Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-01-2019 Ran by User (23-01-2019 13:57:37) Running from C:\Users\User\Desktop\Tools Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-12-16 13:02:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3088101763-2072606618-2741787397-500 - Administrator - Disabled) Guest (S-1-5-21-3088101763-2072606618-2741787397-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3088101763-2072606618-2741787397-1002 - Limited - Enabled) User (S-1-5-21-3088101763-2072606618-2741787397-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.) Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software) BurnAware Free 4.0 Beta 4 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies) CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform) CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 18.10.20.0 - Foolish IT LLC) DVDFab 9.2.0.8 (06/08/2015) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.) Evaer Video Recorder for Skype 1.8.9.16 (HKLM\...\Evaer Video Recorder for Skype) (Version: 1.8.9.16 - Evaer Technology) Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Google Chrome (HKLM\...\{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}) (Version: 71.0.3578.98 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel(R) Network Connections 22.6.6.0 (HKLM\...\PROSetDX) (Version: 22.6.6.0 - Intel) iSkysoft Video Converter Ultimate(Build 5.2.1.0) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.2.1.0 - iSkysoft Software) Java 8 Update 201 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) K-Lite Codec Pack 14.5.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 14.5.5 - KLCP) MailWasher (HKLM\...\{6274A6B6-DF02-48A4-940D-F18775909906}) (Version: 7.11 - Firetrust) Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 64.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x86 en-US)) (Version: 64.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla) Mozilla Thunderbird 60.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 60.4.0 (x86 en-US)) (Version: 60.4.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - ) Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) Nero SoundTrax (HKLM\...\{3D62438A-C6E0-4160-B3CC-D6B5158782D3}) (Version: 12.0.03300 - Nero AG) Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic) Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation) Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0005 - Nero AG) Hidden QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RealDownloader (HKLM\...\{496CA6A6-13F4-49AA-9A27-CD96CF65B29A}) (Version: 18.1.6.161 - RealNetworks, Inc.) Hidden RealDownloader (HKLM\...\{8F577DD0-0437-4583-8290-7911443783FD}) (Version: 18.1.6.167 - RealNetworks) Hidden RealDownloader (HKLM\...\{ced10285-8c68-4b5c-a44d-abbb810ed087}) (Version: 18.1.6.167 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (RealTimes) (HKLM\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks) Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden RogueKiller version 13.0.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.19.0 - Adlice Software) Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Samsung Kies3 (HKLM\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) Skype version 8.34 (HKLM\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden vc2012_redist (HKLM\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Video Downloader (HKLM\...\{BB311CA2-573F-4B20-B066-AB7560E8C6F8}) (Version: 1.3.0 - RealNetworks) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) vs2015_redist x86 (HKLM\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden WinRAR 5.61 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) Xvid MPEG-4 Video Codec (HKLM\...\xvid) (Version: - Xvid Development Team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{02835AE8-A267-4B1F-A05C-36D2DEA350DC}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{44CD0A52-D0B4-4D03-A572-A9BDAD6E2D33}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBAC09B1-05A9-4E4F-93BA-1E409D52A268}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-12] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-12] (AVAST Software) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {B5FA2AE6-7A94-4382-8EA9-58C725AAB854} => C:\Windows\System32\ISCM32.dll [2014-07-28] () ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-12] (AVAST Software) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files\Real\RealPlayer\RPDS\Bin\rpcontextmenu.dll [2017-01-15] (RealNetworks, Inc.) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\ATI.ACE\Core-Static\atiacmxx.dll [2015-08-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-12] (AVAST Software) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {165FB4A4-4F9C-48C1-8A9D-898AA30B44EB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.) Task: {29C7E46E-B81A-495D-9D7B-A7C95F38AFB8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-12] (AVAST Software) Task: {416264E9-4DBE-49B8-83B1-03CF4F86D58D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {4165E832-B2EF-4C17-A934-30EC39BE9559} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3088101763-2072606618-2741787397-1000 Task: {47B9AEFA-6CA8-4329-A6FA-AE6DAC7A46DC} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {4B550C72-434C-49E6-BA40-C9B208585E37} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.) Task: {603DE812-9B4A-4E6C-BB70-5339602EFB0A} - System32\Tasks\RealDownloader Update Check => C:\Program Files\Real\RealDownloader\downloader2.exe [2017-05-05] () Task: {66044F68-2F6C-41AE-BAAE-9D6CEE9B1F75} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {66389118-491A-4AC0-AFE9-88A8D08530BF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-08] (Adobe Systems Incorporated) Task: {6752E050-EDAF-4A80-8BFA-6C6C879141BA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-01-16] (AVAST Software) Task: {76E8C3FD-A50B-41BA-80F8-4AE5CF24176F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated) Task: {7EDDB5B7-DF5A-430F-8CEA-3E2FBDEAAA94} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {7F5A053F-30A6-422F-B5DC-418BE2990227} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {83C36D99-EF36-4CD3-A7D2-6A89F34E497E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd) Task: {95F1ECCA-C3ED-470B-83BC-60511ACCC18D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {993736DC-B4B0-4EBB-89CC-1C6898F0756A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {99F20CF6-4E70-44FE-870F-39C0B23A8A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9DE37BD2-8031-439E-B080-86C83123C71D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\recordingmanager.exe [2016-11-11] (RealNetworks, Inc.) Task: {9FCEF446-4D17-41D0-95E8-06FF874081EA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {AB261BCC-6A99-4C34-86F0-081AC90B138D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.) Task: {B143E8D0-643C-48C0-828B-E6BFEE7600BD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.) Task: {BB067E4F-ED11-47AE-A781-8F36F07233C0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated) Task: {C6CB6D89-5333-4BE1-99B1-C066F35E1C86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd) Task: {CFFAA8EA-3404-4DA0-9C08-CC0B4C822B1A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {ED2C37D8-5102-4C00-86A7-23884E604093} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.) Task: {F0C5773B-3E26-4B73-B780-11CDAC6BC0C3} - System32\Tasks\klcp_update => CodecTweakTool.exe Task: {FDE76761-4FC2-4004-B5D6-FB144C9A1866} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2019-01-12 14:18 - 2019-01-12 14:18 - 000570248 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2019-01-22 18:19 - 2019-01-22 18:19 - 005760144 _____ () C:\Program Files\AVAST Software\Avast\defs\19012204\algo.dll 2019-01-12 14:18 - 2019-01-12 14:18 - 000475016 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2019-01-12 14:18 - 2019-01-12 14:18 - 001030536 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2019-01-12 14:18 - 2019-01-12 14:18 - 001793928 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-12-18 12:48 - 2018-12-12 04:58 - 004430304 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-18 12:48 - 2018-12-12 04:58 - 000097248 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libegl.dll 2019-01-08 22:57 - 2019-01-08 22:57 - 017906176 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer32_32_0_0_114.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1001movie.com -> 1001movie.com There are 6126 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-08-11 17:23 - 2019-01-04 17:58 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\AMD\ATI.ACE\Core-Static HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: Browser => 3 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LiveUpdateSvc => 2 MSCONFIG\Services: MBAMService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: RealNetworks Downloader Resolver Service => 3 MSCONFIG\Services: RealPlayer Cloud Service => 3 MSCONFIG\Services: RealPlayerUpdateSvc => 2 MSCONFIG\Services: RealTimes Desktop Service => 2 MSCONFIG\Services: RichVideo => 3 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: WSearch => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CryptoPrevent QuickAccess.lnk => C:\Windows\pss\CryptoPrevent QuickAccess.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: avichannel => "C:\Program Files\Evaer\videochannel.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RealDownloader => C:\Program Files\Real\RealDownloader\downloader2.exe MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation) FirewallRules: [{D993345C-7FFF-4443-8E97-420AF88FA86A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) FirewallRules: [TCP Query User{04683AB8-F080-4D15-8C77-147BEC16B732}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe (CyberLink Corp.) FirewallRules: [UDP Query User{02E8DC56-7B4A-4131-96A1-21740F3B0857}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe (CyberLink Corp.) FirewallRules: [{091E8D46-4FAC-4AF5-B8BD-D47416DC43D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{C1FE3565-1713-4622-A659-01B732063B7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [TCP Query User{B0EB3D61-B620-427F-8F52-EAEBAEE14732}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation) FirewallRules: [UDP Query User{DAE9D903-A243-467D-813D-174DC25FC801}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{7766F7AD-417B-46C3-BB47-274C3302DA54}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) FirewallRules: [{195B7592-763A-4283-9B8B-4B0080C26389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{F831488E-7E72-4F58-9CC4-13576C537F25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{3B89D270-D1DD-4C78-8660-EB6EF5D8083F}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.) FirewallRules: [{E4F92858-1991-43BF-A757-51DD7E5264F0}] => (Block) LPort=445 FirewallRules: [{2EC0CA5F-4F6B-4CFC-86BF-091630C7A049}] => (Block) LPort=445 FirewallRules: [{15EEE754-46F1-421B-8306-8FFFD862D998}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe (Firetrust) FirewallRules: [{60B2501B-E272-4FD8-B655-0FED36FA4535}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe (Firetrust) FirewallRules: [{BA71F166-180F-4F08-A629-7FE352A11330}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) FirewallRules: [TCP Query User{72D8DD55-AE36-46F8-B787-9AA03E38EFA3}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe No File FirewallRules: [UDP Query User{AEAC77E7-17C3-4005-A0A3-3074F7D2CC7A}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe No File FirewallRules: [TCP Query User{E8FB98BD-E63B-4D91-8AC6-2724C5B50261}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe No File FirewallRules: [UDP Query User{5D6BE6CC-DE67-4239-A691-C61B179F5D88}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe No File FirewallRules: [{0EFE771D-FA33-4D2E-9C59-1FD5B624A038}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{481785F7-A089-4B79-8C69-55097BAA189B}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{D0C41717-C79D-412F-A501-17E7654C55B0}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{4748B159-9233-453B-B490-16557C283DA7}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{69C810C4-6284-4AA7-A913-22339391D6D3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [{704635FB-19A9-4421-9711-E09FA3101FE3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{8D01AD17-128F-4093-8E95-5927D8FC14B4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [TCP