Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Chrome Browser infected

Started by Django2009 , Jun 30 2017 03:46 PM

Please log in to reply

#1
Django2009

Posted 30 June 2017 - 03:46 PM

Member

Member
56 posts

Hi,

Recently noticed my Chrome browser has been infected with pop's for Virus and ransomware sites. Searching on my PC I found that PCTuneup had somehow installed itself onto my machine. I did a few Malware scans and removed the PCTuneup folders. But I still get the pop-ups as they are annoying and slow my PC Down.

Any help in removing these pop ups extra would be much appreciated.

#2
RKinner

Posted 30 June 2017 - 05:56 PM

Malware Expert

Expert
24,623 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Django2009

Posted 01 July 2017 - 05:47 AM

Member

Topic Starter
Member
56 posts

_{Ok here goes}

_{Cant seem to run from Admin}

_{# AdwCleaner v6.047 - Logfile created 01/07/2017 at 12:28:47

# Updated on 19/05/2017 by Malwarebytes

# Database : 2017-06-29.3 [Local]

# Operating System : Windows 7 Professional Service Pack 1 (X86)

# Username : User - USER-PC

# Running from : C:\Users\User\Downloads\adwcleaner_6.047.exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support}

_{***** [ Services ] *****}

_{[-] Service deleted: AdvancedSystemCareService10}

_{***** [ Folders ] *****}

_{[-] Folder deleted: C:\Users\User\AppData\LocalLow\IObit\Advanced SystemCare

[-] Folder deleted: C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare

[-] Folder deleted: C:\IObit\Advanced SystemCare

[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader

[-] Folder deleted: C:\ProgramData\IObit\Advanced SystemCare

[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader

[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\Advanced SystemCare

[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

[#] Folder deleted on reboot: C:\Program Files\IObit\Advanced SystemCare

[-] Folder deleted: C:\Program Files\Common Files\IObit\Advanced SystemCare}

_{***** [ Files ] *****}

_{[-] File deleted: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk}

_{***** [ DLL ] *****}

_{***** [ WMI ] *****}

_{***** [ Shortcuts ] *****}

_{***** [ Scheduled Tasks ] *****}

_{***** [ Registry ] *****}

_{[-] Key deleted: HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu

[-] Key deleted: HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1

[-] Key deleted: HKLM\SOFTWARE\IOBIT\ASC

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Advanced SystemCare 10

[-] Key deleted: HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

[-] Key deleted: HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

[-] Key deleted: HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare}

_{***** [ Web browsers ] *****}

_{[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: picsart-windows-10.en.softonic.com

[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com

[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search}

_{*************************}

_{:: "Tracing" keys deleted

:: Winsock settings cleared}

_{*************************}

_{C:\AdwCleaner\AdwCleaner[C0].txt - [16024 Bytes] - [29/06/2017 23:41:26]

C:\AdwCleaner\AdwCleaner[C2].txt - [2720 Bytes] - [01/07/2017 12:28:47]

C:\AdwCleaner\AdwCleaner[S0].txt - [16414 Bytes] - [29/06/2017 23:37:58]

C:\AdwCleaner\AdwCleaner[S1].txt - [3084 Bytes] - [01/07/2017 12:26:09]}

_{########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2940 Bytes] ##########}

_{--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------}

_{~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.3 (04.10.2017)

Operating System: Windows 7 Professional x86

Ran by User (Administrator) on 01/07/2017 at 12:32:52.45

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}

_{File System: 40}

_{Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)

Successfully deleted: C:\ProgramData\productdata (Folder)

Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)

Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)

Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File)

Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)

Successfully deleted: C:\Users\User\AppData\Roaming\3171 (Folder)

Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126\user.js (File)

Successfully deleted: C:\Users\User\AppData\Roaming\productdata (Folder)

Successfully deleted: C:\Users\User\Start Menu\Programs\search.lnk (Shortcut)

Successfully deleted: C:\Windows\System32\${logfile} (File)

Successfully deleted: C:\Windows\System32\Tasks\Driver Booster SkipUAC (User) (Task)

Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator (Task)

Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_User (Task)

Successfully deleted: C:\Windows\System32\Tasks\Wise Turbo Checker (Task)

Successfully deleted: C:\Windows\Tasks\Wise Turbo Checker.job (Task)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LBZIS1C (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T74QX20 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44EE7K6G (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GNXV3FD (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A6N0JER (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C56QQXB (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBQ6CBZH (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZJAUFZL (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXZQ2CU5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLS32J0A (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNA2ZYZJ (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VO7MPHK9 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LBZIS1C (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T74QX20 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44EE7K6G (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GNXV3FD (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A6N0JER (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C56QQXB (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBQ6CBZH (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZJAUFZL (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXZQ2CU5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLS32J0A (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNA2ZYZJ (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VO7MPHK9 (Temporary Internet Files Folder)}

_{Registry: 3}

_{Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key)}

_{~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01/07/2017 at 12:37:26.83

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}

_{Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2017

Ran by User (administrator) on USER-PC (01-07-2017 12:38:32)

Running from C:\Users\User\Downloads

Loaded Profiles: User (Available Profiles: User)

Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/}

_{==================== Processes (Whitelisted) =================}

_{(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)}

_{(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe}

_{==================== Registry (Whitelisted) ====================}

_{(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)}

_{HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-06-26] (AVAST Software)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-26] (AVAST Software)

GroupPolicy: Restriction - Chrome <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION}

_{==================== Internet (Whitelisted) ====================}

_{(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)}

_{ProxyEnable: [.DEFAULT] => Proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:52874;https=127.0.0.1:52874

AutoConfigURL: [.DEFAULT] => http=127.0.0.1:52874;https=127.0.0.1:52874

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{84134957-FE4A-4422-A37C-E142E6B0BA2E}: [DhcpNameServer] 192.168.1.1}

_{Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=hp-avast&type=avastbcl

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-11-11] (RealDownloader)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-08] (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-08] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)

Toolbar: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

Handler: WSISVCUchrome - No CLSID Value -}

_{FireFox:

========

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126 [2017-07-01]

FF Homepage: Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126 -> hxxp://www.google.co.uk/

FF Extension: (Grammarly for Firefox) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126\Extensions\[email protected] [2017-06-22]

FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]

FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]

FF Extension: (iSkysoft Video Converter Ultimate) - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2016-12-21] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()

FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-08] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-08] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=18.1.6.161 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2017-01-15] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=18.1.6.161 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2017-01-15] (RealPlayer)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3088101763-2072606618-2741787397-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)}

_{Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxp://www.igoogle.com/

CHR NewTab: Default -> Not-active:"chrome-extension://bjicifbhnpakmaekfnphojjehhnifkmc/newtab.html"

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_cnewtab&type=default

CHR DefaultSearchKeyword: Default -> Yahoo

CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-01]

CHR Extension: (Yahoo Partner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc [2017-03-23]

CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]

CHR Extension: (Fiery Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmfeiddljnkcdgcfcfhpenipgmaocon [2017-06-28]

CHR Extension: (Video Downloader All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk [2017-06-23]

CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]

CHR Extension: (iSkysoft Video Converter Ultimate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nomnoaehhnmbolpapbjeopogjfefdpnl [2016-12-21]

CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2015-12-08]

CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-26]

CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]

CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-26]

CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-26]

CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]

CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-26]

CHR Extension: (Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-26]

CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-26]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]

CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]

CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

CHR HKLM\...\Chrome\Extension: [nomnoaehhnmbolpapbjeopogjfefdpnl] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2016-12-21]}

_{==================== Services (Whitelisted) ====================}

_{(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)}

_{R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-06-26] (AVAST Software s.r.o.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-06-26] (AVAST Software)

R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1766176 2017-05-19] (IObit)

S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)

S4 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-11-11] ()

S4 RealTimes Desktop Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [987408 2017-01-15] (RealNetworks, Inc.)

S3 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]

R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)}

_{===================== Drivers (Whitelisted) ======================}

_{(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)}

_{R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-06-26] (AVAST Software s.r.o.)

R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-06-26] (AVAST Software s.r.o.)

R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-06-26] (AVAST Software s.r.o.)

R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-06-26] (AVAST Software s.r.o.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-06-26] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-06-26] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-06-26] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99536 2017-06-26] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-06-26] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-06-26] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-06-26] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [147688 2017-06-26] (AVAST Software)

R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-06-30] (AVAST Software)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)

R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2014-12-24] (REALiX™)

S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Intel Corporation) [File not signed]

R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [25120 2017-03-17] (IObit.com)

R3 IMFDownProtect; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys [20336 2017-03-08] (IObit.com)

S3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [21392 2017-01-06] (IObit)

R3 IMFForceDelete; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys [14168 2017-03-17] (IObit.com)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-06-29] (Malwarebytes)

S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32192 2016-12-15] (IObit.com)

S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [4078400 2010-07-15] (Realtek Semiconductor Corp.) [File not signed]

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)

S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)

S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2014-07-28] (Wondershare)

S3 ADIHdAudAddService; no ImagePath

U3 DfSdkS; no ImagePath

S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

S3 NPF; system32\drivers\NPF.sys [X]

U0 Partizan; system32\drivers\Partizan.sys [X]}

_{==================== NetSvcs (Whitelisted) ===================}

_{(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)}

_{==================== One Month Created files and folders ========}

_{(If an entry is included in the fixlist, the file/folder will be moved.)}

_{2017-07-01 12:38 - 2017-07-01 12:39 - 00017973 _____ C:\Users\User\Downloads\FRST.txt

2017-07-01 12:38 - 2017-07-01 12:38 - 00000000 ____D C:\FRST

2017-07-01 12:37 - 2017-07-01 12:37 - 00006468 _____ C:\Users\User\Desktop\JRT.txt

2017-07-01 12:32 - 2017-07-01 12:32 - 00000000 ____D C:\ProgramData\SWCUTemp

2017-07-01 12:31 - 2017-07-01 12:31 - 00003019 _____ C:\Users\User\Desktop\AdwCleaner.txt

2017-07-01 12:28 - 2017-07-01 12:28 - 01779712 _____ (Farbar) C:\Users\User\Downloads\FRST.exe

2017-07-01 12:27 - 2017-07-01 12:27 - 01663672 _____ (Malwarebytes) C:\Users\User\Downloads\JRT (1).exe

2017-07-01 12:26 - 2017-07-01 12:26 - 01663672 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe.m4xp0gq.partial

2017-06-29 23:35 - 2017-07-01 12:28 - 00000000 ____D C:\AdwCleaner

2017-06-29 23:34 - 2017-06-29 23:35 - 04110280 _____ C:\Users\User\Downloads\adwcleaner_6.047.exe

2017-06-29 18:19 - 2017-03-17 12:31 - 00025120 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys

2017-06-29 18:18 - 2017-06-29 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter

2017-06-29 18:17 - 2017-06-29 18:17 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}

2017-06-28 23:24 - 2017-06-28 23:24 - 00001925 _____ C:\Users\User\Desktop\SUPERAntiSpyware Free Edition.lnk

2017-06-28 23:24 - 2017-06-28 23:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2017-06-28 13:19 - 2017-06-28 13:19 - 00619021 _____ C:\Users\User\Documents\universal-credit-and-you-march-2017.pdf

2017-06-26 16:10 - 2017-06-26 16:09 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2017-06-25 16:08 - 2017-06-25 16:08 - 00001879 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk

2017-06-25 16:06 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 39712768 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 25052160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atioglxx.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 19581440 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys

2017-06-25 13:06 - 2017-06-25 13:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 07898704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdva.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 07167416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdag.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 05129728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle32.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 03471376 _____ C:\Windows\system32\atiumdva.cap

2017-06-25 13:06 - 2017-06-25 13:06 - 00934400 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00842001 _____ C:\Windows\system32\amdicdxx.dat

2017-06-25 13:06 - 2017-06-25 13:06 - 00662456 _____ C:\Windows\system32\atiapfxx.blb

2017-06-25 13:06 - 2017-06-25 13:06 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe

2017-06-25 13:06 - 2017-06-25 13:06 - 00370688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys

2017-06-25 13:06 - 2017-06-25 13:06 - 00203776 _____ C:\Windows\system32\clinfo.exe

