Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC so slow Help! [Solved]

Started by Skelly2019 , Jan 11 2019 01:39 PM

  • This topic is locked This topic is locked

#1
Skelly2019
Posted 11 January 2019 - 01:39 PM

Skelly2019

    Member

  • Member
  • PipPip
  • 29 posts

Im helping  a friend with his PC it is running really slow.

Hi is using a HP Duo core 2.3ghz Desktop, 4GB Ram. 160 GB Hard Drive and 1TB Hard Drive and is using Window 7 32 Bit OS

 

Please can someone help?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2019 01
Ran by User (administrator) on USER-PC (11-01-2019 18:18:44)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Evaer Technology) C:\Program Files\Evaer\videochannel.exe
(d7x Technology LLC) C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventNotification.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-21] (AVAST Software)

HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\Run: [avichannel] => C:\Program Files\Evaer\videochannel.exe [1752096 2018-03-20] (Evaer Technology)
HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\System32\xvidvfw.dll [236544 2011-12-19] ()
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\System32\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\System32\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\System32\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{D23BF655-7113-446E-9DEA-7928909D9A23}] -> C:\Windows\System32\IEDKCS32.DLL [2018-12-28] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\Windows\System32\advpack.dll [2009-07-14] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CryptoPrevent QuickAccess.lnk [2018-12-28]
ShortcutTarget: CryptoPrevent QuickAccess.lnk -> C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventNotification.exe (d7x Technology LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84134957-FE4A-4422-A37C-E142E6B0BA2E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000 -> {81F66EA9-CFF5-4C94-8FE9-A54CFCCC83BA} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-11-11] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-29] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-01-30] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-01-30] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-01-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-01-30] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 315kqsrw.default-1476290873126-1512829290828
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\315kqsrw.default-1476290873126-1512829290828 [2019-01-11]
FF Homepage: Mozilla\Firefox\Profiles\315kqsrw.default-1476290873126-1512829290828 -> hxxp://www.google.co.uk/
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\315kqsrw.default-1476290873126-1512829290828\Extensions\[email protected] [2018-02-04]
FF Extension: (Google Translator for Firefox) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\315kqsrw.default-1476290873126-1512829290828\Extensions\[email protected] [2018-12-02]
FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\315kqsrw.default-1476290873126-1512829290828\Extensions\[email protected] [2018-12-01]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\315kqsrw.default-1476290873126-1512829290828\Extensions\[email protected] [2019-01-03]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\315kqsrw.default-1476290873126-1512829290828\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-01]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\315kqsrw.default-1476290873126-1512829290828\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-03]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]
FF Extension: (iSkysoft Video Converter Ultimate) - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2018-01-27] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=18.1.6.161 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2017-01-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=18.1.6.161 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2017-01-15] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3088101763-2072606618-2741787397-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.igoogle.com/
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-01-11]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-27]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-27]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-18]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-12-18]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-03]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-01-27]
CHR Extension: (uBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-11-17]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-27]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-09]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-01-10]
CHR Extension: (Video Downloader professional) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk [2018-10-02]
CHR Extension: (Lucky Dragon) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfnpflkjppmckmblckilecglaebgcdck [2018-09-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-20]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-05]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-27]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-27]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-26]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-26]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-27]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [nomnoaehhnmbolpapbjeopogjfefdpnl] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2016-12-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-11-21] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-21] (AVAST Software)
S3 CryptoPreventEmail; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [844272 2018-10-21] (d7x Technology LLC)
S3 CryptoPreventFolderWatch; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [844272 2018-10-21] (d7x Technology LLC)
S2 CryptoPreventMonSvc; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [844272 2018-10-21] (d7x Technology LLC)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [401984 2017-08-21] (Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S4 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-11-11] ()
S4 RealTimes Desktop Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [987408 2017-01-15] (RealNetworks, Inc.)
S3 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-11-21] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-11-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-11-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-11-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-11-21] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183176 2018-11-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-11-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2018-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2018-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-11-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2018-11-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397992 2018-11-21] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [156936 2018-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-11-21] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-09-19] (REALiX™)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Intel Corporation) [File not signed]
