61B179F5D88}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe No File FirewallRules: [{0EFE771D-FA33-4D2E-9C59-1FD5B624A038}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{481785F7-A089-4B79-8C69-55097BAA189B}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{D0C41717-C79D-412F-A501-17E7654C55B0}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{4748B159-9233-453B-B490-16557C283DA7}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{0D3F7987-EFE9-453C-9717-9838514FB156}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software) FirewallRules: [{441D0EDB-4ECE-410A-9D76-23FDE7D7A48A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software) FirewallRules: [{69C810C4-6284-4AA7-A913-22339391D6D3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [{704635FB-19A9-4421-9711-E09FA3101FE3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{8D01AD17-128F-4093-8E95-5927D8FC14B4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{8A89ADB4-FB08-4B0A-9FE2-86158FEBBE98}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) FirewallRules: [{B8ECEA9B-9A5D-4348-9B25-E932090FE84A}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) FirewallRules: [TCP Query User{F198B0EE-39B7-49FC-AA12-7212E50C293F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN) FirewallRules: [UDP Query User{DD5651CB-08CD-46BB-9455-0D8D41CBFC37}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN) ==================== Restore Points ========================= 08-01-2019 22:27:34 Windows Update 09-01-2019 19:21:44 Windows Update ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/10/2019 10:19:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CryptoPreventMonSvc.exe, version: 18.10.20.0, time stamp: 0x5bcbefe1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24335, time stamp: 0x5c267ec8 Exception code: 0xe0434352 Fault offset: 0x0000845d Faulting process id: 0x5c0 Faulting application start time: 0x01d4a93273f802cd Faulting application path: C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: be7e3b68-1525-11e9-b8d6-00215a2d206f Error: (01/10/2019 10:19:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: CryptoPreventMonSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ComponentModel.Win32Exception at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) at System.Diagnostics.Process.Start() at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo) at A. .(System.Diagnostics.ProcessStartInfo) at A..() at A..() at A..() Error: (01/10/2019 06:17:22 PM) (Source: DbxSvc) (EventID: 281) (User: ) Description: (-2146885628) Cannot find object or property. Error: (01/10/2019 06:17:22 PM) (Source: DbxSvc) (EventID: 281) (User: ) Description: (-2146885628) Cannot find object or property. Error: (12/23/2018 12:57:16 PM) (Source: MBAMIService) (EventID: 0) (User: ) Description: Event-ID 0 Error: (12/18/2018 06:59:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IProsetMonitor.exe, version: 22.6.6.0, time stamp: 0x599b0b21 Faulting module name: ntdll.dll, version: 6.1.7601.24308, time stamp: 0x5be85d17 Exception code: 0xc0000005 Fault offset: 0x00031d86 Faulting process id: 0x808 Faulting application start time: 0x01d496f172b965ea Faulting application path: C:\Windows\system32\IProsetMonitor.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 039ecf14-02f7-11e9-894d-00215a2d206f Error: (12/02/2018 03:49:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b536 Faulting module name: Qt5Qml.dll, version: 5.5.0.0, time stamp: 0x558c6b4b Exception code: 0xc0000005 Fault offset: 0x000f9332 Faulting process id: 0x1320 Faulting application start time: 0x01d48a565518fce4 Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe Faulting module path: C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll Report Id: e2869091-f649-11e8-a32e-00215a2d206f Error: (11/27/2018 02:05:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ACDSee.exe, version: 3.1.0.0, time stamp: 0x39ca879b Faulting module name: ACDSee.exe, version: 3.1.0.0, time stamp: 0x39ca879b Exception code: 0xc0000005 Fault offset: 0x000a0dca Faulting process id: 0x154c Faulting application start time: 0x01d4865a50f249c7 Faulting application path: C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe Faulting module path: C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe Report Id: 8f84178c-f24d-11e8-81c5-00215a2d206f System errors: ============= Error: (01/11/2019 06:24:29 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout. Error: (01/11/2019 05:20:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CryptoPrevent Monitor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/11/2019 05:20:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the CryptoPrevent Monitor Service service to connect. Error: (01/11/2019 05:19:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 17:17:43 on ‎11/‎01/‎2019 was unexpected. Error: (01/10/2019 10:19:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CryptoPrevent Monitor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/10/2019 10:19:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the CryptoPrevent Monitor Service service to connect. Error: (01/09/2019 10:11:20 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control. Error: (01/09/2019 10:05:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CryptoPrevent Monitor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 74% Total physical RAM: 3567.3 MB Available physical RAM: 900.71 MB Total Virtual: 7132.96 MB Available Virtual: 3343 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.91 GB) (Free:80.27 GB) NTFS Drive e: (Backup Drive) (Fixed) (Total:931.51 GB) (Free:653.92 GB) NTFS \\?\Volume{1d00271b-6651-11e3-b9a1-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6829804D) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: EE0B5EB7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================