2017-06-25 13:06 - 2017-06-25 13:06 - 00201216 _____ C:\Windows\system32\amdgfxinfo32.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00189440 _____ C:\Windows\system32\atieah32.exe

2017-06-25 13:06 - 2017-06-25 13:06 - 00177344 _____ C:\Windows\system32\ativce03.dat

2017-06-25 13:06 - 2017-06-25 13:06 - 00175648 _____ C:\Windows\system32\amde31a.dat

2017-06-25 13:06 - 2017-06-25 13:06 - 00164352 _____ (AMD) C:\Windows\system32\atitmmxx.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00158208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atigktxx.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00142848 _____ C:\Windows\system32\hsa-thunk.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00123240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9pag.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00117760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle32.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00100816 _____ C:\Windows\system32\ativce02.dat

2017-06-25 13:06 - 2017-06-25 13:06 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc32.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00090624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00089600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl32.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00059392 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll

2017-06-25 13:06 - 2017-06-25 13:06 - 00029184 _____ (AMD) C:\Windows\system32\atimuixx.dll

2017-06-24 16:07 - 2017-06-24 16:07 - 00000000 ____D C:\Users\User\.QtWebEngineProcess

2017-06-24 16:07 - 2017-06-24 16:07 - 00000000 ____D C:\Users\User\.Plays.tv

2017-06-24 14:22 - 2017-06-24 14:22 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log

2017-06-23 22:32 - 2017-06-24 12:17 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2017-06-19 15:00 - 2017-06-19 15:00 - 00000000 ____D C:\Users\User\AppData\Local\Facebook

2017-06-14 12:41 - 2017-06-02 09:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2017-06-14 12:41 - 2017-06-02 09:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2017-06-14 12:41 - 2017-06-02 09:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2017-06-14 12:41 - 2017-06-02 09:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2017-06-14 12:41 - 2017-06-02 09:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2017-06-14 12:41 - 2017-06-02 09:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll

2017-06-14 12:41 - 2017-06-02 09:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2017-06-14 12:41 - 2017-06-02 09:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll

2017-06-14 12:41 - 2017-06-02 08:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2017-06-14 12:41 - 2017-06-02 08:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2017-06-14 12:41 - 2017-06-02 08:57 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe

2017-06-14 12:41 - 2017-06-02 08:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2017-06-14 12:41 - 2017-06-02 08:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll

2017-06-14 12:41 - 2017-05-21 05:10 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-06-14 12:41 - 2017-05-21 05:10 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-06-14 12:41 - 2017-05-21 05:06 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-06-14 12:41 - 2017-05-21 05:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-06-14 12:41 - 2017-05-21 04:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-06-14 12:41 - 2017-05-21 04:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-06-14 12:41 - 2017-05-21 04:42 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-06-14 12:41 - 2017-05-21 04:42 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-06-14 12:41 - 2017-05-21 04:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-06-14 12:41 - 2017-05-21 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-06-14 12:41 - 2017-05-21 04:42 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-06-14 12:41 - 2017-05-16 18:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-06-14 12:41 - 2017-05-14 20:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-06-14 12:41 - 2017-05-14 20:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-06-14 12:41 - 2017-05-14 20:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-06-14 12:41 - 2017-05-14 20:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-06-14 12:41 - 2017-05-14 20:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-06-14 12:41 - 2017-05-14 20:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-06-14 12:41 - 2017-05-14 20:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-06-14 12:41 - 2017-05-14 20:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-06-14 12:41 - 2017-05-14 20:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-06-14 12:41 - 2017-05-14 20:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-06-14 12:41 - 2017-05-14 20:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-06-14 12:41 - 2017-05-14 20:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-06-14 12:41 - 2017-05-14 20:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-06-14 12:41 - 2017-05-14 20:11 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-06-14 12:41 - 2017-05-14 20:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-06-14 12:41 - 2017-05-14 20:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-06-14 12:41 - 2017-05-14 20:05 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-06-14 12:41 - 2017-05-14 20:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-06-14 12:41 - 2017-05-14 19:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2017-06-14 12:41 - 2017-05-14 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-06-14 12:41 - 2017-05-14 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-06-14 12:41 - 2017-05-14 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-06-14 12:41 - 2017-05-14 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-06-14 12:41 - 2017-05-14 19:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-06-14 12:41 - 2017-05-14 19:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-06-14 12:41 - 2017-05-14 19:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-06-14 12:41 - 2017-05-14 19:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-06-14 12:41 - 2017-05-14 19:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-06-14 12:41 - 2017-05-14 19:40 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-06-14 12:41 - 2017-05-14 19:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-06-14 12:41 - 2017-05-14 19:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-06-14 12:41 - 2017-05-14 19:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-06-14 12:41 - 2017-05-14 19:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-06-14 12:41 - 2017-05-14 19:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-06-14 12:41 - 2017-05-14 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-06-14 12:41 - 2017-05-12 19:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2017-06-14 12:41 - 2017-05-12 19:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2017-06-14 12:41 - 2017-05-12 19:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2017-06-14 12:41 - 2017-05-12 19:04 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2017-06-14 12:41 - 2017-05-12 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2017-06-14 12:41 - 2017-05-12 18:45 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2017-06-14 12:41 - 2017-05-12 18:45 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2017-06-14 12:41 - 2017-05-12 18:45 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2017-06-14 12:41 - 2017-05-12 18:45 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2017-06-14 12:41 - 2017-05-12 18:44 - 02401792 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-06-14 12:41 - 2017-05-12 18:43 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2017-06-14 12:41 - 2017-05-12 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2017-06-14 12:41 - 2017-05-12 18:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2017-06-14 12:41 - 2017-05-12 17:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2017-06-14 12:41 - 2017-05-12 17:25 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2017-06-14 12:41 - 2017-05-10 16:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe

2017-06-14 12:41 - 2017-05-10 16:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2017-06-14 12:41 - 2017-05-10 16:12 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2017-06-14 12:41 - 2017-05-10 16:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2017-06-14 12:41 - 2017-05-10 16:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2017-06-14 12:41 - 2017-05-10 16:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2017-06-14 12:41 - 2017-05-10 16:01 - 02092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2017-06-14 12:41 - 2017-05-10 16:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2017-06-14 12:41 - 2017-05-10 16:00 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2017-06-14 12:41 - 2017-05-10 16:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2017-06-14 12:41 - 2017-05-10 16:00 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2017-06-14 12:41 - 2017-05-10 16:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2017-06-14 12:41 - 2017-05-10 16:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2017-06-14 12:41 - 2017-05-10 16:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2017-06-14 12:41 - 2017-05-10 15:47 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2017-06-14 12:41 - 2017-05-09 16:11 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2017-06-14 12:41 - 2017-05-09 16:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2017-06-14 12:41 - 2017-05-09 16:01 - 00066048 _____ C:\Windows\system32\PrintBrmUi.exe

2017-06-14 12:41 - 2017-05-07 16:14 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2017-06-14 12:41 - 2017-05-07 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2017-06-14 12:41 - 2017-03-30 15:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe

2017-06-10 17:51 - 2017-06-10 17:52 - 185406582 _____ C:\Users\User\Downloads\Kraftwerk - 3-D_ The Catalogue CD7.zip

2017-06-02 23:13 - 2017-06-02 23:18 - 397697288 _____ C:\Users\User\Downloads\anden-som-gjorde-oppror.zip}

_{==================== One Month Modified files and folders ========}

_{(If an entry is included in the fixlist, the file/folder will be moved.)}

_{2017-07-01 12:38 - 2009-07-14 05:34 - 00035504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-07-01 12:38 - 2009-07-14 05:34 - 00035504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-07-01 12:29 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-07-01 12:28 - 2013-12-16 20:07 - 00000000 ____D C:\Users\User\AppData\LocalLow\IObit

2017-07-01 12:28 - 2013-12-16 20:07 - 00000000 ____D C:\ProgramData\IObit

2017-07-01 12:28 - 2013-12-16 20:06 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit

2017-07-01 12:24 - 2016-11-18 20:03 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla

2017-07-01 12:23 - 2014-04-11 13:14 - 00000000 __SHD C:\Users\User\AppData\LocalLow\EmieUserList

2017-07-01 12:23 - 2014-04-11 13:10 - 00000000 __SHD C:\Users\User\AppData\LocalLow\EmieSiteList

2017-07-01 12:08 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf

2017-07-01 12:03 - 2013-12-16 19:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2017-07-01 00:36 - 2013-12-16 14:48 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc

2017-06-30 22:31 - 2015-11-04 17:55 - 00000000 ____D C:\Users\User\Desktop\lol

2017-06-30 22:18 - 2016-12-15 23:25 - 00000000 ____D C:\Program Files\Mozilla Firefox

2017-06-30 18:26 - 2013-12-30 12:19 - 72597504 _____ C:\Windows\system32\config\software.iobit

2017-06-30 18:26 - 2013-12-30 12:19 - 01454080 _____ C:\Windows\system32\config\default.iobit

2017-06-30 18:26 - 2013-12-30 12:19 - 00061440 _____ C:\Windows\system32\config\sam.iobit

2017-06-30 18:26 - 2013-12-30 12:19 - 00024576 _____ C:\Windows\system32\config\security.iobit

2017-06-30 18:09 - 2013-12-16 14:42 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

2017-06-30 17:58 - 2014-02-05 17:39 - 00000000 ____D C:\IObit

2017-06-29 23:49 - 2014-11-20 17:49 - 00000000 ____D C:\Program Files\Common Files\IObit

2017-06-29 23:48 - 2013-12-16 20:07 - 00000000 ____D C:\Program Files\IObit

2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Yahoo!

2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Users\User\AppData\LocalLow\Yahoo!

2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Program Files\Yahoo!

2017-06-29 23:22 - 2014-04-29 17:33 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-06-29 17:59 - 2013-12-16 20:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2017-06-28 23:56 - 2014-08-25 22:35 - 00000000 ____D C:\Users\User\AppData\Local\Adobe

2017-06-28 23:56 - 2014-01-03 14:19 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2017-06-28 23:56 - 2014-01-03 14:19 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2017-06-28 23:55 - 2014-01-03 14:19 - 00000000 ____D C:\Windows\system32\Macromed

2017-06-28 23:06 - 2016-03-06 19:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype

2017-06-28 16:51 - 2014-10-21 23:26 - 00157696 ___SH C:\Users\User\Documents\Thumbs.db

2017-06-28 14:12 - 2015-01-28 15:39 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps

2017-06-27 22:46 - 2013-12-16 14:38 - 00002020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-06-27 12:37 - 2013-12-16 14:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

2017-06-26 16:09 - 2017-02-07 13:03 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys

2017-06-26 16:09 - 2017-02-07 13:03 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys

2017-06-26 16:09 - 2017-02-07 13:03 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys

2017-06-26 16:09 - 2017-02-07 13:03 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys

2017-06-26 16:09 - 2016-03-22 23:05 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2017-06-26 16:09 - 2014-05-01 16:51 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2017-06-26 16:09 - 2014-01-03 14:19 - 00147688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2017-06-26 16:09 - 2013-12-16 14:42 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2017-06-26 16:09 - 2013-12-16 14:42 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2017-06-26 16:09 - 2013-12-16 14:42 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2017-06-26 16:09 - 2013-12-16 14:42 - 00099536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2017-06-26 16:09 - 2013-12-16 14:42 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2017-06-26 16:09 - 2013-12-16 14:42 - 00000000 ____D C:\ProgramData\AVAST Software

2017-06-25 22:41 - 2017-03-25 16:15 - 00000000 ___RD C:\Program Files\Skype

2017-06-25 22:41 - 2016-03-06 19:57 - 00000000 ____D C:\ProgramData\Skype

2017-06-25 19:15 - 2010-11-20 22:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI

2017-06-25 16:08 - 2014-01-03 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2017-06-25 16:06 - 2014-01-03 18:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Samsung

2017-06-25 16:06 - 2014-01-03 18:15 - 00000000 ____D C:\Program Files\Samsung

2017-06-25 16:06 - 2013-12-16 15:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2017-06-25 13:06 - 2015-08-04 07:28 - 09468448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx32.dll