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-11] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [44008 2017-04-07] (Intel Corporation )
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [4078400 2010-07-15] (Realtek Semiconductor Corp.) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2014-07-28] (Wondershare)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-11 18:18 - 2019-01-11 18:39 - 000264991 _____ C:\Users\User\Downloads\FRST.txt
2019-01-11 18:17 - 2019-01-11 18:18 - 000000000 ____D C:\FRST
2019-01-11 18:15 - 2019-01-11 18:15 - 000000000 ____D C:\Users\User\Desktop\Tools
2019-01-11 18:14 - 2019-01-11 18:14 - 001785344 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2019-01-11 17:49 - 2019-01-11 17:49 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-09 17:32 - 2018-12-28 22:52 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-09 17:32 - 2018-12-28 19:51 - 004055272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-01-09 17:32 - 2018-12-28 19:51 - 003960552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-09 17:32 - 2018-12-28 19:51 - 001214696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 17:32 - 2018-12-28 19:51 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-01-09 17:32 - 2018-12-28 19:51 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-09 17:32 - 2018-12-28 19:51 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 17:32 - 2018-12-28 19:51 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-01-09 17:32 - 2018-12-28 19:51 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-01-09 17:32 - 2018-12-28 19:50 - 001310520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:31 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-01-09 17:32 - 2018-12-28 19:31 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-01-09 17:32 - 2018-12-28 19:31 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-01-09 17:32 - 2018-12-28 19:31 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-01-09 17:32 - 2018-12-28 19:30 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-01-09 17:32 - 2018-12-28 19:29 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-01-09 17:32 - 2018-12-28 19:29 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-01-09 17:32 - 2018-12-28 19:29 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-01-09 17:32 - 2018-12-28 19:27 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-01-09 17:32 - 2018-12-28 19:27 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-01-09 17:32 - 2018-12-28 19:27 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-09 17:32 - 2018-12-28 19:26 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-09 17:32 - 2018-12-28 19:26 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-01-09 17:32 - 2018-12-28 19:26 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-01-09 17:32 - 2018-12-28 19:26 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-01-09 17:32 - 2018-12-28 19:26 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-01-09 17:32 - 2018-12-28 19:26 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-01-09 17:32 - 2018-12-28 19:26 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-01-09 17:32 - 2018-12-28 19:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-01-09 17:32 - 2018-12-28 19:26 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-01-09 17:32 - 2018-12-28 19:26 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 19:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-01-09 17:32 - 2018-12-28 18:09 - 000419608 _____ C:\Windows\system32\locale.nls
2019-01-09 17:32 - 2018-12-27 23:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 17:32 - 2018-12-27 23:17 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-09 17:32 - 2018-12-27 23:17 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-09 17:32 - 2018-12-27 23:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-09 17:32 - 2018-12-27 23:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-09 17:32 - 2018-12-27 23:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-09 17:32 - 2018-12-27 23:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-09 17:32 - 2018-12-27 23:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-09 17:32 - 2018-12-27 23:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-09 17:32 - 2018-12-27 22:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-09 17:32 - 2018-12-27 22:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-09 17:32 - 2018-12-27 22:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-09 17:32 - 2018-12-27 22:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-09 17:32 - 2018-12-27 22:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-09 17:32 - 2018-12-27 22:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-09 17:32 - 2018-12-27 22:55 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-09 17:32 - 2018-12-27 22:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-09 17:32 - 2018-12-27 22:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-09 17:32 - 2018-12-27 22:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-09 17:32 - 2018-12-27 22:42 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-09 17:32 - 2018-12-27 22:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-09 17:32 - 2018-12-27 22:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-09 17:32 - 2018-12-27 22:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-09 17:32 - 2018-12-27 22:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-09 17:32 - 2018-12-27 22:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-09 17:32 - 2018-12-27 22:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-09 17:32 - 2018-12-27 22:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-09 17:32 - 2018-12-27 22:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-09 17:32 - 2018-12-27 22:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-09 17:32 - 2018-12-27 22:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-09 17:32 - 2018-12-27 22:29 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-09 17:32 - 2018-12-27 22:28 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-09 17:32 - 2018-12-27 22:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-09 17:32 - 2018-12-27 22:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 17:32 - 2018-12-27 22:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-09 17:32 - 2018-12-08 02:56 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2019-01-09 17:32 - 2018-12-08 02:56 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2019-01-09 17:32 - 2018-12-08 02:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2019-01-09 17:32 - 2018-12-08 02:41 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 17:32 - 2018-12-08 02:41 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-01-09 17:32 - 2018-12-08 02:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2019-01-09 17:32 - 2018-12-08 02:41 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2019-01-09 17:32 - 2018-12-08 02:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2019-01-09 17:32 - 2018-12-08 02:41 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-01-09 17:32 - 2018-12-07 15:33 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2018-12-28 23:03 - 2018-12-28 23:03 - 000000082 _____ C:\Users\Public\start.txt