Query User{F198B0EE-39B7-49FC-AA12-7212E50C293F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN) FirewallRules: [UDP Query User{DD5651CB-08CD-46BB-9455-0D8D41CBFC37}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN) FirewallRules: [{0D3F7987-EFE9-453C-9717-9838514FB156}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software) FirewallRules: [{441D0EDB-4ECE-410A-9D76-23FDE7D7A48A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software) FirewallRules: [{9CA1ADFE-E61B-4B49-8D5B-0C5B36F09705}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) FirewallRules: [{05537746-1719-4771-883E-98D3E2690309}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) FirewallRules: [{AB20600D-DF98-4AFC-B42E-DA9D8467E2FB}] => (Allow) C:\Users\User\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe (Insecure.Org) FirewallRules: [{CF169B5A-642F-4532-A664-F9068611075D}] => (Allow) C:\Users\User\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe No File ==================== Restore Points ========================= 22-01-2019 18:10:04 22/1/2019 23-01-2019 12:41:25 Windows Update ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/16/2019 06:58:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: housecall.bin, version: 1.62.0.1207, time stamp: 0x4cc3574b Faulting module name: hc_core.dll, version: 1.62.0.1207, time stamp: 0x5c35a31b Exception code: 0xc0000005 Fault offset: 0x0002b97f Faulting process id: 0x1560 Faulting application start time: 0x01d4adcc55ad00cd Faulting application path: C:\Users\User\AppData\Local\Temp\HouseCall\housecall.bin Faulting module path: C:\Users\User\AppData\Local\Temp\HouseCall\hc_core.dll Report Id: b4dbf771-19c0-11e9-81eb-00215a2d206f Error: (01/15/2019 05:20:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CryptoPreventMonSvc.exe, version: 18.10.20.0, time stamp: 0x5bcbefe1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24335, time stamp: 0x5c267ec8 Exception code: 0xe0434352 Fault offset: 0x0000845d Faulting process id: 0xfc Faulting application start time: 0x01d4acf68ba808a4 Faulting application path: C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: d9ed8bce-18e9-11e9-b92e-00215a2d206f Error: (01/15/2019 05:20:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: CryptoPreventMonSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ComponentModel.Win32Exception at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) at System.Diagnostics.Process.Start() at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo) at A. .(System.Diagnostics.ProcessStartInfo) at A..() at A..() at A..() Error: (01/14/2019 10:07:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CryptoPreventMonSvc.exe, version: 18.10.20.0, time stamp: 0x5bcbefe1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24335, time stamp: 0x5c267ec8 Exception code: 0xe0434352 Fault offset: 0x0000845d Faulting process id: 0x184 Faulting application start time: 0x01d4ac557bff78f9 Faulting application path: C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: c42f55da-1848-11e9-b957-00215a2d206f Error: (01/14/2019 10:07:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: CryptoPreventMonSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ComponentModel.Win32Exception at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) at System.Diagnostics.Process.Start() at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo) at A. .(System.Diagnostics.ProcessStartInfo) at A..() at A..() at A..() Error: (01/14/2019 04:58:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CryptoPreventMonSvc.exe, version: 18.10.20.0, time stamp: 0x5bcbefe1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24335, time stamp: 0x5c267ec8 Exception code: 0xe0434352 Fault offset: 0x0000845d Faulting process id: 0x140 Faulting application start time: 0x01d4ac2a431f81b0 Faulting application path: C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 8ce74c35-181d-11e9-b97c-00215a2d206f Error: (01/14/2019 04:58:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: CryptoPreventMonSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ComponentModel.Win32Exception at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) at System.Diagnostics.Process.Start() at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo) at A. .(System.Diagnostics.ProcessStartInfo) at A..() at A..() at A..() Error: (01/13/2019 03:47:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CryptoPreventMonSvc.exe, version: 18.10.20.0, time stamp: 0x5bcbefe1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24335, time stamp: 0x5c267ec8 Exception code: 0xe0434352 Fault offset: 0x0000845d Faulting process id: 0x708 Faulting application start time: 0x01d4ab5730d70303 Faulting application path: C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 7780bd85-174a-11e9-b961-00215a2d206f System errors: ============= Error: (01/22/2019 06:13:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: Access is denied. Error: (01/22/2019 06:13:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: Access is denied. Error: (01/22/2019 05:50:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (01/22/2019 05:35:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (01/22/2019 05:34:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (01/22/2019 04:09:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/22/2019 04:09:08 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (01/22/2019 04:09:01 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 30% Total physical RAM: 3567.3 MB Available physical RAM: 2478.13 MB Total Virtual: 7132.96 MB Available Virtual: 5935.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.91 GB) (Free:80.89 GB) NTFS Drive e: (Backup Drive) (Fixed) (Total:931.51 GB) (Free:653.41 GB) NTFS \\?\Volume{1d00271b-6651-11e3-b9a1-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6829804D) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: EE0B5EB7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================