2017-06-25 13:06 - 2015-08-04 07:28 - 01194928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx32.dll

2017-06-25 13:06 - 2015-08-04 07:28 - 00136624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxpag.dll

2017-06-25 13:06 - 2015-08-04 03:06 - 00564224 _____ (AMD) C:\Windows\system32\atieclxx.exe

2017-06-25 13:06 - 2015-08-04 03:06 - 00259072 _____ (AMD) C:\Windows\system32\atiesrxx.exe

2017-06-25 13:06 - 2015-08-04 02:48 - 00669696 _____ (AMD) C:\Windows\system32\coinst_15.20.dll

2017-06-25 00:42 - 2014-12-10 15:24 - 00000000 ____D C:\Windows\system32\appraiser

2017-06-25 00:42 - 2010-11-21 01:47 - 00000000 ___RD C:\Users\Public\Recorded TV

2017-06-25 00:42 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration

2017-06-24 23:13 - 2013-12-23 12:24 - 00000000 ____D C:\AMD

2017-06-24 15:53 - 2009-07-14 05:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-06-20 16:56 - 2016-10-04 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag

2017-06-14 16:50 - 2015-12-08 17:41 - 00502976 _____ C:\Windows\system32\FNTCACHE.DAT

2017-06-14 16:50 - 2014-11-06 13:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-06-14 16:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\migwiz

2017-06-14 14:12 - 2013-12-16 15:44 - 00000000 ____D C:\Windows\system32\MRT

2017-06-14 14:07 - 2013-12-16 15:44 - 130903960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-06-14 14:04 - 2014-11-06 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-06-03 22:52 - 2015-04-02 18:21 - 00000116 _____ C:\Windows\NeroDigital.ini}

_{==================== Files in the root of some directories =======}

_{2015-09-16 17:04 - 2016-11-22 17:03 - 0000518 _____ () C:\Users\User\AppData\Roaming\burnaware.ini

2014-06-29 16:41 - 2014-10-15 13:30 - 0000097 _____ () C:\Users\User\AppData\Roaming\default.pls

2015-02-09 16:09 - 2015-02-09 16:11 - 0022328 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys

2015-04-11 14:44 - 2015-04-11 14:44 - 0000020 ___SH () C:\Users\User\AppData\Roaming\Sys11965 DataCollection.dat

2015-04-11 14:44 - 2015-04-11 14:44 - 0000020 ___SH () C:\Users\User\AppData\Roaming\System413_DataDB.ind

2017-03-26 18:12 - 2017-03-26 18:12 - 1058101 _____ () C:\Users\User\AppData\Local\ars.cache

2017-03-26 18:12 - 2017-03-26 18:12 - 0384255 _____ () C:\Users\User\AppData\Local\census.cache

2015-07-12 23:19 - 2016-09-09 23:24 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2017-03-26 17:50 - 2017-03-26 17:50 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache

2015-08-11 16:42 - 2015-08-11 16:42 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg

2017-03-26 18:03 - 2017-03-26 18:03 - 0000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache

2017-02-26 18:03 - 2017-02-26 18:03 - 0000116 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc}

_{==================== Bamital & volsnap ======================}

_{(There is no automatic fix for files that do not pass verification.)}

_{C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed}

_{LastRegBack: 2017-05-06 16:35}

_{==================== End of FRST.txt ============================}

_{Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-06-2017

Ran by User (01-07-2017 12:40:08)

Running from C:\Users\User\Downloads

Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-12-16 13:02:20)

Boot Mode: Normal

==========================================================}

_{==================== Accounts: =============================}

_{Administrator (S-1-5-21-3088101763-2072606618-2741787397-500 - Administrator - Disabled)

Guest (S-1-5-21-3088101763-2072606618-2741787397-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3088101763-2072606618-2741787397-1002 - Limited - Enabled)

User (S-1-5-21-3088101763-2072606618-2741787397-1000 - Administrator - Enabled) => C:\Users\User}

_{==================== Security Center ========================}

_{(If an entry is included in the fixlist, it will be removed.)}

_{AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}}

_{==================== Installed Programs ======================}

_{(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)}

_{AccessDiver v4.120 (HKLM\...\AccessDiver 4.120_is1) (Version: - )

AccessDiver v4.260 (HKLM\...\AccessDiver v4.260_is1) (Version: - Jean Fages)

AccessDiver v4.402 (HKLM\...\AccessDiver v4.402_is1) (Version: - Jean Fages)

ACDSee (HKLM\...\ACDSee) (Version: - )

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)

Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)

Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)

Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)

AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

BurnAware Free 4.0 Beta 4 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)

Combined Community Codec Pack 2015-10-18 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2015.10.19.0 - CCCP Project)

Driver Booster 4.4 (HKLM\...\Driver Booster_is1) (Version: 4.4.0 - IObit)

Dropbox (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)

DVDFab 9.2.0.8 (06/08/2015) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)

File Type Advisor 1.6 (HKLM\...\File Type Advisor_is1) (Version: - )

Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)

Google Chrome (HKLM\...\{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}) (Version: 59.0.3071.115 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

IncrediMail (HKLM\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5288 - IncrediMail) Hidden

IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)

IObit Malware Fighter 5 (HKLM\...\IObit Malware Fighter_is1) (Version: 5.1 - IObit)

IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.4.0.2119 - IObit)

iSkysoft Video Converter Ultimate(Build 5.2.1.0) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.2.1.0 - iSkysoft Software)

iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)

Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

MailWasher (HKLM\...\{6274A6B6-DF02-48A4-940D-F18775909906}) (Version: 7.11 - Firetrust)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Mozilla Firefox 54.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)

Mozilla Thunderbird 52.2.1 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 52.2.1 (x86 en-GB)) (Version: 52.2.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )

Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)

Nero SoundTrax (HKLM\...\{3D62438A-C6E0-4160-B3CC-D6B5158782D3}) (Version: 12.0.03300 - Nero AG)

Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)

Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)

Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0005 - Nero AG) Hidden

QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

RealDownloader (HKLM\...\{0f83759a-ef7e-43bf-b75b-15e2a540e20d}) (Version: 18.1.6.165 - RealNetworks) Hidden

RealDownloader (HKLM\...\{25C2B7A5-3DED-45E8-B1E8-B8596E847382}) (Version: 18.1.6.165 - RealNetworks) Hidden

RealDownloader (HKLM\...\{496CA6A6-13F4-49AA-9A27-CD96CF65B29A}) (Version: 18.1.6.161 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (RealTimes) (HKLM\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks)

Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden

Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (HKLM\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden

Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)

Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)

Serif PhotoPlus 7.0 (HKLM\...\{BEFCB74C-C49F-4327-8EDF-3A81A574AC0F}) (Version: - )

Serif PhotoPlus 7.0 Resource CD-ROM (HKLM\...\{1D4AE68D-CC48-401D-A5DC-B7A78E827492}) (Version: - )

Skype™ 7.37 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)

Smart Defrag 5 (HKLM\...\Smart Defrag_is1) (Version: 5.6.0 - IObit)

SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)

swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden

vc2012_redist (HKLM\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden

VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden

Video Downloader (HKLM\...\{751FF83F-61D7-4EE3-A23F-C77A431709B7}) (Version: 1.3.0 - RealNetworks) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)

vs2015_redist x86 (HKLM\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden

WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)}

_{==================== Custom CLSID (Whitelisted): ==========================}

_{(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)}

_{CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{02835AE8-A267-4B1F-A05C-36D2DEA350DC}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{44CD0A52-D0B4-4D03-A572-A9BDAD6E2D33}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBAC09B1-05A9-4E4F-93BA-1E409D52A268}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)}

_{==================== Scheduled Tasks (Whitelisted) =============}

_{(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)}

_{Task: {03D587ED-3057-4C43-AF1A-79CCCC1B826B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.)

Task: {0B7F1AD5-75D6-4140-B855-37493837ACBA} - System32\Tasks\{161D1605-527E-40E2-9A0D-45246D75D683} => pcalua.exe -a C:\Users\User\Downloads\sp45614.exe -d C:\Users\User\Downloads

Task: {0D17E125-6877-4D73-BC08-ECA25BACB7AE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)

Task: {111C06BB-0930-4CFD-A972-A1C07A90B16A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)

Task: {4B550C72-434C-49E6-BA40-C9B208585E37} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)

Task: {587FB8D7-9B2E-43CC-A8FB-7584E780BE61} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-28] (Adobe Systems Incorporated)

Task: {5A88F7CA-B5DA-4ACD-9EA9-CE8494B33C7A} - System32\Tasks\ASC10_SkipUac_User => C:\Program Files\IObit\Advanced SystemCare\ASC.exe

Task: {603DE812-9B4A-4E6C-BB70-5339602EFB0A} - System32\Tasks\RealDownloader Update Check => C:\Program Files\Real\RealDownloader\downloader2.exe [2016-12-13] ()

Task: {62E78F88-E84E-4486-A92B-E53C1DFAB8D2} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)

Task: {67DCAD51-69DE-4B30-B388-4B29106AEB4C} - System32\Tasks\SmartDefrag_Update => C:\Program Files\IObit\Smart Defrag\AutoUpdate.exe [2017-05-25] (IObit)

Task: {7982B706-4327-47FC-B411-F8C76A800111} - \GlaryInitialize 5 -> No File <==== ATTENTION

Task: {7DCA22A1-4EF1-4F24-8225-8BED05DAFFF6} - System32\Tasks\avastBCLRestartS-1-5-21-3088101763-2072606618-2741787397-1000 => Firefox.exe

Task: {7EDDB5B7-DF5A-430F-8CEA-3E2FBDEAAA94} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)

Task: {81B56108-3F9C-4AE5-9402-E075B86A0C09} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.)

Task: {85330998-3B3C-4783-A898-CCAE0C2B7010} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-26] (AVAST Software)

Task: {8A6F267E-7DA5-4A92-905A-B69D80DDBEE9} - System32\Tasks\{D08CA74C-78E2-4677-B76A-2E8BFF8F89B7} => pcalua.exe -a C:\Users\User\Downloads\sp38488.exe -d C:\Users\User\Downloads

Task: {928760DA-7428-4458-B234-24D36867B6D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-28] (Adobe Systems Incorporated)

Task: {95F1ECCA-C3ED-470B-83BC-60511ACCC18D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {99F20CF6-4E70-44FE-870F-39C0B23A8A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {9DE37BD2-8031-439E-B080-86C83123C71D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\recordingmanager.exe [2016-11-11] (RealNetworks, Inc.)