2018-12-28 23:03 - 2018-12-28 23:03 - 000000082 _____ C:\Users\Public\decrypting.txt
2018-12-28 23:03 - 2018-12-28 23:03 - 000000082 _____ C:\ProgramData\start.txt
2018-12-28 23:03 - 2018-12-28 23:03 - 000000082 _____ C:\ProgramData\decrypting.txt
2018-12-27 17:29 - 2018-12-27 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-12-27 17:29 - 2018-12-27 17:29 - 000000000 ____D C:\Program Files\RogueKiller
2018-12-27 17:09 - 2018-12-27 17:10 - 029162344 _____ (Adlice Software ) C:\Users\User\Downloads\RogueKiller_setup.exe
2018-12-25 23:13 - 2018-12-25 23:13 - 007320272 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.2.6.0.exe
2018-12-24 14:47 - 2018-12-24 14:47 - 000000000 ___HD C:\Windows\msdownld.tmp
2018-12-24 13:57 - 2018-12-24 13:58 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-12-24 13:57 - 2018-12-24 13:57 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-12-23 12:57 - 2018-12-23 12:57 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-23 12:57 - 2018-12-23 12:57 - 000001827 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2018-12-23 12:57 - 2018-12-23 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-23 12:57 - 2018-12-23 12:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-14 00:30 - 2018-12-14 00:30 - 000001515 _____ C:\Users\User\Desktop\Windows Media Player.lnk
2018-12-12 17:12 - 2018-11-28 21:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 17:11 - 2018-12-06 02:35 - 002405376 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-12 17:11 - 2018-11-28 21:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-12-12 17:11 - 2018-11-28 21:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-12-12 17:11 - 2018-11-28 21:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-12-12 17:11 - 2018-11-28 21:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-12-12 17:11 - 2018-11-11 16:49 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 17:11 - 2018-11-11 16:44 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-12 17:11 - 2018-11-08 16:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 17:11 - 2018-11-08 16:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 17:11 - 2018-11-08 16:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-12-12 17:11 - 2018-11-08 16:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-12-12 17:11 - 2018-11-06 04:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-12 17:11 - 2018-10-06 15:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-12-12 17:11 - 2018-10-06 15:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 17:11 - 2018-10-06 15:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-12-12 17:11 - 2018-10-06 15:43 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-12-12 17:11 - 2018-10-06 15:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-12-12 17:11 - 2018-10-06 15:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-11 18:18 - 2009-07-14 04:34 - 000035504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-11 18:18 - 2009-07-14 04:34 - 000035504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-11 17:25 - 2016-11-18 19:03 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-01-11 17:23 - 2017-10-11 14:54 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2019-01-11 17:19 - 2009-07-14 04:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-10 23:21 - 2015-11-04 16:55 - 000000000 ____D C:\Users\User\Desktop\lol
2019-01-10 22:17 - 2016-12-15 22:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-10 22:17 - 2013-12-16 18:54 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-01-10 19:01 - 2018-05-14 12:31 - 000103542 _____ C:\Users\User\Desktop\jobs.txt
2019-01-10 18:44 - 2014-05-01 11:13 - 000290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2019-01-09 22:20 - 2010-11-20 21:01 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-09 22:20 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\inf
2019-01-09 19:28 - 2013-12-16 14:44 - 000000000 ____D C:\Windows\system32\MRT
2019-01-09 19:25 - 2013-12-16 14:44 - 129687688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-09 19:20 - 2018-07-21 15:17 - 001154323 ____H C:\Users\User\AppData\Local\IconCache.db.backup
2019-01-08 22:58 - 2018-09-03 16:50 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2019-01-08 22:58 - 2018-09-03 16:50 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-01-08 22:57 - 2014-01-03 13:19 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-07 17:49 - 2018-05-30 14:12 - 000001313 _____ C:\Users\User\Desktop\Jobs weekly.txt
2019-01-06 22:03 - 2018-02-01 22:45 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2019-01-06 18:20 - 2016-10-12 16:55 - 000000000 ____D C:\Users\User\dwhelper
2019-01-06 14:35 - 2018-01-29 14:43 - 000057344 ___SH C:\Users\User\Documents\Thumbs.db
2019-01-06 00:42 - 2013-12-16 13:48 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2019-01-04 18:29 - 2015-11-25 12:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-02 15:07 - 2018-09-09 17:46 - 000000000 ____D C:\Users\User\Documents\Evaer
2018-12-28 23:03 - 2018-07-23 11:22 - 000002005 _____ C:\Windows\system32\InstallUtil.InstallLog
2018-12-28 23:03 - 2015-10-06 15:01 - 000040924 __RSH C:\ProgramData\ntuser.pol
2018-12-27 17:02 - 2017-07-04 14:27 - 000000000 ____D C:\Users\User\Documents\Tools
2018-12-25 23:41 - 2018-07-22 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-12-25 22:21 - 2017-12-13 14:46 - 000000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2018-12-25 22:17 - 2018-01-21 14:37 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2018-12-24 13:58 - 2017-10-01 22:35 - 000001945 _____ C:\Windows\epplauncher.mif
2018-12-20 18:50 - 2017-03-06 22:07 - 000000000 _____ C:\Windows\system32\last.dump
2018-12-20 18:01 - 2009-07-14 04:53 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-12-18 14:27 - 2017-07-17 11:19 - 000000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-18 14:27 - 2017-07-17 11:19 - 000000929 _____ C:\ProgramData\Desktop\CCleaner.lnk
2018-12-18 14:27 - 2013-12-16 13:38 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR
2018-12-17 16:06 - 2014-01-03 15:02 - 000000000 ____D C:\ProgramData\TEMP
2018-12-17 16:05 - 2014-01-08 18:45 - 000000000 ____D C:\Program Files\SpywareBlaster
2018-12-13 19:21 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-13 00:23 - 2017-11-15 18:35 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-12-12 22:07 - 2015-12-08 16:41 - 000509288 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-12 18:57 - 2015-08-11 15:42 - 000007597 _____ C:\Users\User\AppData\Local\resmon.resmoncfg
2018-12-12 15:17 - 2014-09-15 11:18 - 000000000 ____D C:\Windows\pss
2018-12-12 12:26 - 2014-08-25 21:35 - 000000000 ____D C:\Users\User\AppData\Local\Adobe

==================== Files in the root of some directories =======

2017-12-27 15:39 - 2017-12-27 15:39 - 000012288 _____ () C:\Users\User\AppData\Roaming\0000102C_VTS_0.IFO
2017-12-27 15:39 - 2017-12-27 15:39 - 000022528 _____ () C:\Users\User\AppData\Roaming\0000102C_VTS_1.IFO
2017-12-27 15:39 - 2017-12-27 15:39 - 000022528 _____ () C:\Users\User\AppData\Roaming\0000102C_VTS_2.IFO
2015-09-16 16:04 - 2017-12-27 15:59 - 000000503 _____ () C:\Users\User\AppData\Roaming\burnaware.ini
2014-06-29 15:41 - 2014-10-15 12:30 - 000000097 _____ () C:\Users\User\AppData\Roaming\default.pls
2015-02-09 15:09 - 2015-02-09 15:11 - 000022328 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys
2015-04-11 13:44 - 2015-04-11 13:44 - 000000020 ___SH () C:\Users\User\AppData\Roaming\Sys11965 DataCollection.dat
2015-04-11 13:44 - 2015-04-11 13:44 - 000000020 ___SH () C:\Users\User\AppData\Roaming\System413_DataDB.ind
2017-03-26 17:12 - 2017-03-26 17:12 - 001058101 _____ () C:\Users\User\AppData\Local\ars.cache
2017-03-26 17:12 - 2017-03-26 17:12 - 000384255 _____ () C:\Users\User\AppData\Local\census.cache
2017-03-26 16:50 - 2017-03-26 16:50 - 000000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-08-11 15:42 - 2018-12-12 18:57 - 000007597 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2017-03-26 17:03 - 2017-03-26 17:03 - 000000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-11 16:25