Task: {9F681C86-4CE0-4E74-925F-23B31018C318} - System32\Tasks\{53D9DB2D-0E56-4021-91A6-D510D6E39C9B} => pcalua.exe -a "C:\Users\User\Downloads\sp46137 (1).exe" -d C:\Users\User\Downloads

Task: {A3CF2700-1C72-4D91-9959-11D3BEADE5B2} - System32\Tasks\{395AA04B-5994-4197-937C-681544F33B08} => pcalua.exe -a C:\Users\User\Downloads\EClea2_0.exe -d C:\Users\User\Downloads

Task: {B59358DD-E596-462B-9DA4-B66B8587B1D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)

Task: {D416D7F3-2E51-47E8-8D79-EF507C8149B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)

Task: {DC56B1D6-7571-4746-9167-0A33127F5B68} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)

Task: {DF0574DC-7875-4C76-8DBB-CEA4A64937A2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)

Task: {F7B8BA66-F89F-4111-8A9E-C7120DE48D34} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {FC294542-BCB4-415B-A0B6-6DB13ECC4791} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)

Task: {FFA76788-F0F7-47D9-85DF-A86F7FDA65E9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)}

_{(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)}

_{==================== Shortcuts & WMI ========================}

_{(The entries could be listed to be restored or removed.)}

_{==================== Loaded Modules (Whitelisted) ==============}

_{2017-06-26 16:09 - 2017-06-26 16:09 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2017-06-26 16:09 - 2017-06-26 16:09 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll

2017-06-26 16:09 - 2017-06-26 16:09 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll

2017-06-30 22:08 - 2017-06-30 22:08 - 05779744 _____ () C:\Program Files\AVAST Software\Avast\defs\17063002\algo.dll

2017-06-26 16:09 - 2017-06-26 16:09 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2017-06-26 16:09 - 2017-06-26 16:09 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-06-26 16:09 - 2017-06-26 16:09 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll

2017-06-26 16:09 - 2017-06-26 16:09 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2017-06-26 16:09 - 2017-06-26 16:09 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

2017-06-27 16:57 - 2017-06-27 16:57 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll}

_{==================== Alternate Data Streams (Whitelisted) =========}

_{(If an entry is included in the fixlist, only the ADS will be removed.)}

_{AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]}

_{==================== Safe Mode (Whitelisted) ===================}

_{(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)}

_{HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"}

_{==================== Association (Whitelisted) ===============}

_{(If an entry is included in the fixlist, the registry item will be restored to default or removed.)}

_{==================== Internet Explorer trusted/restricted ===============}

_{(If an entry is included in the fixlist, it will be removed from the registry.)}

_{IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1001movie.com -> 1001movie.com}

_{There are 6127 more sites.}

_{==================== Hosts content: ===============================}

_{(If needed Hosts: directive could be included in the fixlist to reset Hosts.)}

_{2015-08-11 18:23 - 2015-08-11 18:23 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts}

_{==================== Other Areas ============================}

_{(Currently there is no automatic fix for this section.)}

_{HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.}

_{==================== MSCONFIG/TASK MANAGER disabled items ==}

_{MSCONFIG\Services: AdvancedSystemCareService8 => 2

MSCONFIG\Services: AdvancedSystemCareService9 => 2

MSCONFIG\Services: defragsvc => 3

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: IObitUnSvr => 2

MSCONFIG\Services: LiveUpdateSvc => 2

MSCONFIG\Services: NAUpdate => 3

MSCONFIG\Services: RealNetworks Downloader Resolver Service => 3

MSCONFIG\Services: RealPlayer Cloud Service => 3

MSCONFIG\Services: RealPlayerUpdateSvc => 3

MSCONFIG\Services: RealTimes Desktop Service => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Advanced SystemCare 7 => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} =>

MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart

MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: NBKeyScan =>

MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: RealDownloader => C:\Program Files\Real\RealDownloader\downloader2.exe

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: StartCCC => "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot}

_{==================== FirewallRules (Whitelisted) ===============}

_{(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)}

_{FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{D993345C-7FFF-4443-8E97-420AF88FA86A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{C91ED226-46D7-424F-8748-6931EFDEDE6C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{03957991-2CA2-495D-A2E7-011DA2E34737}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{04683AB8-F080-4D15-8C77-147BEC16B732}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe

FirewallRules: [UDP Query User{02E8DC56-7B4A-4131-96A1-21740F3B0857}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe

FirewallRules: [{A70B0074-19DE-4A2F-839A-2D757E9C7D12}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{01705072-5055-47BA-AE75-10FEE2175060}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{F274A6B0-E48E-45A1-B67E-172007F9311D}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{091E8D46-4FAC-4AF5-B8BD-D47416DC43D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{C1FE3565-1713-4622-A659-01B732063B7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{B0EB3D61-B620-427F-8F52-EAEBAEE14732}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{DAE9D903-A243-467D-813D-174DC25FC801}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [{93C4AC80-CE6C-4091-8C2C-D70AA0AEA6BD}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe

FirewallRules: [{D10F79C2-0191-420E-8590-1F0834AFB9AC}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe

FirewallRules: [{D1765F25-CA17-4C42-81DA-1C875C66BC83}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe

FirewallRules: [{2FED219F-3274-4429-97AD-8B4014BED2FC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe

FirewallRules: [{7766F7AD-417B-46C3-BB47-274C3302DA54}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{195B7592-763A-4283-9B8B-4B0080C26389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{F831488E-7E72-4F58-9CC4-13576C537F25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{A45E8DC3-99A0-447C-A531-6E71A3A3AAA5}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe

FirewallRules: [{1E598BFC-54E8-4181-8EA8-AF688ED1742F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe

FirewallRules: [{81807C1B-E3EA-47B1-9A4F-966E63A44115}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe

FirewallRules: [{F7DC6456-87A7-4996-AC58-2B111B284548}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe

FirewallRules: [{DCEE00BC-0E97-4611-8D8A-19F8104D1EB7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [{B98FE9B0-0C76-4B1A-9AA7-66235E13240F}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe

FirewallRules: [{84697638-7723-4EC0-9613-F78E37EB84EC}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe

FirewallRules: [{3B89D270-D1DD-4C78-8660-EB6EF5D8083F}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{B63B27D5-19E8-4B7E-BDB3-4A686FAB85E2}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe

FirewallRules: [{9BFD6307-198A-49C4-823F-1C00F87F5B15}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe

FirewallRules: [{CF760EE2-B286-45CD-AD66-F8285B4A2CAC}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe

FirewallRules: [{329C0094-A19C-434A-AF83-6216CCE629AA}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe

FirewallRules: [{E4F92858-1991-43BF-A757-51DD7E5264F0}] => (Block) LPort=445

FirewallRules: [{2EC0CA5F-4F6B-4CFC-86BF-091630C7A049}] => (Block) LPort=445

FirewallRules: [{3E2E9C8E-3886-4431-B9BE-A4B3A7453EEF}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\DriverBooster.exe

FirewallRules: [{A179E03C-CFFF-4C37-8EC9-F9050D4B8384}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\DriverBooster.exe

FirewallRules: [{4472D4D9-814C-4F7E-AD52-1D6FD077778C}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\DBDownloader.exe

FirewallRules: [{01D69BE6-6C81-46FD-A9ED-D286F4A5056E}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\DBDownloader.exe

FirewallRules: [{E1F2C459-D900-4A3E-B966-A1B1DD0ADE3C}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\AutoUpdate.exe

FirewallRules: [{B74B1C37-379E-4654-820C-08E19066808F}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\AutoUpdate.exe

FirewallRules: [{15EEE754-46F1-421B-8306-8FFFD862D998}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe

FirewallRules: [{60B2501B-E272-4FD8-B655-0FED36FA4535}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe

FirewallRules: [{36B9F3E0-4650-47AE-A1DE-0022B5852C5E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

FirewallRules: [{56192D45-CD36-4DC7-A92D-09DB19C678F3}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe

FirewallRules: [{63016407-E815-4471-BB8B-4425A996E597}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe}

_{==================== Restore Points =========================}

_{01-07-2017 12:32:54 JRT Pre-Junkware Removal}

_{==================== Faulty Device Manager Devices =============}

_{Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.}

_{Name: PS/2 Compatible Mouse

Description: PS/2 Compatible Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.}

_{Name: Standard PS/2 Keyboard

Description: Standard PS/2 Keyboard

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard keyboards)

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.}

_{==================== Event log errors: =========================}

_{Application errors:

==================

Error: (07/01/2017 12:30:45 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.}

_{Error: (07/01/2017 12:14:49 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.}

_{Error: (07/01/2017 12:12:14 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "c:\program files\amd\ati.ace\core-static\SLSTaskbar64.exe".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.}

_{Error: (07/01/2017 12:04:09 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.}

_{Error: (06/30/2017 10:31:09 PM) (Source: ESENT) (EventID: 455) (User: )

Description: taskhost (1844) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log.}

_{Error: (06/30/2017 10:08:04 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.}

_{Error: (06/30/2017 06:38:09 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "c:\program files\amd\ati.ace\core-static\SLSTaskbar64.exe".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.}

_{Error: (06/30/2017 06:28:31 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "c:\program files\amd\ati.ace\core-static\SLSTaskbar64.exe".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.}

_{Error: (06/30/2017 06:00:20 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.}

_{Error: (06/29/2017 11:44:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.}

_{System errors:

=============

Error: (07/01/2017 12:28:50 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

An instance of the service is already running.}

_{Error: (07/01/2017 12:28:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.}

_{Error: (07/01/2017 12:28:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.}

_{Error: (07/01/2017 12:28:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.}

_{Error: (07/01/2017 12:28:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).}

_{Error: (07/01/2017 12:28:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).}

_{Error: (07/01/2017 12:28:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.}

_{Error: (07/01/2017 12:28:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.}

_{Error: (07/01/2017 12:28:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.}

_{Error: (07/01/2017 12:28:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).}

_{CodeIntegrity:

===================================

Date: 2014-05-31 23:46:28.250

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll because the set of per-page image hashes could not be found on the system.}

_{Date: 2014-05-25 13:42:11.758

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll because the set of per-page image hashes could not be found on the system.}

_{Date: 2014-05-25 13:41:56.436

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll because the set of per-page image hashes could not be found on the system.}

_{Date: 2014-05-24 23:52:17.545

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll because the set of per-page image hashes could not be found on the system.}

_{==================== Memory info ===========================}

_{Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz

Percentage of memory in use: 32%

Total physical RAM: 3567.3 MB

Available physical RAM: 2399.11 MB

Total Virtual: 7132.93 MB

Available Virtual: 6038.73 MB}

_{==================== Drives ================================}

_{Drive c: () (Fixed) (Total:148.91 GB) (Free:85.4 GB) NTFS

Drive e: (Backup Drive) (Fixed) (Total:931.51 GB) (Free:731.17 GB) NTFS}

_{==================== MBR & Partition Table ==================}

_{========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EE0B5EB7)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)}

_{========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6829804D)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)}

_{==================== End of Addition.txt ============================}

_{All files pasted}

#4
RKinner

Posted 01 July 2017 - 06:52 AM

Malware Expert

Expert
24,623 posts

Search for

msconfig

hit Enter

Check everything under Startup

Apply then under Services

Check everything

Restart

Uninstall:

Driver Booster 4.4

File Type Advisor 1.6

IObit Malware Fighter 5 (HKLM\...\IObit Malware Fighter_is1) (Version: 5.1 - IObit)

IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.4.0.2119 - IObit)

Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

Smart Defrag 5

SUPERAntiSpyware

Download the attached fixlist.txt to the same location as FRST

[attachment=85419:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that

(It should reboot so make sure you have everything closed before running the Fix)

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#5
Django2009

Posted 01 July 2017 - 10:20 AM

Member

Topic Starter
Member
56 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-06-2017
Ran by User (01-07-2017 17:01:01) Run:2
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52874;https=127.0.0.1:52874
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:52874;https=127.0.0.1:52874
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: WSISVCUchrome - No CLSID Value -
CHR NewTab: Default -> Not-active:"chrome-extension://bjicifbhnpakmaekfnphojjehhnifkmc/newtab.html"
CHR Extension: (Yahoo Partner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc [2017-03-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 ADIHdAudAddService; no ImagePath
U3 DfSdkS; no ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
Task: {5A88F7CA-B5DA-4ACD-9EA9-CE8494B33C7A} - System32\Tasks\ASC10_SkipUac_User => C:\Program Files\IObit\Advanced SystemCare\ASC.exeU0 Partizan; system32\drivers\Partizan.sys [X]
Task: {7982B706-4327-47FC-B411-F8C76A800111} - \GlaryInitialize 5 -> No File <==== ATTENTION
Task: {9F681C86-4CE0-4E74-925F-23B31018C318} - System32\Tasks\{53D9DB2D-0E56-4021-91A6-D510D6E39C9B} => pcalua.exe -a "C:\Users\User\Downloads\sp46137 (1).exe" -d C:\Users\User\Downloads
Task: {A3CF2700-1C72-4D91-9959-11D3BEADE5B2} - System32\Tasks\{395AA04B-5994-4197-937C-681544F33B08} => pcalua.exe -a C:\Users\User\Downloads\EClea2_0.exe -d C:\Users\User\Downloads
Task: {8A6F267E-7DA5-4A92-905A-B69D80DDBEE9} - System32\Tasks\{D08CA74C-78E2-4677-B76A-2E8BFF8F89B7} => pcalua.exe -a C:\Users\User\Downloads\sp38488.exe -d C:\Users\User\Downloads
Task: {0B7F1AD5-75D6-4140-B855-37493837ACBA} - System32\Tasks\{161D1605-527E-40E2-9A0D-45246D75D683} => pcalua.exe -a C:\Users\User\Downloads\sp45614.exe -d C:\Users\User\Downloads
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
C:\Program Files\IObit\Advanced SystemCare
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\Software\Classes\PROTOCOLS\Handler\WSISVCUchrome => key not found.
Chrome NewTab => removed successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc => not found.
ADIHdAudAddService => service not found.
DfSdkS => service not found.
dgderdrv => service not found.
NPF => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A88F7CA-B5DA-4ACD-9EA9-CE8494B33C7A} => key not found.
C:\Windows\System32\Tasks\ASC10_SkipUac_User => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_SkipUac_User => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7982B706-4327-47FC-B411-F8C76A800111} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 5 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F681C86-4CE0-4E74-925F-23B31018C318} => key not found.
C:\Windows\System32\Tasks\{53D9DB2D-0E56-4021-91A6-D510D6E39C9B} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{53D9DB2D-0E56-4021-91A6-D510D6E39C9B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3CF2700-1C72-4D91-9959-11D3BEADE5B2} => key not found.
C:\Windows\System32\Tasks\{395AA04B-5994-4197-937C-681544F33B08} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{395AA04B-5994-4197-937C-681544F33B08} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A6F267E-7DA5-4A92-905A-B69D80DDBEE9} => key not found.
C:\Windows\System32\Tasks\{D08CA74C-78E2-4677-B76A-2E8BFF8F89B7} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D08CA74C-78E2-4677-B76A-2E8BFF8F89B7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B7F1AD5-75D6-4140-B855-37493837ACBA} => key not found.
C:\Windows\System32\Tasks\{161D1605-527E-40E2-9A0D-45246D75D683} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{161D1605-527E-40E2-9A0D-45246D75D683} => key not found.
"C:\ProgramData\TEMP" => ":373E1720" ADS not found.
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.
"C:\Program Files\IObit\Advanced SystemCare" => not found.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 17:01:34 ====

-----------------------------------------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-06-2017
Ran by User (01-07-2017 17:14:24)
Running from C:\Users\User\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-12-16 13:02:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3088101763-2072606618-2741787397-500 - Administrator - Disabled)
Guest (S-1-5-21-3088101763-2072606618-2741787397-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3088101763-2072606618-2741787397-1002 - Limited - Enabled)
User (S-1-5-21-3088101763-2072606618-2741787397-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccessDiver v4.120 (HKLM\...\AccessDiver 4.120_is1) (Version: - )
AccessDiver v4.260 (HKLM\...\AccessDiver v4.260_is1) (Version: - Jean Fages)
AccessDiver v4.402 (HKLM\...\AccessDiver v4.402_is1) (Version: - Jean Fages)
ACDSee (HKLM\...\ACDSee) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 4.0 Beta 4 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
Combined Community Codec Pack 2015-10-18 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2015.10.19.0 - CCCP Project)
Dropbox (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DVDFab 9.2.0.8 (06/08/2015) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM\...\{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}) (Version: 59.0.3071.115 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IncrediMail (HKLM\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
iSkysoft Video Converter Ultimate(Build 5.2.1.0) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.2.1.0 - iSkysoft Software)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
MailWasher (HKLM\...\{6274A6B6-DF02-48A4-940D-F18775909906}) (Version: 7.11 - Firetrust)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 52.2.1 (x86 en-GB)) (Version: 52.2.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero SoundTrax (HKLM\...\{3D62438A-C6E0-4160-B3CC-D6B5158782D3}) (Version: 12.0.03300 - Nero AG)
Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0005 - Nero AG) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM\...\{0f83759a-ef7e-43bf-b75b-15e2a540e20d}) (Version: 18.1.6.165 - RealNetworks) Hidden
RealDownloader (HKLM\...\{25C2B7A5-3DED-45E8-B1E8-B8596E847382}) (Version: 18.1.6.165 - RealNetworks) Hidden
RealDownloader (HKLM\...\{496CA6A6-13F4-49AA-9A27-CD96CF65B29A}) (Version: 18.1.6.161 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Serif PhotoPlus 7.0 (HKLM\...\{BEFCB74C-C49F-4327-8EDF-3A81A574AC0F}) (Version: - )
Serif PhotoPlus 7.0 Resource CD-ROM (HKLM\...\{1D4AE68D-CC48-401D-A5DC-B7A78E827492}) (Version: - )
Skype™ 7.37 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Video Downloader (HKLM\...\{751FF83F-61D7-4EE3-A23F-C77A431709B7}) (Version: 1.3.0 - RealNetworks) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
vs2015_redist x86 (HKLM\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{02835AE8-A267-4B1F-A05C-36D2DEA350DC}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{44CD0A52-D0B4-4D03-A572-A9BDAD6E2D33}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBAC09B1-05A9-4E4F-93BA-1E409D52A268}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D587ED-3057-4C43-AF1A-79CCCC1B826B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {0D17E125-6877-4D73-BC08-ECA25BACB7AE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {111C06BB-0930-4CFD-A972-A1C07A90B16A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {4B550C72-434C-49E6-BA40-C9B208585E37} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {587FB8D7-9B2E-43CC-A8FB-7584E780BE61} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-28] (Adobe Systems Incorporated)
Task: {603DE812-9B4A-4E6C-BB70-5339602EFB0A} - System32\Tasks\RealDownloader Update Check => C:\Program Files\Real\RealDownloader\downloader2.exe [2016-12-13] ()
Task: {7DCA22A1-4EF1-4F24-8225-8BED05DAFFF6} - System32\Tasks\avastBCLRestartS-1-5-21-3088101763-2072606618-2741787397-1000 => Firefox.exe
Task: {7EDDB5B7-DF5A-430F-8CEA-3E2FBDEAAA94} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {81B56108-3F9C-4AE5-9402-E075B86A0C09} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {85330998-3B3C-4783-A898-CCAE0C2B7010} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-26] (AVAST Software)
Task: {928760DA-7428-4458-B234-24D36867B6D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-28] (Adobe Systems Incorporated)
Task: {95F1ECCA-C3ED-470B-83BC-60511ACCC18D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {99F20CF6-4E70-44FE-870F-39C0B23A8A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9DE37BD2-8031-439E-B080-86C83123C71D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\recordingmanager.exe [2016-11-11] (RealNetworks, Inc.)
Task: {B59358DD-E596-462B-9DA4-B66B8587B1D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {D416D7F3-2E51-47E8-8D79-EF507C8149B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {DC56B1D6-7571-4746-9167-0A33127F5B68} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {DF0574DC-7875-4C76-8DBB-CEA4A64937A2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {F7B8BA66-F89F-4111-8A9E-C7120DE48D34} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC294542-BCB4-415B-A0B6-6DB13ECC4791} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {FFA76788-F0F7-47D9-85DF-A86F7FDA65E9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-06-26 16:09 - 2017-06-26 16:09 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-26 16:09 - 2017-06-26 16:09 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-26 16:09 - 2017-06-26 16:09 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-30 22:08 - 2017-06-30 22:08 - 05779744 _____ () C:\Program Files\AVAST Software\Avast\defs\17063002\algo.dll
2017-06-26 16:09 - 2017-06-26 16:09 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-06-26 16:09 - 2017-06-26 16:09 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-26 16:09 - 2017-06-26 16:09 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-26 16:09 - 2017-06-26 16:09 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-26 16:09 - 2017-06-26 16:09 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-27 16:57 - 2017-06-27 16:57 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2016-12-13 14:50 - 2016-12-13 14:50 - 00730864 _____ () C:\Program Files\Real\RealDownloader\downloader2.exe
2017-05-31 11:41 - 2017-05-31 11:41 - 01982976 ____R () C:\Program Files\Skype\Phone\skypert.dll
2017-05-14 12:20 - 2017-05-14 12:20 - 00182272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\5e1f3e110ffdc38cbb0df5f9aacf7f44\Kies.Common.DeviceServiceLib.Interface.ni.dll
2017-05-14 14:37 - 2017-05-14 14:37 - 15017472 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\29c9cddcdf89ac49285c9829cc139c7d\Kies.Theme.ni.dll
2017-05-14 12:20 - 2017-05-14 12:20 - 01899520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\905ebe904fae14727509ed89b6b67f3c\Kies.UI.ni.dll
2017-05-14 12:20 - 2017-05-14 12:20 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\821aa70731d7301302da5ffa9ce2b558\Kies.MVVM.ni.dll
2017-05-14 13:41 - 2017-05-14 13:41 - 00233984 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\a3e731142d731febd915db4b54b980c5\ASF_cSharpAPI.ni.dll
2017-01-15 13:28 - 2017-01-15 13:28 - 00101256 _____ () C:\Program Files\Real\RealPlayer\CrashRpt\CrashRpt1402.dll
2017-06-26 16:09 - 2017-06-26 16:09 - 00134928 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1001movie.com -> 1001movie.com

There are 6127 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-11 18:23 - 2015-08-11 18:23 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: AdvancedSystemCareService9 => 2
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 3
MSCONFIG\Services: RealPlayer Cloud Service => 3
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} =>
MSCONFIG\startupreg: NBKeyScan =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D993345C-7FFF-4443-8E97-420AF88FA86A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C91ED226-46D7-424F-8748-6931EFDEDE6C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03957991-2CA2-495D-A2E7-011DA2E34737}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{04683AB8-F080-4D15-8C77-147BEC16B732}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe
FirewallRules: [UDP Query User{02E8DC56-7B4A-4131-96A1-21740F3B0857}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe
FirewallRules: [{A70B0074-19DE-4A2F-839A-2D757E9C7D12}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{01705072-5055-47BA-AE75-10FEE2175060}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F274A6B0-E48E-45A1-B67E-172007F9311D}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{091E8D46-4FAC-4AF5-B8BD-D47416DC43D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1FE3565-1713-4622-A659-01B732063B7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B0EB3D61-B620-427F-8F52-EAEBAEE14732}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DAE9D903-A243-467D-813D-174DC25FC801}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{93C4AC80-CE6C-4091-8C2C-D70AA0AEA6BD}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{D10F79C2-0191-420E-8590-1F0834AFB9AC}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{D1765F25-CA17-4C42-81DA-1C875C66BC83}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{2FED219F-3274-4429-97AD-8B4014BED2FC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{7766F7AD-417B-46C3-BB47-274C3302DA54}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{195B7592-763A-4283-9B8B-4B0080C26389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F831488E-7E72-4F58-9CC4-13576C537F25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A45E8DC3-99A0-447C-A531-6E71A3A3AAA5}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{1E598BFC-54E8-4181-8EA8-AF688ED1742F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{81807C1B-E3EA-47B1-9A4F-966E63A44115}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{F7DC6456-87A7-4996-AC58-2B111B284548}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{DCEE00BC-0E97-4611-8D8A-19F8104D1EB7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B98FE9B0-0C76-4B1A-9AA7-66235E13240F}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{84697638-7723-4EC0-9613-F78E37EB84EC}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{3B89D270-D1DD-4C78-8660-EB6EF5D8083F}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{B63B27D5-19E8-4B7E-BDB3-4A686FAB85E2}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{9BFD6307-198A-49C4-823F-1C00F87F5B15}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{CF760EE2-B286-45CD-AD66-F8285B4A2CAC}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{329C0094-A19C-434A-AF83-6216CCE629AA}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{E4F92858-1991-43BF-A757-51DD7E5264F0}] => (Block) LPort=445
FirewallRules: [{2EC0CA5F-4F6B-4CFC-86BF-091630C7A049}] => (Block) LPort=445
FirewallRules: [{15EEE754-46F1-421B-8306-8FFFD862D998}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe
FirewallRules: [{60B2501B-E272-4FD8-B655-0FED36FA4535}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe
FirewallRules: [{36B9F3E0-4650-47AE-A1DE-0022B5852C5E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{56192D45-CD36-4DC7-A92D-09DB19C678F3}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{63016407-E815-4471-BB8B-4425A996E597}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe

==================== Restore Points =========================

01-07-2017 12:32:54 JRT Pre-Junkware Removal
01-07-2017 16:55:42 Removed Java 8 Update 111
01-07-2017 16:57:11 Removed Java 8 Update 121

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2017 05:05:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 41%
Total physical RAM: 3567.3 MB
Available physical RAM: 2091.41 MB
Total Virtual: 7132.93 MB
Available Virtual: 5469.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.91 GB) (Free:83.01 GB) NTFS
Drive e: (Backup Drive) (Fixed) (Total:931.51 GB) (Free:731.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EE0B5EB7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6829804D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#6
RKinner

Posted 01 July 2017 - 02:42 PM

Malware Expert

Expert
24,623 posts

FRST log? I just see the fixlog and addition.txt.