==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-01-2019 01
Ran by User (11-01-2019 18:47:49)
Running from C:\Users\User\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-12-16 13:02:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3088101763-2072606618-2741787397-500 - Administrator - Disabled)
Guest (S-1-5-21-3088101763-2072606618-2741787397-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3088101763-2072606618-2741787397-1002 - Limited - Enabled)
User (S-1-5-21-3088101763-2072606618-2741787397-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
BurnAware Free 4.0 Beta 4 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 18.10.20.0 - Foolish IT LLC)
DVDFab 9.2.0.8 (06/08/2015) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Evaer Video Recorder for Skype 1.8.9.16 (HKLM\...\Evaer Video Recorder for Skype) (Version: 1.8.9.16 - Evaer Technology)
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}) (Version: 71.0.3578.98 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections 22.6.6.0 (HKLM\...\PROSetDX) (Version: 22.6.6.0 - Intel)
iSkysoft Video Converter Ultimate(Build 5.2.1.0) (HKLM\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.2.1.0 - iSkysoft Software)
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
K-Lite Codec Pack 14.5.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 14.5.5 - KLCP)
MailWasher (HKLM\...\{6274A6B6-DF02-48A4-940D-F18775909906}) (Version: 7.11 - Firetrust)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x86 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla)
Mozilla Thunderbird 60.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 60.4.0 (x86 en-US)) (Version: 60.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero SoundTrax (HKLM\...\{3D62438A-C6E0-4160-B3CC-D6B5158782D3}) (Version: 12.0.03300 - Nero AG)
Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0005 - Nero AG) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM\...\{496CA6A6-13F4-49AA-9A27-CD96CF65B29A}) (Version: 18.1.6.161 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM\...\{8F577DD0-0437-4583-8290-7911443783FD}) (Version: 18.1.6.167 - RealNetworks) Hidden
RealDownloader (HKLM\...\{ced10285-8c68-4b5c-a44d-abbb810ed087}) (Version: 18.1.6.167 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RogueKiller version 13.0.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.19.0 - Adlice Software)
Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Skype version 8.34 (HKLM\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Video Downloader (HKLM\...\{BB311CA2-573F-4B20-B066-AB7560E8C6F8}) (Version: 1.3.0 - RealNetworks) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
vs2015_redist x86 (HKLM\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WinRAR 5.61 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Xvid MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - Xvid Development Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{02835AE8-A267-4B1F-A05C-36D2DEA350DC}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{44CD0A52-D0B4-4D03-A572-A9BDAD6E2D33}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBAC09B1-05A9-4E4F-93BA-1E409D52A268}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {B5FA2AE6-7A94-4382-8EA9-58C725AAB854} => C:\Windows\System32\ISCM32.dll [2014-07-28] ()
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files\Real\RealPlayer\RPDS\Bin\rpcontextmenu.dll [2017-01-15] (RealNetworks, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\ATI.ACE\Core-Static\atiacmxx.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {165FB4A4-4F9C-48C1-8A9D-898AA30B44EB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {4165E832-B2EF-4C17-A934-30EC39BE9559} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3088101763-2072606618-2741787397-1000
Task: {4B550C72-434C-49E6-BA40-C9B208585E37} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {53ED066D-E855-470A-AA14-EEB63CB88F8A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-21] (AVAST Software)
Task: {603DE812-9B4A-4E6C-BB70-5339602EFB0A} - System32\Tasks\RealDownloader Update Check => C:\Program Files\Real\RealDownloader\downloader2.exe [2017-05-05] ()
Task: {66044F68-2F6C-41AE-BAAE-9D6CEE9B1F75} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {66389118-491A-4AC0-AFE9-88A8D08530BF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {6752E050-EDAF-4A80-8BFA-6C6C879141BA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-01-10] (AVAST Software)
Task: {76E8C3FD-A50B-41BA-80F8-4AE5CF24176F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {7EDDB5B7-DF5A-430F-8CEA-3E2FBDEAAA94} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {7F5A053F-30A6-422F-B5DC-418BE2990227} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {83C36D99-EF36-4CD3-A7D2-6A89F34E497E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {95F1ECCA-C3ED-470B-83BC-60511ACCC18D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {993736DC-B4B0-4EBB-89CC-1C6898F0756A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {9939E53A-06F3-4C67-B485-ACCB4AD5E183} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {99F20CF6-4E70-44FE-870F-39C0B23A8A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9DE37BD2-8031-439E-B080-86C83123C71D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\recordingmanager.exe [2016-11-11] (RealNetworks, Inc.)
Task: {9FCEF446-4D17-41D0-95E8-06FF874081EA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {AB261BCC-6A99-4C34-86F0-081AC90B138D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {B143E8D0-643C-48C0-828B-E6BFEE7600BD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {BB067E4F-ED11-47AE-A781-8F36F07233C0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {C6CB6D89-5333-4BE1-99B1-C066F35E1C86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {CFFAA8EA-3404-4DA0-9C08-CC0B4C822B1A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D6841684-8B0A-4C04-A51E-D3740F73BEDD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {ED2C37D8-5102-4C00-86A7-23884E604093} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3088101763-2072606618-2741787397-1000 => C:\Program Files\Real\RealDownloader\realupgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {F0C5773B-3E26-4B73-B780-11CDAC6BC0C3} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {FDE76761-4FC2-4004-B5D6-FB144C9A1866} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-11-21 14:36 - 2018-11-21 14:36 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-21 14:36 - 2018-11-21 14:36 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-11-21 14:36 - 2018-11-21 14:36 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-21 14:36 - 2018-11-21 14:36 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-11-21 14:36 - 2018-11-21 14:36 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-11 17:25 - 2019-01-11 17:25 - 005739664 _____ () C:\Program Files\AVAST Software\Avast\defs\19011102\algo.dll
2018-03-06 17:54 - 2018-03-06 17:54 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-12-23 12:57 - 2018-11-15 11:01 - 002234688 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-18 12:48 - 2018-12-12 04:58 - 004430304 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-18 12:48 - 2018-12-12 04:58 - 000097248 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libegl.dll
2019-01-08 22:57 - 2019-01-08 22:57 - 017906176 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer32_32_0_0_114.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\...\1001movie.com -> 1001movie.com

There are 6126 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-11 17:23 - 2019-01-04 17:58 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-3088101763-2072606618-2741787397-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 3
MSCONFIG\Services: RealPlayer Cloud Service => 3
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RealTimes Desktop Service => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RealDownloader => C:\Program Files\Real\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [{D993345C-7FFF-4443-8E97-420AF88FA86A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{04683AB8-F080-4D15-8C77-147BEC16B732}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe (CyberLink Corp.)
FirewallRules: [UDP Query User{02E8DC56-7B4A-4131-96A1-21740F3B0857}C:\program files\cyberlink\powerdvd\powerdvd.exe] => (Allow) C:\program files\cyberlink\powerdvd\powerdvd.exe (CyberLink Corp.)
FirewallRules: [{091E8D46-4FAC-4AF5-B8BD-D47416DC43D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{C1FE3565-1713-4622-A659-01B732063B7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{B0EB3D61-B620-427F-8F52-EAEBAEE14732}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{DAE9D903-A243-467D-813D-174DC25FC801}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{7766F7AD-417B-46C3-BB47-274C3302DA54}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
FirewallRules: [{195B7592-763A-4283-9B8B-4B0080C26389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{F831488E-7E72-4F58-9CC4-13576C537F25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{3B89D270-D1DD-4C78-8660-EB6EF5D8083F}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
FirewallRules: [{E4F92858-1991-43BF-A757-51DD7E5264F0}] => (Block) LPort=445
FirewallRules: [{2EC0CA5F-4F6B-4CFC-86BF-091630C7A049}] => (Block) LPort=445
FirewallRules: [{15EEE754-46F1-421B-8306-8FFFD862D998}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe (Firetrust)
FirewallRules: [{60B2501B-E272-4FD8-B655-0FED36FA4535}] => (Allow) C:\Program Files\Firetrust\MailWasher\MailWasher.exe (Firetrust)
FirewallRules: [{BA71F166-180F-4F08-A629-7FE352A11330}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
FirewallRules: [TCP Query User{72D8DD55-AE36-46F8-B787-9AA03E38EFA3}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{AEAC77E7-17C3-4005-A0A3-3074F7D2CC7A}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{E8FB98BD-E63B-4D91-8AC6-2724C5B50261}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{5D6BE6CC-DE67-4239-A691-C61B179F5D88}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe No File
FirewallRules: [{0EFE771D-FA33-4D2E-9C59-1FD5B624A038}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File
FirewallRules: [{481785F7-A089-4B79-8C69-55097BAA189B}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File
FirewallRules: [{D0C41717-C79D-412F-A501-17E7654C55B0}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File
FirewallRules: [{4748B159-9233-453B-B490-16557C283DA7}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe No File
FirewallRules: [{0D3F7987-EFE9-453C-9717-9838514FB156}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{441D0EDB-4ECE-410A-9D76-23FDE7D7A48A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{69C810C4-6284-4AA7-A913-22339391D6D3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{704635FB-19A9-4421-9711-E09FA3101FE3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{8D01AD17-128F-4093-8E95-5927D8FC14B4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{8A89ADB4-FB08-4B0A-9FE2-86158FEBBE98}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{B8ECEA9B-9A5D-4348-9B25-E932090FE84A}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [TCP Query User{F198B0EE-39B7-49FC-AA12-7212E50C293F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN)
FirewallRules: [UDP Query User{DD5651CB-08CD-46BB-9455-0D8D41CBFC37}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN)

==================== Restore Points =========================

08-01-2019 22:27:34 Windows Update
09-01-2019 19:21:44 Windows Update

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2019 10:19:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CryptoPreventMonSvc.exe, version: 18.10.20.0, time stamp: 0x5bcbefe1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24335, time stamp: 0x5c267ec8
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x5c0
Faulting application start time: 0x01d4a93273f802cd
Faulting application path: C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: be7e3b68-1525-11e9-b8d6-00215a2d206f

Error: (01/10/2019 10:19:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CryptoPreventMonSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
   at System.Diagnostics.Process.Start()
   at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
   at A.
.(System.Diagnostics.ProcessStartInfo)
   at A..()
   at A..()
   at A..()

Error: (01/10/2019 06:17:22 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) Cannot find object or property.