Any improvement?

#7
Django2009

Posted 01 July 2017 - 03:17 PM

Member

Topic Starter
Member
56 posts

I'm still getting the pop ups!

#8
RKinner

Posted 01 July 2017 - 03:19 PM

Malware Expert

Expert
24,623 posts

Definitely need the FRST log then.

#9
Django2009

Posted 01 July 2017 - 03:36 PM

Member

Topic Starter
Member
56 posts

Run it again or something else?

#10
RKinner

Posted 01 July 2017 - 03:48 PM

Malware Expert

Expert
24,623 posts

When you ran FRST scan the last time you should have gotten two files. I think they are FRST.txt and Addition.txt. You posted only Addition.txt. I need to see FRST.txt. It should be in C:\Users\User\Downloads

#11
Django2009

Posted 02 July 2017 - 05:25 AM

Member

Topic Starter
Member
56 posts

OK got you. Thought I did post it. Never mind here it is.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2017
Ran by User (administrator) on USER-PC (01-07-2017 12:38:32)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-06-26] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-26] (AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52874;https=127.0.0.1:52874
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:52874;https=127.0.0.1:52874
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84134957-FE4A-4422-A37C-E142E6B0BA2E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-11-11] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-08] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-08] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: WSISVCUchrome - No CLSID Value -

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126 [2017-07-01]
FF Homepage: Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126 -> hxxp://www.google.co.uk/
FF Extension: (Grammarly for Firefox) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126\Extensions\[email protected] [2017-06-22]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rq6fi83i.default-1476290873126\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]
FF Extension: (iSkysoft Video Converter Ultimate) - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2016-12-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=18.1.6.161 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2017-01-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=18.1.6.161 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2017-01-15] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3088101763-2072606618-2741787397-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.igoogle.com/
CHR NewTab: Default -> Not-active:"chrome-extension://bjicifbhnpakmaekfnphojjehhnifkmc/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_cnewtab&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-01]
CHR Extension: (Yahoo Partner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc [2017-03-23]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Fiery Music) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmfeiddljnkcdgcfcfhpenipgmaocon [2017-06-28]
CHR Extension: (Video Downloader All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk [2017-06-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (iSkysoft Video Converter Ultimate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nomnoaehhnmbolpapbjeopogjfefdpnl [2016-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2015-12-08]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-26]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-26]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-26]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-26]
CHR Extension: (Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-26]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [nomnoaehhnmbolpapbjeopogjfefdpnl] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2016-12-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-06-26] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-06-26] (AVAST Software)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1766176 2017-05-19] (IObit)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
S4 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-11-11] ()
S4 RealTimes Desktop Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [987408 2017-01-15] (RealNetworks, Inc.)
S3 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-06-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-06-26] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-06-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-06-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-06-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-06-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-06-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99536 2017-06-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-06-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-06-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-06-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [147688 2017-06-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-06-30] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2014-12-24] (REALiX™)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Intel Corporation) [File not signed]
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [25120 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys [20336 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [21392 2017-01-06] (IObit)
R3 IMFForceDelete; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys [14168 2017-03-17] (IObit.com)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-06-29] (Malwarebytes)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32192 2016-12-15] (IObit.com)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [4078400 2010-07-15] (Realtek Semiconductor Corp.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2014-07-28] (Wondershare)
S3 ADIHdAudAddService; no ImagePath
U3 DfSdkS; no ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-01 12:38 - 2017-07-01 12:39 - 00017973 _____ C:\Users\User\Downloads\FRST.txt
2017-07-01 12:38 - 2017-07-01 12:38 - 00000000 ____D C:\FRST
2017-07-01 12:37 - 2017-07-01 12:37 - 00006468 _____ C:\Users\User\Desktop\JRT.txt
2017-07-01 12:32 - 2017-07-01 12:32 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-01 12:31 - 2017-07-01 12:31 - 00003019 _____ C:\Users\User\Desktop\AdwCleaner.txt
2017-07-01 12:28 - 2017-07-01 12:28 - 01779712 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2017-07-01 12:27 - 2017-07-01 12:27 - 01663672 _____ (Malwarebytes) C:\Users\User\Downloads\JRT (1).exe
2017-07-01 12:26 - 2017-07-01 12:26 - 01663672 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe.m4xp0gq.partial
2017-06-29 23:35 - 2017-07-01 12:28 - 00000000 ____D C:\AdwCleaner
2017-06-29 23:34 - 2017-06-29 23:35 - 04110280 _____ C:\Users\User\Downloads\adwcleaner_6.047.exe
2017-06-29 18:19 - 2017-03-17 12:31 - 00025120 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-06-29 18:18 - 2017-06-29 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-06-29 18:17 - 2017-06-29 18:17 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-06-28 23:24 - 2017-06-28 23:24 - 00001925 _____ C:\Users\User\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-28 23:24 - 2017-06-28 23:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-28 13:19 - 2017-06-28 13:19 - 00619021 _____ C:\Users\User\Documents\universal-credit-and-you-march-2017.pdf
2017-06-26 16:10 - 2017-06-26 16:09 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-25 16:08 - 2017-06-25 16:08 - 00001879 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2017-06-25 16:06 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 39712768 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 25052160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atioglxx.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 19581440 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2017-06-25 13:06 - 2017-06-25 13:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 07898704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdva.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 07167416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdag.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 05129728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle32.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 03471376 _____ C:\Windows\system32\atiumdva.cap
2017-06-25 13:06 - 2017-06-25 13:06 - 00934400 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00842001 _____ C:\Windows\system32\amdicdxx.dat
2017-06-25 13:06 - 2017-06-25 13:06 - 00662456 _____ C:\Windows\system32\atiapfxx.blb
2017-06-25 13:06 - 2017-06-25 13:06 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2017-06-25 13:06 - 2017-06-25 13:06 - 00370688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2017-06-25 13:06 - 2017-06-25 13:06 - 00203776 _____ C:\Windows\system32\clinfo.exe
2017-06-25 13:06 - 2017-06-25 13:06 - 00201216 _____ C:\Windows\system32\amdgfxinfo32.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00189440 _____ C:\Windows\system32\atieah32.exe
2017-06-25 13:06 - 2017-06-25 13:06 - 00177344 _____ C:\Windows\system32\ativce03.dat
2017-06-25 13:06 - 2017-06-25 13:06 - 00175648 _____ C:\Windows\system32\amde31a.dat
2017-06-25 13:06 - 2017-06-25 13:06 - 00164352 _____ (AMD) C:\Windows\system32\atitmmxx.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00158208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atigktxx.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00142848 _____ C:\Windows\system32\hsa-thunk.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00123240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9pag.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00117760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle32.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00100816 _____ C:\Windows\system32\ativce02.dat
2017-06-25 13:06 - 2017-06-25 13:06 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc32.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00090624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00089600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl32.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00059392 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2017-06-25 13:06 - 2017-06-25 13:06 - 00029184 _____ (AMD) C:\Windows\system32\atimuixx.dll
2017-06-24 16:07 - 2017-06-24 16:07 - 00000000 ____D C:\Users\User\.QtWebEngineProcess
2017-06-24 16:07 - 2017-06-24 16:07 - 00000000 ____D C:\Users\User\.Plays.tv
2017-06-24 14:22 - 2017-06-24 14:22 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2017-06-23 22:32 - 2017-06-24 12:17 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2017-06-19 15:00 - 2017-06-19 15:00 - 00000000 ____D C:\Users\User\AppData\Local\Facebook
2017-06-14 12:41 - 2017-06-02 09:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 12:41 - 2017-06-02 09:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 12:41 - 2017-06-02 09:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 12:41 - 2017-06-02 09:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 12:41 - 2017-06-02 09:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 12:41 - 2017-06-02 09:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-14 12:41 - 2017-06-02 09:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-14 12:41 - 2017-06-02 09:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-14 12:41 - 2017-06-02 08:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 12:41 - 2017-06-02 08:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 12:41 - 2017-06-02 08:57 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 12:41 - 2017-06-02 08:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-14 12:41 - 2017-06-02 08:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-14 12:41 - 2017-05-21 05:10 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-14 12:41 - 2017-05-21 05:10 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-14 12:41 - 2017-05-21 05:06 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-14 12:41 - 2017-05-21 05:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-14 12:41 - 2017-05-21 04:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-14 12:41 - 2017-05-21 04:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 12:41 - 2017-05-21 04:42 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 12:41 - 2017-05-21 04:42 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-14 12:41 - 2017-05-21 04:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-14 12:41 - 2017-05-21 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-14 12:41 - 2017-05-21 04:42 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-14 12:41 - 2017-05-16 18:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-14 12:41 - 2017-05-14 20:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-14 12:41 - 2017-05-14 20:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-14 12:41 - 2017-05-14 20:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-14 12:41 - 2017-05-14 20:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 12:41 - 2017-05-14 20:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-14 12:41 - 2017-05-14 20:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-14 12:41 - 2017-05-14 20:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-14 12:41 - 2017-05-14 20:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-14 12:41 - 2017-05-14 20:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-14 12:41 - 2017-05-14 20:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-14 12:41 - 2017-05-14 20:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-14 12:41 - 2017-05-14 20:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 12:41 - 2017-05-14 20:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-14 12:41 - 2017-05-14 20:11 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-14 12:41 - 2017-05-14 20:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 12:41 - 2017-05-14 20:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-14 12:41 - 2017-05-14 20:05 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-14 12:41 - 2017-05-14 20:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-14 12:41 - 2017-05-14 19:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-14 12:41 - 2017-05-14 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-14 12:41 - 2017-05-14 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-14 12:41 - 2017-05-14 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-14 12:41 - 2017-05-14 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-14 12:41 - 2017-05-14 19:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-14 12:41 - 2017-05-14 19:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-14 12:41 - 2017-05-14 19:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 12:41 - 2017-05-14 19:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-14 12:41 - 2017-05-14 19:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 12:41 - 2017-05-14 19:40 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-14 12:41 - 2017-05-14 19:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-14 12:41 - 2017-05-14 19:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-14 12:41 - 2017-05-14 19:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 12:41 - 2017-05-14 19:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 12:41 - 2017-05-14 19:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 12:41 - 2017-05-14 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 12:41 - 2017-05-12 19:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-06-14 12:41 - 2017-05-12 19:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 12:41 - 2017-05-12 19:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 12:41 - 2017-05-12 19:04 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-14 12:41 - 2017-05-12 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-14 12:41 - 2017-05-12 18:45 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-14 12:41 - 2017-05-12 18:45 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-14 12:41 - 2017-05-12 18:45 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-14 12:41 - 2017-05-12 18:45 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-14 12:41 - 2017-05-12 18:44 - 02401792 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 12:41 - 2017-05-12 18:43 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-14 12:41 - 2017-05-12 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 12:41 - 2017-05-12 18:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-14 12:41 - 2017-05-12 17:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 12:41 - 2017-05-12 17:25 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 12:41 - 2017-05-10 16:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-14 12:41 - 2017-05-10 16:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 12:41 - 2017-05-10 16:12 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 12:41 - 2017-05-10 16:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-14 12:41 - 2017-05-10 16:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 12:41 - 2017-05-10 16:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-14 12:41 - 2017-05-10 16:01 - 02092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 12:41 - 2017-05-10 16:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 12:41 - 2017-05-10 16:00 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 12:41 - 2017-05-10 16:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 12:41 - 2017-05-10 16:00 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-14 12:41 - 2017-05-10 16:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 12:41 - 2017-05-10 16:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-14 12:41 - 2017-05-10 16:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-14 12:41 - 2017-05-10 15:47 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 12:41 - 2017-05-09 16:11 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 12:41 - 2017-05-09 16:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 12:41 - 2017-05-09 16:01 - 00066048 _____ C:\Windows\system32\PrintBrmUi.exe
2017-06-14 12:41 - 2017-05-07 16:14 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 12:41 - 2017-05-07 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-14 12:41 - 2017-03-30 15:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-10 17:51 - 2017-06-10 17:52 - 185406582 _____ C:\Users\User\Downloads\Kraftwerk - 3-D_ The Catalogue CD7.zip
2017-06-02 23:13 - 2017-06-02 23:18 - 397697288 _____ C:\Users\User\Downloads\anden-som-gjorde-oppror.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-01 12:38 - 2009-07-14 05:34 - 00035504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-01 12:38 - 2009-07-14 05:34 - 00035504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-01 12:29 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-01 12:28 - 2013-12-16 20:07 - 00000000 ____D C:\Users\User\AppData\LocalLow\IObit
2017-07-01 12:28 - 2013-12-16 20:07 - 00000000 ____D C:\ProgramData\IObit
2017-07-01 12:28 - 2013-12-16 20:06 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
2017-07-01 12:24 - 2016-11-18 20:03 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-07-01 12:23 - 2014-04-11 13:14 - 00000000 __SHD C:\Users\User\AppData\LocalLow\EmieUserList
2017-07-01 12:23 - 2014-04-11 13:10 - 00000000 __SHD C:\Users\User\AppData\LocalLow\EmieSiteList
2017-07-01 12:08 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-07-01 12:03 - 2013-12-16 19:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-07-01 00:36 - 2013-12-16 14:48 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-06-30 22:31 - 2015-11-04 17:55 - 00000000 ____D C:\Users\User\Desktop\lol
2017-06-30 22:18 - 2016-12-15 23:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-30 18:26 - 2013-12-30 12:19 - 72597504 _____ C:\Windows\system32\config\software.iobit
2017-06-30 18:26 - 2013-12-30 12:19 - 01454080 _____ C:\Windows\system32\config\default.iobit
2017-06-30 18:26 - 2013-12-30 12:19 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2017-06-30 18:26 - 2013-12-30 12:19 - 00024576 _____ C:\Windows\system32\config\security.iobit
2017-06-30 18:09 - 2013-12-16 14:42 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-06-30 17:58 - 2014-02-05 17:39 - 00000000 ____D C:\IObit
2017-06-29 23:49 - 2014-11-20 17:49 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-06-29 23:48 - 2013-12-16 20:07 - 00000000 ____D C:\Program Files\IObit
2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Yahoo!
2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Users\User\AppData\LocalLow\Yahoo!
2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Program Files\Yahoo!
2017-06-29 23:22 - 2014-04-29 17:33 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-29 17:59 - 2013-12-16 20:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-28 23:56 - 2014-08-25 22:35 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-06-28 23:56 - 2014-01-03 14:19 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-06-28 23:56 - 2014-01-03 14:19 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-06-28 23:55 - 2014-01-03 14:19 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-28 23:06 - 2016-03-06 19:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-06-28 16:51 - 2014-10-21 23:26 - 00157696 ___SH C:\Users\User\Documents\Thumbs.db
2017-06-28 14:12 - 2015-01-28 15:39 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-06-27 22:46 - 2013-12-16 14:38 - 00002020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 12:37 - 2013-12-16 14:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-06-26 16:09 - 2017-02-07 13:03 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-06-26 16:09 - 2017-02-07 13:03 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-06-26 16:09 - 2017-02-07 13:03 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-06-26 16:09 - 2017-02-07 13:03 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-06-26 16:09 - 2016-03-22 23:05 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-26 16:09 - 2014-05-01 16:51 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-26 16:09 - 2014-01-03 14:19 - 00147688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-06-26 16:09 - 2013-12-16 14:42 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-26 16:09 - 2013-12-16 14:42 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-26 16:09 - 2013-12-16 14:42 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-26 16:09 - 2013-12-16 14:42 - 00099536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-26 16:09 - 2013-12-16 14:42 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-26 16:09 - 2013-12-16 14:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-25 22:41 - 2017-03-25 16:15 - 00000000 ___RD C:\Program Files\Skype
2017-06-25 22:41 - 2016-03-06 19:57 - 00000000 ____D C:\ProgramData\Skype
2017-06-25 19:15 - 2010-11-20 22:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-25 16:08 - 2014-01-03 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-06-25 16:06 - 2014-01-03 18:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Samsung
2017-06-25 16:06 - 2014-01-03 18:15 - 00000000 ____D C:\Program Files\Samsung
2017-06-25 16:06 - 2013-12-16 15:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-06-25 13:06 - 2015-08-04 07:28 - 09468448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx32.dll
2017-06-25 13:06 - 2015-08-04 07:28 - 01194928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx32.dll
2017-06-25 13:06 - 2015-08-04 07:28 - 00136624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxpag.dll
2017-06-25 13:06 - 2015-08-04 03:06 - 00564224 _____ (AMD) C:\Windows\system32\atieclxx.exe
2017-06-25 13:06 - 2015-08-04 03:06 - 00259072 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2017-06-25 13:06 - 2015-08-04 02:48 - 00669696 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2017-06-25 00:42 - 2014-12-10 15:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-25 00:42 - 2010-11-21 01:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-25 00:42 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2017-06-24 23:13 - 2013-12-23 12:24 - 00000000 ____D C:\AMD
2017-06-24 15:53 - 2009-07-14 05:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-20 16:56 - 2016-10-04 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-06-14 16:50 - 2015-12-08 17:41 - 00502976 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 16:50 - 2014-11-06 13:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 16:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-14 14:12 - 2013-12-16 15:44 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 14:07 - 2013-12-16 15:44 - 130903960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 14:04 - 2014-11-06 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-03 22:52 - 2015-04-02 18:21 - 00000116 _____ C:\Windows\NeroDigital.ini

==================== Files in the root of some directories =======

2015-09-16 17:04 - 2016-11-22 17:03 - 0000518 _____ () C:\Users\User\AppData\Roaming\burnaware.ini
2014-06-29 16:41 - 2014-10-15 13:30 - 0000097 _____ () C:\Users\User\AppData\Roaming\default.pls
2015-02-09 16:09 - 2015-02-09 16:11 - 0022328 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys
2015-04-11 14:44 - 2015-04-11 14:44 - 0000020 ___SH () C:\Users\User\AppData\Roaming\Sys11965 DataCollection.dat
2015-04-11 14:44 - 2015-04-11 14:44 - 0000020 ___SH () C:\Users\User\AppData\Roaming\System413_DataDB.ind
2017-03-26 18:12 - 2017-03-26 18:12 - 1058101 _____ () C:\Users\User\AppData\Local\ars.cache
2017-03-26 18:12 - 2017-03-26 18:12 - 0384255 _____ () C:\Users\User\AppData\Local\census.cache
2015-07-12 23:19 - 2016-09-09 23:24 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-26 17:50 - 2017-03-26 17:50 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-08-11 16:42 - 2015-08-11 16:42 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2017-03-26 18:03 - 2017-03-26 18:03 - 0000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache
2017-02-26 18:03 - 2017-02-26 18:03 - 0000116 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-06 16:35

==================== End of FRST.txt ============================

#12
RKinner

Posted 02 July 2017 - 06:46 AM

Malware Expert

Expert
24,623 posts

Let's try again.

Download the attached fixlist.txt to the same location as FRST

[attachment=85428:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that

I would let Avast do a boot-time scan tonight while you sleep:

Click on the Avast ball. Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan. Click on Install Special Definitions. Click on Run on Next PC Reboot.

Reboot and let it run a scan. It may take hours.

Once it finishes it should load windows. Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start. It will tell you where it saves its log. Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

If you still have the problem then get:

tcpview. http://live.sysinter...com/Tcpview.exe Download, Save and then run it by right clicking and Run As Admin.

Then File, Save As (to your desktop), tcp , OK. This should createa file tcp.txt on your desktop. Attach or copy and paste it to a reply.

#13
Django2009

Posted 02 July 2017 - 07:07 AM

Member

Topic Starter
Member
56 posts

OK, bit of a update thanks to Avast. A popup blocked one of the pages that tried to load up and like all the rest that have popped up. They all came from the same Site starting with Piz7ohhujogi.com etc.

Here's the latest Fixlog

I will do Avast later as you asked.

#14
Django2009

Posted 02 July 2017 - 07:07 AM

Member

Topic Starter
Member
56 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-06-2017
Ran by User (02-07-2017 13:55:52) Run:3
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: AdvancedSystemCareService9 => 2
MSCONFIG\Services: IObitUnSvr => 2
FirewallRules: [{81807C1B-E3EA-47B1-9A4F-966E63A44115}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{F7DC6456-87A7-4996-AC58-2B111B284548}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{56192D45-CD36-4DC7-A92D-09DB19C678F3}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{63016407-E815-4471-BB8B-4425A996E597}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
C:\Program Files\IObit
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52874;https=127.0.0.1:52874
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:52874;https=127.0.0.1:52874
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: WSISVCUchrome - No CLSID Value -
CHR NewTab: Default -> Not-active:"chrome-extension://bjicifbhnpakmaekfnphojjehhnifkmc/newtab.html"
CHR NewTab: Default -> Not-active:"chrome-extension://bjicifbhnpakmaekfnphojjehhnifkmc/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_cnewtab&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Yahoo Partner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc [2017-03-23]
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc
CHR Extension: (Video Downloader All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk [2017-06-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [nomnoaehhnmbolpapbjeopogjfefdpnl] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2016-12-21]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1766176 2017-05-19] (IObit)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [25120 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys [20336 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [21392 2017-01-06] (IObit)
R3 IMFForceDelete; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys [14168 2017-03-17] (IObit.com)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32192 2016-12-15] (IObit.com)
C:\Windows\System32\GroupPolicy
C:\WINDOWS\SysWOW64\GroupPolicy
C:\WINDOWS\SysWOW64\GroupPolicyUsers
C:\Windows\System32\GroupPolicyUsers
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ADIHdAudAddService; no ImagePath
U3 DfSdkS; no ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
2017-06-29 18:19 - 2017-03-17 12:31 - 00025120 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-06-29 18:18 - 2017-06-29 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-06-29 18:17 - 2017-06-29 18:17 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-06-28 23:24 - 2017-06-28 23:24 - 00001925 _____ C:\Users\User\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-28 23:24 - 2017-06-28 23:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-07-01 12:28 - 2013-12-16 20:07 - 00000000 ____D C:\Users\User\AppData\LocalLow\IObit
2017-07-01 12:28 - 2013-12-16 20:07 - 00000000 ____D C:\ProgramData\IObit
2017-07-01 12:28 - 2013-12-16 20:06 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
2017-06-30 18:26 - 2013-12-30 12:19 - 72597504 _____ C:\Windows\system32\config\software.iobit
2017-06-30 18:26 - 2013-12-30 12:19 - 01454080 _____ C:\Windows\system32\config\default.iobit
2017-06-30 18:26 - 2013-12-30 12:19 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2017-06-30 18:26 - 2013-12-30 12:19 - 00024576 _____ C:\Windows\system32\config\security.iobit
2017-06-30 17:58 - 2014-02-05 17:39 - 00000000 ____D C:\IObit
2017-06-29 23:49 - 2014-11-20 17:49 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-06-29 23:48 - 2013-12-16 20:07 - 00000000 ____D C:\Program Files\IObit
2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Yahoo!
2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Users\User\AppData\LocalLow\Yahoo!
2017-06-29 23:39 - 2014-01-03 16:30 - 00000000 ____D C:\Program Files\Yahoo!
2017-06-29 17:59 - 2013-12-16 20:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
CMD: gpupdate /force
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdvancedSystemCareService8 => key removed successfully.
HKLM\System\CurrentControlSet\Services\AdvancedSystemCareService8 => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdvancedSystemCareService9 => key removed successfully.
HKLM\System\CurrentControlSet\Services\AdvancedSystemCareService9 => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IObitUnSvr => key removed successfully.
HKLM\System\CurrentControlSet\Services\IObitUnSvr => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81807C1B-E3EA-47B1-9A4F-966E63A44115} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7DC6456-87A7-4996-AC58-2B111B284548} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56192D45-CD36-4DC7-A92D-09DB19C678F3} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63016407-E815-4471-BB8B-4425A996E597} => value removed successfully.
C:\Program Files\IObit => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\Software\Classes\PROTOCOLS\Handler\WSISVCUchrome => key not found.
Chrome NewTab => removed successfully.
Chrome NewTab => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
Chrome DefaultSuggestURL => not found.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc => not found.
"C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc" => not found.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk => moved successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
IMFservice => service not found.
IMFCameraProtect => service not found.
IMFDownProtect => service not found.
IMFFilter => service not found.
IMFForceDelete => service not found.
RegFilter => service not found.
C:\Windows\System32\GroupPolicy => moved successfully
"C:\WINDOWS\SysWOW64\GroupPolicy" => not found.
"C:\WINDOWS\SysWOW64\GroupPolicyUsers" => not found.
C:\Windows\System32\GroupPolicyUsers => moved successfully
SASDIFSV => service not found.
HKLM\System\CurrentControlSet\Services\SASKUTIL => key removed successfully.
SASKUTIL => service removed successfully.
ADIHdAudAddService => service not found.
DfSdkS => service not found.
dgderdrv => service not found.
NPF => service not found.
HKLM\System\CurrentControlSet\Services\Partizan => key removed successfully.
Partizan => service removed successfully.
"C:\Windows\system32\Drivers\IMFCameraProtect.sys" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter" => not found.
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} => moved successfully
"C:\Users\User\Desktop\SUPERAntiSpyware Free Edition.lnk" => not found.
"C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware" => not found.
C:\Users\User\AppData\LocalLow\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Users\User\AppData\Roaming\IObit => moved successfully
C:\Windows\system32\config\software.iobit => moved successfully
C:\Windows\system32\config\default.iobit => moved successfully
C:\Windows\system32\config\sam.iobit => moved successfully
C:\Windows\system32\config\security.iobit => moved successfully
C:\IObit => moved successfully
C:\Program Files\Common Files\IObit => moved successfully
"C:\Program Files\IObit" => not found.
C:\Users\User\AppData\Roaming\Yahoo! => moved successfully
C:\Users\User\AppData\LocalLow\Yahoo! => moved successfully
C:\Program Files\Yahoo! => moved successfully
C:\Program Files\SUPERAntiSpyware => moved successfully

========= gpupdate /force =========

Updating Policy...

User Policy update has completed successfully.

Computer Policy update has completed successfully.

========= End of CMD: =========

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 13:57:04 ====

#15
Django2009

Posted 02 July 2017 - 03:44 PM

Member

Topic Starter
Member
56 posts

Must say I am not getting any pop-ups now. Fingers crossed its done and it runs a lot faster.

Avast Bootscan results

07/02/2017 19:01
Scan of all local drives

Number of searched folders: 1395
Number of tested files: 91262
Number of infected files: 0

FRST Results

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2017
Ran by User (02-07-2017 22:16:57)
Running from C:\Users\User\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-12-16 13:02:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3088101763-2072606618-2741787397-500 - Administrator - Disabled)
Guest (S-1-5-21-3088101763-2072606618-2741787397-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3088101763-2072606618-2741787397-1002 - Limited - Enabled)
User (S-1-5-21-3088101763-2072606618-2741787397-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccessDiver v4.120 (HKLM\...\AccessDiver 4.120_is1) (Version: - )
AccessDiver v4.260 (HKLM\...\AccessDiver v4.260_is1) (Version: - Jean Fages)
AccessDiver v4.402 (HKLM\...\AccessDiver v4.402_is1) (Version: - Jean Fages)
ACDSee (HKLM\...\ACDSee) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 4.0 Beta 4 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
Combined Community Codec Pack 2015-10-18 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2015.10.19.0 - CCCP Project)
Dropbox (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DVDFab 9.2.0.8 (06/08/2015) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM\...\{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}) (Version: 59.0.3071.115 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IncrediMail (HKLM\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
iSkysoft Video Converter Ultimate(Build 5.2.1.0) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.2.1.0 - iSkysoft Software)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
MailWasher (HKLM\...\{6274A6B6-DF02-48A4-940D-F18775909906}) (Version: 7.11 - Firetrust)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 52.2.1 (x86 en-GB)) (Version: 52.2.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero SoundTrax (HKLM\...\{3D62438A-C6E0-4160-B3CC-D6B5158782D3}) (Version: 12.0.03300 - Nero AG)
Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0005 - Nero AG) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM\...\{0f83759a-ef7e-43bf-b75b-15e2a540e20d}) (Version: 18.1.6.165 - RealNetworks) Hidden
RealDownloader (HKLM\...\{25C2B7A5-3DED-45E8-B1E8-B8596E847382}) (Version: 18.1.6.165 - RealNetworks) Hidden
RealDownloader (HKLM\...\{496CA6A6-13F4-49AA-9A27-CD96CF65B29A}) (Version: 18.1.6.161 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Serif PhotoPlus 7.0 (HKLM\...\{BEFCB74C-C49F-4327-8EDF-3A81A574AC0F}) (Version: - )
Serif PhotoPlus 7.0 Resource CD-ROM (HKLM\...\{1D4AE68D-CC48-401D-A5DC-B7A78E827492}) (Version: - )
Skype™ 7.37 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Video Downloader (HKLM\...\{751FF83F-61D7-4EE3-A23F-C77A431709B7}) (Version: 1.3.0 - RealNetworks) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
vs2015_redist x86 (HKLM\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{02835AE8-A267-4B1F-A05C-36D2DEA350DC}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{44CD0A52-D0B4-4D03-A572-A9BDAD6E2D33}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBAC09B1-05A9-4E4F-93BA-1E409D52A268}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-26] (AVAST Software)
ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll -> No File
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-26] (AVAST Software)
ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers01: [iSkysoftVideoConverterFileOpreation] -> {B5FA2AE6-7A94-4382-8EA9-58C725AAB854} => C:\Windows\System32\ISCM32.dll [2014-07-28] ()
ContextMenuHandlers01: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll -> No File
ContextMenuHandlers01: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-26] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers03: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files\Real\RealPlayer\RPDS\Bin\rpcontextmenu.dll [2017-01-15] (RealNetworks, Inc.)
ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\ATI.ACE\Core-Static\atiacmxx.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-26] (AVAST Software)
ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll -> No File
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3088101763-2072606618-2741787397-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3088101763-2072606618-2741787397-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3088101763-2072606618-2741787397-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D587ED-3057-4C43-AF1A-79CCCC1B826B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {0D17E125-6877-4D73-BC08-ECA25BACB7AE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {111C06BB-0930-4CFD-A972-A1C07A90B16A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {4B550C72-434C-49E6-BA40-C9B208585E37} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {587FB8D7-9B2E-43CC-A8FB-7584E780BE61} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-28] (Adobe Systems Incorporated)
Task: {603DE812-9B4A-4E6C-BB70-5339602EFB0A} - System32\Tasks\RealDownloader Update Check => C:\Program Files\Real\RealDownloader\downloader2.exe [2016-12-13] ()
Task: {7DCA22A1-4EF1-4F24-8225-8BED05DAFFF6} - System32\Tasks\avastBCLRestartS-1-5-21-3088101763-2072606618-2741787397-1000 => Firefox.exe
Task: {7EDDB5B7-DF5A-430F-8CEA-3E2FBDEAAA94} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {81B56108-3F9C-4AE5-9402-E075B86A0C09} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {85330998-3B3C-4783-A898-CCAE0C2B7010} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-26] (AVAST Software)
Task: {928760DA-7428-4458-B234-24D36867B6D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-28] (Adobe Systems Incorporated)
Task: {95F1ECCA-C3ED-470B-83BC-60511ACCC18D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {99F20CF6-4E70-44FE-870F-39C0B23A8A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9DE37BD2-8031-439E-B080-86C83123C71D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\recordingmanager.exe [2016-11-11] (RealNetworks, Inc.)
Task: {B59358DD-E596-462B-9DA4-B66B8587B1D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {D416D7F3-2E51-47E8-8D79-EF507C8149B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {DC56B1D6-7571-4746-9167-0A33127F5B68} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {DF0574DC-7875-4C76-8DBB-CEA4A64937A2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {F7B8BA66-F89F-4111-8A9E-C7120DE48D34} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC294542-BCB4-415B-A0B6-6DB13ECC4791} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {FFA76788-F0F7-47D9-85DF-A86F7FDA65E9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1001movie.com -> 1001movie.com

There are 6127 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-11 18:23 - 2015-08-11 18:23 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 3
MSCONFIG\Services: RealPlayer Cloud Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 7 => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} =>
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NBKeyScan =>
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RealDownloader => C:\Program Files\Real\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D993345C-7FFF-4443-8E97-420AF88FA86A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C91ED226-46D7-424F-8748-6931EFDEDE6C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03957991-2CA2-495D-A2E7-011DA2E34737}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{04683AB8-F080-4D15-8C77-147BEC16B732}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe
FirewallRules: [UDP Query User{02E8DC56-7B4A-4131-96A1-21740F3B0857}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe
FirewallRules: [{A70B0074-19DE-4A2F-839A-2D757E9C7D12}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{01705072-5055-47BA-AE75-10FEE2175060}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F274A6B0-E48E-45A1-B67E-172007F9311D}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{091E8D46-4FAC-4AF5-B8BD-D47416DC43D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1FE3565-1713-4622-A659-01B732063B7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B0EB3D61-B620-427F-8F52-EAEBAEE14732}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DAE9D903-A243-467D-813D-174DC25FC801}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{93C4AC80-CE6C-4091-8C2C-D70AA0AEA6BD}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{D10F79C2-0191-420E-8590-1F0834AFB9AC}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{D1765F25-CA17-4C42-81DA-1C875C66BC83}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{2FED219F-3274-4429-97AD-8B4014BED2FC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{7766F7AD-417B-46C3-BB47-274C3302DA54}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{195B7592-763A-4283-9B8B-4B0080C26389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F831488E-7E72-4F58-9CC4-13576C537F25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A45E8DC3-99A0-447C-A531-6E71A3A3AAA5}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{1E598BFC-54E8-4181-8EA8-AF688ED1742F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{DCEE00BC-0E97-4611-8D8A-19F8104D1EB7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B98FE9B0-0C76-4B1A-9AA7-66235E13240F}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{84697638-7723-4EC0-9613-F78E37EB84EC}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{3B89D270-D1DD-4C78-8660-EB6EF5D8083F}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{B63B27D5-19E8-4B7E-BDB3-4A686FAB85E2}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{9BFD6307-198A-49C4-823F-1C00F87F5B15}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{CF760EE2-B286-45CD-AD66-F8285B4A2CAC}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{329C0094-A19C-434A-AF83-6216CCE629AA}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{E4F92858-1991-43BF-A757-51DD7E5264F0}] => (Block) LPort=445
FirewallRules: [{2EC0CA5F-4F6B-4CFC-86BF-091630C7A049}] => (Block) LPort=445
FirewallRules: [{15EEE754-46F1-421B-8306-8FFFD862D998}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe
FirewallRules: [{60B2501B-E272-4FD8-B655-0FED36FA4535}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe
FirewallRules: [{36B9F3E0-4650-47AE-A1DE-0022B5852C5E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-07-2017 12:32:54 JRT Pre-Junkware Removal
01-07-2017 16:55:42 Removed Java 8 Update 111
01-07-2017 16:57:11 Removed Java 8 Update 121

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2017 07:15:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/02/2017 04:59:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/02/2017 01:59:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (07/02/2017 04:09:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (07/02/2017 04:09:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/02/2017 04:09:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (07/02/2017 04:09:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/02/2017 04:09:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/02/2017 04:09:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/02/2017 04:09:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 04:09:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealTimes Desktop Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 04:09:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 04:09:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 25%
Total physical RAM: 3567.3 MB
Available physical RAM: 2674.41 MB
Total Virtual: 7132.93 MB
Available Virtual: 6006.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.91 GB) (Free:84.72 GB) NTFS
Drive e: (Backup Drive) (Fixed) (Total:931.51 GB) (Free:731.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EE0B5EB7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6829804D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================