Error: (01/10/2019 06:17:22 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) Cannot find object or property.

Error: (12/23/2018 12:57:16 PM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/18/2018 06:59:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IProsetMonitor.exe, version: 22.6.6.0, time stamp: 0x599b0b21
Faulting module name: ntdll.dll, version: 6.1.7601.24308, time stamp: 0x5be85d17
Exception code: 0xc0000005
Fault offset: 0x00031d86
Faulting process id: 0x808
Faulting application start time: 0x01d496f172b965ea
Faulting application path: C:\Windows\system32\IProsetMonitor.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 039ecf14-02f7-11e9-894d-00215a2d206f

Error: (12/02/2018 03:49:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x56d0b536
Faulting module name: Qt5Qml.dll, version: 5.5.0.0, time stamp: 0x558c6b4b
Exception code: 0xc0000005
Fault offset: 0x000f9332
Faulting process id: 0x1320
Faulting application start time: 0x01d48a565518fce4
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
Report Id: e2869091-f649-11e8-a32e-00215a2d206f

Error: (11/27/2018 02:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDSee.exe, version: 3.1.0.0, time stamp: 0x39ca879b
Faulting module name: ACDSee.exe, version: 3.1.0.0, time stamp: 0x39ca879b
Exception code: 0xc0000005
Fault offset: 0x000a0dca
Faulting process id: 0x154c
Faulting application start time: 0x01d4865a50f249c7
Faulting application path: C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe
Faulting module path: C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe
Report Id: 8f84178c-f24d-11e8-81c5-00215a2d206f


System errors:
=============
Error: (01/11/2019 06:24:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (01/11/2019 05:20:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CryptoPrevent Monitor Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/11/2019 05:20:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CryptoPrevent Monitor Service service to connect.

Error: (01/11/2019 05:19:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:17:43 on ‎11/‎01/‎2019 was unexpected.

Error: (01/10/2019 10:19:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CryptoPrevent Monitor Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/10/2019 10:19:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CryptoPrevent Monitor Service service to connect.

Error: (01/09/2019 10:11:20 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (01/09/2019 10:05:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CryptoPrevent Monitor Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 74%
Total physical RAM: 3567.3 MB
Available physical RAM: 900.71 MB
Total Virtual: 7132.96 MB
Available Virtual: 3343 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.91 GB) (Free:80.27 GB) NTFS
Drive e: (Backup Drive) (Fixed) (Total:931.51 GB) (Free:653.92 GB) NTFS

\\?\Volume{1d00271b-6651-11e3-b9a1-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6829804D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: EE0B5EB7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements

#2
Skelly2019
Posted 19 January 2019 - 07:07 AM

Skelly2019

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

?


  • 0

#3
Skelly2019
Posted 22 January 2019 - 07:33 AM

Skelly2019

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Anyone please?


  • 0

#4
iMacg3
Posted 22 January 2019 - 10:01 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
  • If you have questions about anything, please ask.
--------------------

Sorry for the delay. Your logs are clean of malware.

Let's try booting to Safe Mode with networking.
  • Press the Windows Key + R. This will open the Run box.
  • Type msconfig and press Enter on your keyboard.
  • Click on the Boot tab, then tick the box for Safe Boot and select Network.
  • Click on OK, then when a dialog box pops up click Restart.
  • Your computer will now restart to Safe Mode with networking.
Let me know if the computer is still slow in Safe Mode.
  • Once done with the above steps, open MSConfig again as shown earlier....but this time, uncheck the box for Safe Boot - click OK and Restart. Your system will reboot into normal mode.

  • 0

#5
Skelly2019
Posted 22 January 2019 - 10:58 AM

Skelly2019

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

OK, firefox was running almost like it did before this problem. And his Thunderbird was running a bit better as it was a bit slow to download his e-mails and it was less laggy as when he typed sentences it took a sec or two to catch up. Chrome is still a bit slow. Especially the Flash games he plays most of the time. That eats up his bandwidth a lot as other browsers when open take a lot longer to open onto another website.


  • 0

#6
iMacg3
Posted 22 January 2019 - 11:15 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

OK, thanks for the info.

Let's do a Clean Boot on your computer to narrow down what could be causing the problem. Make sure you have booted into Normal Mode before doing these instructions.
  • Click on the Start Button. Type create a restore point in the search box and select Create a restore point from the list of results.
  • Click on Create. Give your restore point a name, and follow the on-screen instructions to create a restore point.
  • Once you have created the restore point, press the Windows Key + R. Type msconfig and click on OK.
  • MSConfig will now open. Click on the Services tab, then check the Hide all Microsoft services box. Next, select Disable all.
  • Click on the Startup tab, then select Open Task Manager. In Task Manager, navigate to the Startup tab. Select each startup item and click Disable until all are disabled.
  • Close the Task Manager. In the MSConfig Startup, click on OK, and then restart the computer.
  • Test your computer performance. Let me know how the computer performs after doing the above mentioned steps.
  • Click on the Start Button. Type create a restore point in the search box and select Create a restore point from the list of results.
  • Click on the System Restore button, then click Next. Select the restore point you created earlier, then click Next. Then click Finish.
  • Your computer will now restore itself to before the settings were modified for the Clean Boot.
In your next reply, let me know how the computer performed when it was running in Clean Boot.
  • 0

#7
Skelly2019
Posted 22 January 2019 - 12:35 PM

Skelly2019

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Just done this and it made no difference at all.


  • 0

#8
iMacg3
Posted 22 January 2019 - 12:42 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Just double checking, before you rolled back to the System Restore point (during the Clean Boot) the computer was still slow?
  • 0

#9
Skelly2019
Posted 22 January 2019 - 04:27 PM

Skelly2019

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Was slow yes, slight improvement before that when in safemode! But after cleanboot no change. Just like it was at the start.

 

Something i have observed that i thought i'd add. Could be nothing.

Broadband was in standby mode when switch off for 3 hours! Started up when switched on and when it finished loading Windows noticed the connection dropped and restarted itself. Have noticed this a few times recently in the last couple of days.


  • 0

#10
iMacg3
Posted 22 January 2019 - 06:07 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Let's get a new FRST scan.

Right-click on FRST/FRST64 and click Run as Administrator
Click on Scan. Once the scan is complete, two text files will pop up. (FRST.txt and Addition.txt)

Please copy and paste the contents of FRST.txt and Addition.txt here for my review.
  • 0

Advertisements

#11
Skelly2019
Posted 23 January 2019 - 08:17 AM

Skelly2019

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Ran FRST whilst play his game. So hopefully these results can pick up what was laggy and eating up bandwidth during the scan.

 

Attached File  FRST.txt   282.54KB   161 downloads

 

Attached File  Addition.txt   47.32KB   155 downloads


  • 0

#12
iMacg3
Posted 23 January 2019 - 09:31 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Download TFC (Temp File Cleaner) by OldTimer and save it to your Desktop.
  • Right-click on TFC.exe and select Run as Administrator.
  • Click on Start. If a message appears that the system needs to restart, click on Yes.
  • Your computer will restart, and allow it to do so.
----------------------------

Let me know if the computer is any faster after running TFC.

Thanks.
  • 0

#13
Skelly2019
Posted 23 January 2019 - 11:49 AM

Skelly2019

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

There seems to be a lot of improvement after the TFC scan.  And Thunderbird works a lot better now.


  • 0

#14
iMacg3
Posted 23 January 2019 - 12:47 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Hi,

That's great  :thumbsup:

Try running Disk Defragmenter as follows:

  • Click on the Start button. Type disk defragmenter and select it from the list of results.
  • Under the Current Status section, select the C: drive.
  • Note: if your hard disk is an SSD, do not defragment the disk.
  • Click on Analyze Disk.
  • In the Last Run column there will be a fragmentation percentage. If it is above 10%, the disk should be defragmented.
  • Click on Defragment disk.
  • The process may take a while to complete depending on the percentage of fragmentation.
  • You can still use your computer while Disk Defragmenter is working.

-----------------------------

Let me know how the computer is running, and if there are any outstanding issues.

Thanks.


  • 0

#15
Skelly2019
Posted 23 January 2019 - 04:25 PM

Skelly2019

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hmm i did the first line. Found the file, but it doesnt want to run! Nothing happens.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP