Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

very slow computer with lots of pop ups


  • Please log in to reply

#1
jp_17315

jp_17315

    New Member

  • Member
  • Pip
  • 3 posts

My Dad asked me to look at his computer he is complainig about it running really slow and has lots of pop ups. I scanned using super anitspyware and it basically just found tracking cookies. I also scanned using avast anitvirus and also cleaned it up using CCleaner. also any suggestions on a better antivirus instead of Avast.

 

Here are the two logfiles

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2019 01
Ran by Jim (administrator) on JIM-PC (Dell Inc. Vostro 420 Series) (21-07-2019 21:27:26)
Running from C:\Users\Jim\Desktop
Loaded Profiles: Jim (Available Profiles: Jim & Administrator & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1803 17134.885 (X86) Language: English (United States)
Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files\Browny02\BrYNSvc.exe
(Google Inc -> Google Inc.) C:\Program Files\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Jim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\vVX3000.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x86__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Sierra Online, Inc.) [File not signed] C:\Sierra\Planner\PLNRnote.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [dlbamon.exe] => C:\Program Files\Dell AIO Printer A940\dlbamon.exe [435696 2007-03-05] (Dell Inc. -> )
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-12-06] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation -> Microsoft Corporation)
HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-05-29] (Google Inc -> Google Inc.)
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [AvastBrowserAutoLaunch_FA2B84143C1DCA2448275CD89F7AE183] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\75.0.1447.80\Installer\chrmstp.exe [2019-06-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk [2014-05-29]
ShortcutTarget: Event Planner Reminders Tray Icon.lnk -> C:\Sierra\Planner\PLNRnote.exe (Sierra Online, Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05E2F110-8038-4D73-BCA9-954F7DD1B24B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {066203D1-1ED0-4254-8988-8FC8E671B5F7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0C6D93CD-65CC-47CF-8F01-D4484978AD13} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {115B6A76-5927-4A4C-802E-771BC9151788} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {16104CFC-5608-498C-97F2-5DDF6FB15BFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {20C08DB2-A844-4940-90A8-884B6FDF4DC5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [192704 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {278CE908-AAB5-4878-BE3F-DBE952B3DEC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2C64EB00-B87F-470D-8B5A-B9161B1CD90C} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {2E80A8BD-31FC-4B06-955C-ACD082706C7F} - System32\Tasks\{CF8C78C4-B996-4C72-B3CF-E37C7D191856} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe"
Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {3DA95F47-17FB-45CD-AAC1-95C9EA335347} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {484A3EB3-6CF1-45DA-93CC-35758DAAD92B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1913648 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {4E5BBB31-79CA-4978-A994-C533D63E7612} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {56BD30BB-C55E-4CA4-A07D-74AA44C47682} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58E5782A-EBD0-4ACB-96B3-D52D7BEF6B8D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B6837DC-EFEC-4579-842F-66189490BB14} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5F3CC0D6-8E74-4F8E-A83B-5DEB0F77866E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {645E1648-5F20-419C-9F3B-7AB28F2B35D2} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {69051406-96D9-4C3B-A6CF-9B613DF66916} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6B671DC5-0581-4474-B6F1-334108685564} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6DB25157-4366-4C48-9CB8-4D7A439885EB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {72F8A930-FBA2-4EA8-800A-79422093DF4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {789710E9-2670-4800-ACD9-8A752D6C3D0F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88B07368-A624-4FEF-A820-555EAF25402D} - System32\Tasks\EPSON XP-520 Series Update {AC4A0DAF-2F09-49D5-8A9F-C4FD4F6E3D03} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {8A5113CA-297E-4027-8CC1-7D7E97A06FE6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {919B3416-594B-43F6-88FF-3730616466CD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9228F5B5-E8F2-4756-92AE-FA39626D7AE8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {9AAB09C1-20FA-4797-A49C-24781A52FF6E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B9C6127-7089-4925-B821-20E4370F7689} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {9D00198C-463F-4B5E-B621-830FF40988DB} - System32\Tasks\{287C8A86-E5B1-426D-B3D2-3FC5D86C0396} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Dell AIO Printer A940\Install\x86\Uninst.exe"
Task: {b52c39b3-e445-4476-a224-e16327bfa266} - no filepath
Task: {B5A644B2-4648-490F-A102-9E75E6EADE0D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7EAC6DC-4838-4DC1-AB9E-0DA799AE0B68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-21] (Adobe Inc. -> Adobe)
Task: {BD46CD8D-897E-445F-A97C-5B2CFCDCBE54} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-21] (Adobe Inc. -> Adobe)
Task: {BF7CC2F3-D5E9-4BC0-8908-013049053F01} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {C147FCD1-A44D-4E4F-BA18-E7AA67FB0FE3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6667D3E-850F-4B3F-B15A-402826C28C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CEE3E849-1B96-4C71-9C78-A1C272F19B02} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {CFFD1CFD-4935-4F59-9989-5889364C7E76} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {D7B624DA-349A-46CC-AAA6-48A4FFCBCB08} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D8C070F2-EF2A-4431-AFF8-42297D446F7E} - System32\Tasks\EPSON XP-520 Series Update {8856D0EA-C6F7-466C-98F8-0FB69C996467} => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {DCE7EEE5-67A7-4638-A3EA-B7D02A1C1DD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {E5E3FA8B-BED8-4E44-994F-5897440D00A4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {EA2E4AEE-E89E-4462-8DF9-79F6DA9BA910} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA9B22D2-734E-4A09-AE20-EC68A52044C3} - System32\Tasks\EPSON XP-520 Series Update {B378BE76-1CAD-4E77-AD10-0DB3F8161CA4} => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {ED14ADDA-F22A-47F2-9D29-F53031526118} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {EEB704EC-A2E8-4AAD-B69D-FB5D5BF8B937} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F42CD5E9-25C6-45D5-B138-300B95984F23} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FA6C8116-C794-47CF-B840-D31E12ED2385} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3228552 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
Task: {FBA1BF0D-9149-478C-A4C3-0E716F0E1DCD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {FF9E4AE6-B69F-4A38-A159-78927A7943C5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.62
Tcpip\..\Interfaces\{42b53645-a910-45a9-b003-ad22858565ff}: [DhcpNameServer] 209.18.47.63 209.18.47.62
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> {8FC038DB-DFC3-40D6-BD78-8F90BF1172E3} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc -> Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc -> Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default [2019-07-21]
FF Extension: (MediaPlayer) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default\Extensions\[email protected] [2015-05-12] [Legacy] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-21] (Adobe Inc. -> )
FF Plugin: @glance.net/GlanceClient -> C:\Program Files\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.) [File not signed]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google Inc -> Google, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-06-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3988621694-3172890893-754654441-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-03] (Citrix Online -> Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> chrome://bookmarks/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://bceiakgkigbijnpkjgaohfcnffemnnmh/newtabfile/ntfile.html", Active:"chrome-extension://nbojijfddfdeecdagoppkecbjejpbdkb/ntpnew.html", Not-active:"chrome-extension://pbneiecbhikjapoihjpemfmpaalkafkh/newtabproduct.html", Active:"chrome-extension://oiifocgmpeklnafamamaemkeeondihcd/ntp.html", Active:"chrome-extension://jnndaplccjeffekcadmimifgiohojden/ntp.html", Active:"chrome-extension://mkodglccjkggchpdpiikgcjplniemdej/newtab/quicknewtabpage.html", Active:"chrome-extension://ddcgolmkaodjbmpgdfphfdjdbdkidiga/ntp.html", Active:"chrome-extension://gnighmloblbkmoleodphoegaiinnikpk/ntpnew.html", Not-active:"chrome-extension://npmoikddpdgbhgbkjgjemncoegpojpng/newtabproduct.html", Not-active:"chrome-extension://nekknkoekfoohdedhkfpphiofoddkgdm/searchbox.html", Active:"chrome-extension://gdpcjikcinmgbpkemnpncgkfjllnhicp/newtab/quicktab.html", Not-active:"chrome-extension://pnmgpnhekkdcnegoioancaodogohggob/newtab/slim_product.html", Not-active:"chrome-extension://efnjglmhkadcodfecjljffkhkcljagfo/newtabproduct.html", Not-active:"chrome-extension://ggdpncmeianmjejbjhjnbidecbfofcgc/newtab/slim_newtabpage.html", Not-active:"chrome-extension://allddgjfhjhcjcnfkabhenmkahcccdap/newtab/quicktab.html", Not-active:"chrome-extension://nlccbfofdgkhefnadicieoobmkeogcef/newtab/slim_newtabpage.html", Not-active:"chrome-extension://icomkegadoijccpafapbjlncpafipoha/product.html", Active:"chrome-extension://mfladgpfndhlfcnjnglanjlfncbpjhng/ntpnew.html", Not-active:"chrome-extension://hdhkemhaommecijlogcmoeaogjjpkihm/stubby.html", Not-active:"chrome-extension://ilngdmldabiclnndbiflkjbenccddfmn/stubby.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default [2019-07-21]
CHR Extension: (socfiner) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiiljlkpjkhpdfgebcnlndcgiopbibff [2017-07-05]
CHR Extension: (Your PDF Converter Now) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\allddgjfhjhcjcnfkabhenmkahcccdap [2018-03-31]
CHR Extension: (Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (PDF Converter Hub) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bceiakgkigbijnpkjgaohfcnffemnnmh [2019-06-28]
CHR Extension: (Streamit Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbndohkmkdhnfpnojndclpmclkbpgaf [2018-09-01]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-19]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (QuickPDFMerger) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcgolmkaodjbmpgdfphfdjdbdkidiga [2019-06-28]
CHR Extension: (FromDocToPDF) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\efnjglmhkadcodfecjljffkhkcljagfo [2019-07-01]
CHR Extension: (Search Encrypt) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\elcchnalodncjhbclfbfkmjlecpeiopg [2018-04-25]
CHR Extension: (SearchWeb) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcaidkbhmgafpojklejljicnpnfnaokm [2018-05-12]
CHR Extension: (Weather Forecast) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdpcjikcinmgbpkemnpncgkfjllnhicp [2018-04-15]
CHR Extension: (Search Privacy) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb [2018-03-24]
CHR Extension: (Login Faster) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdpncmeianmjejbjhjnbidecbfofcgc [2018-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (PDFConverterHQ for Chrome) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnighmloblbkmoleodphoegaiinnikpk [2019-06-29]
CHR Extension: (Avast Online Security) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Quick) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hceoppfleikmkcmobdkgiflopcnbnlbh [2018-04-15]
CHR Extension: (DailyBibleGuide) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm [2019-06-20]
CHR Extension: (Nmeitj) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlclhmmajhgidfdaiekbeignliibocod [2017-01-11]
CHR Extension: (FromDocToPDF) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icomkegadoijccpafapbjlncpafipoha [2019-07-01]
CHR Extension: (FromDocToPDF) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilngdmldabiclnndbiflkjbenccddfmn [2017-11-09]
CHR Extension: (DoctoPDF) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgkpeobcmjlocjpfgocelimhppdmigj [2019-07-15]
CHR Extension: (AtoZManuals ) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnndaplccjeffekcadmimifgiohojden [2019-06-11]
CHR Extension: (Flexbox) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfhcaceohfbmildeboicbfmaikcoddbf [2017-08-01]
CHR Extension: (Ask Web Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp [2019-07-19]
CHR Extension: (SearchLock) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2017-05-04]
CHR Extension: (FromDocToPDF) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2019-06-29]
CHR Extension: (MapsGalaxy) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfladgpfndhlfcnjnglanjlfncbpjhng [2019-06-29]
CHR Extension: (Find Forms Fast) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkodglccjkggchpdpiikgcjplniemdej [2019-07-15]
CHR Extension: (MyFormsFinder) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbojijfddfdeecdagoppkecbjejpbdkb [2019-07-01]
CHR Extension: (lammbda) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekknkoekfoohdedhkfpphiofoddkgdm [2018-05-07]
CHR Extension: (My Quick Converter) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlccbfofdgkhefnadicieoobmkeogcef [2018-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (MyTransitGuide) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\npmoikddpdgbhgbkjgjemncoegpojpng [2019-06-29]
CHR Extension: (PDFConvertTools) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiifocgmpeklnafamamaemkeeondihcd [2019-06-11]
CHR Extension: (PDF Viewer & Converter by FromDocToPDF) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbneiecbhikjapoihjpemfmpaalkafkh [2019-06-29]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-20]
CHR Extension: (Find Forms Fast) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmgpnhekkdcnegoioancaodogohggob [2019-03-29]
CHR Extension: (Ad Remover) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pogpkmdlehipcepphjbogapenmkbimpo [2019-06-05]
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-07-21]
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-07-21]
CHR Extension: (Slides) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-03]
CHR Extension: (Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-03]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-03]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-03]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-03]
CHR Extension: (Sheets) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-03]
CHR Extension: (Avast Online Security) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-03]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-03]
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-07-17] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [217088 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5551168 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-20] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [365048 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-20] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\75.0.1447.80\elevation_service.exe [978720 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [595896 2018-12-03] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3624312 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [86408 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [10070016 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [290304 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [34696 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [174472 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225816 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [171216 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [56504 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [14976 2019-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [214944 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [40904 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [140080 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [101192 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [73008 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783232 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [403952 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [167576 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [312968 2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
R1 glancedrv; C:\WINDOWS\System32\drivers\glancedrv.sys [34080 2009-05-13] (Glance Networks, Incorporated -> Glance Networks, Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2018-04-11] (Microsoft Windows -> Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 UrsSynopsys; C:\WINDOWS\System32\drivers\urssynopsys.sys [21920 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37448 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [271776 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [30208 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-07-21 21:27 - 2019-07-21 21:29 - 000070952 _____ C:\Users\Jim\Desktop\FRST.txt
2019-07-21 21:24 - 2019-07-21 21:24 - 001446912 _____ (Farbar) C:\Users\Jim\Desktop\FRST (1).exe
2019-07-21 20:56 - 2019-07-21 20:56 - 000241420 _____ C:\Users\Jim\Desktop\cc_20190721_205640.reg
2019-07-21 20:42 - 2019-07-21 20:42 - 000001036 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-21 20:42 - 2019-07-21 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-07-21 20:42 - 2019-07-21 20:42 - 000000000 ____D C:\Program Files\CCleaner
2019-07-21 20:41 - 2019-07-21 20:41 - 020891464 _____ (Piriform Software Ltd) C:\Users\Jim\Desktop\ccsetup560.exe
2019-07-21 20:22 - 2019-07-21 20:22 - 000047720 _____ () C:\WINDOWS\system32\Drivers\staport.sys
2019-07-21 20:20 - 2019-07-21 20:20 - 000312200 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-07-21 20:20 - 2019-07-21 20:20 - 000167576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-07-21 20:20 - 2019-07-21 20:20 - 000140080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-07-09 16:29 - 2019-07-04 04:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 16:29 - 2019-07-04 04:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 16:29 - 2019-07-04 00:48 - 000994776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 16:29 - 2019-07-04 00:42 - 006683960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 16:29 - 2019-07-04 00:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 16:29 - 2019-07-04 00:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 16:29 - 2019-07-04 00:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 16:29 - 2019-07-04 00:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 16:29 - 2019-07-04 00:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 16:29 - 2019-06-13 06:21 - 001468944 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 16:29 - 2019-06-13 06:20 - 000602424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 16:29 - 2019-06-13 06:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 16:29 - 2019-06-13 05:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 16:29 - 2019-06-13 05:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 16:29 - 2019-06-13 05:53 - 003879936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 16:29 - 2019-06-13 01:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 16:29 - 2019-06-13 01:09 - 004170360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 16:28 - 2019-07-04 04:55 - 001463760 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 16:28 - 2019-07-04 04:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 16:28 - 2019-07-04 04:52 - 000078648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-09 16:28 - 2019-07-04 04:42 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 16:28 - 2019-07-04 04:42 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 16:28 - 2019-07-04 04:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 16:28 - 2019-07-04 04:40 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 16:28 - 2019-07-04 04:39 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 16:28 - 2019-07-04 04:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 16:28 - 2019-07-04 00:45 - 001094456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 16:28 - 2019-07-04 00:45 - 000161080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 16:28 - 2019-07-04 00:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 16:28 - 2019-07-04 00:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 16:28 - 2019-07-04 00:43 - 000539416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 16:28 - 2019-07-04 00:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 16:28 - 2019-07-04 00:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 16:28 - 2019-07-04 00:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 16:28 - 2019-07-04 00:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 16:28 - 2019-07-04 00:42 - 002344760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 16:28 - 2019-07-04 00:42 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 16:28 - 2019-07-04 00:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 16:28 - 2019-07-04 00:42 - 001051040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 16:28 - 2019-07-04 00:42 - 000949856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 16:28 - 2019-07-04 00:42 - 000835664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 16:28 - 2019-07-04 00:42 - 000621624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 16:28 - 2019-07-04 00:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 16:28 - 2019-07-04 00:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 16:28 - 2019-07-04 00:42 - 000108088 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-09 16:28 - 2019-07-04 00:42 - 000073912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 16:28 - 2019-07-04 00:41 - 001191016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 16:28 - 2019-07-04 00:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 16:28 - 2019-07-04 00:41 - 000103952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 16:28 - 2019-07-04 00:23 - 003256832 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 16:28 - 2019-07-04 00:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 16:28 - 2019-07-04 00:22 - 002811904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 16:28 - 2019-07-04 00:22 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 16:28 - 2019-07-04 00:22 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 16:28 - 2019-07-04 00:22 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 16:28 - 2019-07-04 00:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 16:28 - 2019-07-04 00:22 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 16:28 - 2019-07-04 00:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-07-09 16:28 - 2019-07-04 00:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2019-07-09 16:28 - 2019-07-04 00:21 - 001388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 16:28 - 2019-07-04 00:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 16:28 - 2019-07-04 00:20 - 002201088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 16:28 - 2019-07-04 00:20 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 16:28 - 2019-07-04 00:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 16:28 - 2019-07-04 00:20 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 16:28 - 2019-07-04 00:19 - 001754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 16:28 - 2019-07-04 00:19 - 001281024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 16:28 - 2019-07-04 00:19 - 001184768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 16:28 - 2019-07-04 00:19 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 16:28 - 2019-07-04 00:19 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 16:28 - 2019-07-04 00:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 16:28 - 2019-07-04 00:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 16:28 - 2019-07-04 00:18 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 16:28 - 2019-07-04 00:18 - 001588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 16:28 - 2019-07-04 00:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 16:28 - 2019-07-04 00:18 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 16:28 - 2019-07-04 00:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 16:28 - 2019-07-04 00:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 16:28 - 2019-07-04 00:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 16:28 - 2019-07-04 00:17 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 16:28 - 2019-07-04 00:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 16:28 - 2019-06-21 04:29 - 000241160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-09 16:28 - 2019-06-20 03:42 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-09 16:28 - 2019-06-13 06:21 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 16:28 - 2019-06-13 06:21 - 000265744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 16:28 - 2019-06-13 06:20 - 002712080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 16:28 - 2019-06-13 06:20 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 16:28 - 2019-06-13 06:20 - 000374800 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 16:28 - 2019-06-13 06:20 - 000138768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 16:28 - 2019-06-13 06:20 - 000061456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 16:28 - 2019-06-13 06:08 - 000286280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-09 16:28 - 2019-06-13 06:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-09 16:28 - 2019-06-13 06:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-09 16:28 - 2019-06-13 06:07 - 000456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 16:28 - 2019-06-13 06:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-09 16:28 - 2019-06-13 06:06 - 000970480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 16:28 - 2019-06-13 06:04 - 000514904 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 16:28 - 2019-06-13 06:04 - 000141448 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 16:28 - 2019-06-13 05:56 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 16:28 - 2019-06-13 05:55 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-09 16:28 - 2019-06-13 05:55 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-09 16:28 - 2019-06-13 05:54 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 16:28 - 2019-06-13 05:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-09 16:28 - 2019-06-13 05:54 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 16:28 - 2019-06-13 05:53 - 003257856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 16:28 - 2019-06-13 05:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2019-07-09 16:28 - 2019-06-13 05:51 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-09 16:28 - 2019-06-13 05:51 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-09 16:28 - 2019-06-13 05:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-09 16:28 - 2019-06-13 05:51 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 16:28 - 2019-06-13 05:50 - 002094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 16:28 - 2019-06-13 05:50 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 16:28 - 2019-06-13 05:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 16:28 - 2019-06-13 05:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 16:28 - 2019-06-13 05:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 16:28 - 2019-06-13 05:49 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-09 16:28 - 2019-06-13 02:44 - 000513024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 16:28 - 2019-06-13 01:14 - 000389432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 16:28 - 2019-06-13 01:14 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 16:28 - 2019-06-13 01:12 - 000737008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-09 16:28 - 2019-06-13 01:08 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-09 16:28 - 2019-06-13 01:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-09 16:28 - 2019-06-13 01:07 - 000734408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-09 16:28 - 2019-06-13 01:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-09 16:28 - 2019-06-13 01:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 16:28 - 2019-06-13 01:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 16:28 - 2019-06-13 01:06 - 002030904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 16:28 - 2019-06-13 01:06 - 001923896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 16:28 - 2019-06-13 01:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-09 16:28 - 2019-06-13 01:06 - 000371000 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2019-07-09 16:28 - 2019-06-13 01:06 - 000371000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-09 16:28 - 2019-06-13 00:50 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-09 16:28 - 2019-06-13 00:50 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 16:28 - 2019-06-13 00:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-09 16:28 - 2019-06-13 00:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 16:28 - 2019-06-13 00:48 - 000269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-09 16:28 - 2019-06-13 00:48 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-09 16:28 - 2019-06-13 00:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 16:28 - 2019-06-13 00:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-09 16:28 - 2019-06-13 00:47 - 001131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-09 16:28 - 2019-06-13 00:47 - 000698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 16:28 - 2019-06-13 00:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 16:28 - 2019-06-13 00:47 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 16:28 - 2019-06-13 00:47 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 16:28 - 2019-06-13 00:47 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-09 16:28 - 2019-06-13 00:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 16:28 - 2019-06-13 00:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 16:28 - 2019-06-13 00:46 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-09 16:28 - 2019-06-13 00:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-09 16:28 - 2019-06-13 00:45 - 001659392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 16:28 - 2019-06-13 00:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-09 16:28 - 2019-06-13 00:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 16:28 - 2019-06-13 00:45 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-09 16:28 - 2019-06-13 00:45 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-09 16:28 - 2019-06-13 00:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-09 16:28 - 2019-06-13 00:44 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 16:28 - 2019-06-13 00:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-09 16:28 - 2019-06-13 00:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-09 16:28 - 2019-06-13 00:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-09 16:28 - 2019-06-13 00:44 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 16:28 - 2019-06-13 00:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-09 16:28 - 2019-06-13 00:44 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-09 16:28 - 2019-06-13 00:43 - 002418176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-09 16:28 - 2019-06-13 00:43 - 001414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 16:28 - 2019-06-13 00:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-09 16:28 - 2019-06-13 00:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-09 16:28 - 2019-06-13 00:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 16:28 - 2019-06-13 00:43 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-07-21 21:27 - 2017-01-10 22:10 - 000000000 ____D C:\FRST
2019-07-21 21:12 - 2018-04-11 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-21 20:50 - 2015-12-06 21:28 - 000000000 ____D C:\Program Files\TeamViewer
2019-07-21 20:47 - 2018-07-15 21:10 - 000000000 ____D C:\Users\Jim\AppData\Local\CrashDumps
2019-07-21 20:47 - 2018-05-18 21:36 - 000000000 ___DC C:\WINDOWS\Panther
2019-07-21 20:47 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-21 20:47 - 2018-04-11 16:31 - 000000000 ____D C:\WINDOWS\INF
2019-07-21 20:31 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-21 20:25 - 2018-05-22 22:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-21 20:25 - 2014-05-29 20:01 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-07-21 20:24 - 2018-04-11 08:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-07-21 20:20 - 2019-03-03 18:31 - 000214944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-07-21 20:20 - 2018-11-06 22:50 - 000040904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-07-21 20:20 - 2018-04-11 16:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-21 20:20 - 2018-01-23 10:46 - 000403952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-07-21 20:20 - 2018-01-23 10:46 - 000312968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-07-21 20:20 - 2018-01-23 10:46 - 000101192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-07-21 20:20 - 2018-01-23 10:46 - 000073008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-07-21 20:19 - 2019-03-02 22:23 - 000225816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-07-21 20:19 - 2019-03-02 22:23 - 000171216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-07-21 20:19 - 2019-03-02 22:23 - 000056504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-07-21 20:19 - 2019-03-02 22:23 - 000034696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-07-21 20:19 - 2018-01-23 10:46 - 000783232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-07-21 20:19 - 2018-01-23 10:46 - 000174472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-07-21 20:16 - 2018-05-22 22:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-21 19:46 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-20 08:55 - 2018-04-11 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-19 22:53 - 2018-05-22 22:34 - 000000000 ____D C:\Users\Jim
2019-07-16 15:21 - 2014-05-29 10:03 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-12 12:05 - 2018-01-23 13:17 - 000000000 ____D C:\Users\Jim\AppData\Local\Packages
2019-07-12 12:03 - 2015-11-08 23:17 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-07-10 08:10 - 2018-05-22 22:29 - 000946108 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-10 08:04 - 2018-01-23 13:43 - 000000000 ___RD C:\Users\Jim\3D Objects
2019-07-10 08:04 - 2016-02-13 08:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-10 08:02 - 2018-05-22 22:26 - 000321960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-09 22:45 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-09 22:45 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-09 22:45 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-09 22:45 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-09 22:45 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-09 22:45 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-09 22:45 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-09 22:45 - 2018-04-11 08:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-09 16:36 - 2018-04-11 16:25 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-09 16:27 - 2014-05-29 10:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-09 16:22 - 2014-05-29 10:24 - 133475400 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-08 21:52 - 2018-05-22 22:34 - 000002397 _____ C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-08 21:52 - 2016-05-17 10:45 - 000000000 ___RD C:\Users\Jim\OneDrive
2019-07-04 00:43 - 2014-05-28 22:14 - 000407784 __RSH C:\bootmgr
2019-07-01 10:30 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-28 10:53 - 2018-05-20 16:01 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-06-23 11:12 - 2018-01-12 09:15 - 000000000 ____D C:\Program Files\rempl
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
 
ATTENTION: ==> Could not access BCD.  -> This program is blocked by group policy. For more information, contact your system administrator.
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2019 01
Ran by Jim (21-07-2019 21:30:01)
Running from C:\Users\Jim\Desktop
Microsoft Windows 10 Home Version 1803 17134.885 (X86) (2018-05-23 02:59:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3988621694-3172890893-754654441-500 - Administrator - Disabled) => C:\Users\Administrator.000
DefaultAccount (S-1-5-21-3988621694-3172890893-754654441-503 - Limited - Disabled)
Guest (S-1-5-21-3988621694-3172890893-754654441-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3988621694-3172890893-754654441-1002 - Limited - Enabled)
Jim (S-1-5-21-3988621694-3172890893-754654441-1001 - Administrator - Enabled) => C:\Users\Jim
WDAGUtilityAccount (S-1-5-21-3988621694-3172890893-754654441-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Apple Application Support (32-bit) (HKLM\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 75.0.1447.80 - AVAST Software)
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Citrix Online Launcher (HKLM\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
CryptoPrevent v4.7.0 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO Printer A940 (HKLM\...\Dell AIO Printer A940) (Version:  - Dell, Inc.)
Easy Photo Scan (HKLM\...\{93AEF2AF-86FB-42AD-8392-5DAEC0638B1A}) (Version: 1.00.0012 - Seiko Epson Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{D7FFF7F0-A7C9-4810-A810-8A2AE0C28F05}) (Version: 4.4.7 - Seiko Epson Corporation)
EPSON XP-520 Series Printer Uninstall (HKLM\...\EPSON XP-520 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-520 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson XP-520 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Event Planner (HKLM\...\{741849D8-E8D9-49CF-B373-0D7507ED0A56}) (Version:  - )
Family Tree Maker 2014 (HKLM\...\{39EF38DF-2727-4C09-A165-FD3B87BA3AE9}) (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
Glance 2.9 (HKLM\...\Glance_is1) (Version:  - Glance Networks, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Earth Pro (HKLM\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hallmark Card Studio 2 (HKLM\...\{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}) (Version:  - )
HL-L2305 series (HKLM\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
iTunes (HKLM\...\{4EEBA4CC-6719-4AA0-B36E-D7748E55804E}) (Version: 12.5.4.42 - Apple Inc.)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version:  - )
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.143.600.0_x86__kgqvnymyfvs32 [2019-07-10] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x86__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x86__8wekyb3d8bbwe [2019-07-18] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x86__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x86__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x86__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x86__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x86__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x86__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x86__8wekyb3d8bbwe [2016-05-17] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-21] (AVAST Software s.r.o. -> AVAST Software)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
ShortcutWithArgument: C:\Users\Jim\Desktop\Person 1 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-03 12:34 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-03-03 12:34 - 2013-06-12 20:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files\Browny02\BrMonitor.dll
2015-03-03 12:34 - 2013-09-25 16:35 - 000282112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files\Browny02\BrYNSvc.exe
2015-12-17 12:11 - 2015-12-17 12:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files\EPSON Software\Event Manager\epnsm.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON Software\Event Manager\LcMgr.dll
2014-03-18 03:00 - 2014-03-18 03:00 - 000381440 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2009-07-31 17:05 - 2000-08-30 06:00 - 000172032 ____N (Sierra Online, Inc.) [File not signed] C:\Sierra\Planner\PLNRnote.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice => exefile
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 5108 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2019-01-04 19:53 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Local\Microsoft\Windows\Themes\US-wp6.jpg
DNS Servers: 209.18.47.63 - 209.18.47.62
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{01D01829-261B-4126-976A-C5E955FF3951}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{BC4648D9-0313-407C-A642-9AEC01CCF440}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B21BE125-AC0D-43F3-B98D-604EA3EA4343}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6E509E2D-F1AF-482D-8DAF-B432A270A3F1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EF796F82-A393-4EED-BAFB-78EDAD06AD78}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5EFB36D7-E59B-4087-BFFC-CDB12DDFA000}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0EAA8469-2F8F-411F-8FD5-A8D8F37D05D0}] => (Allow) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{CA08B324-DE6D-4B3F-9448-197BA0167D08}] => (Allow) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{B786F92A-EC12-490F-AEFE-D1B4B0A4C79A}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{9F84005E-811B-4159-92B3-01C6E616356D}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{24F33985-2619-4DFD-836D-458FA199F5A9}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{D2444546-E4DD-4396-BDE6-A9D3F454B281}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{FBCF4BAA-BF4F-4803-846C-EEC3E7C6757F}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAaiox.exe (Dell Inc. -> )
FirewallRules: [{F0054FE3-87F3-4B3F-8566-6348CA0C1948}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAaiox.exe (Dell Inc. -> )
FirewallRules: [{D3260931-EE74-455F-A51E-E8EA10146198}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAmon.exe (Dell Inc. -> )
FirewallRules: [{9D2A0302-A745-46D0-A9DC-1CE864B2FEF6}] => (Allow) C:\Program Files\Dell AIO Printer A940\DLBAmon.exe (Dell Inc. -> )
FirewallRules: [{FB745985-2E26-40DE-9329-EECF0E24BE27}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlbapswx.exe (Dell Inc. -> )
FirewallRules: [{30768086-B6C5-403C-9664-81DDE17B67E0}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlbapswx.exe (Dell Inc. -> )
FirewallRules: [{B678758D-A1CB-488D-98EF-80F4F7231C48}] => (Allow) C:\Windows\System32\dlbacoms.exe (Dell Inc. ->  )
FirewallRules: [{B22FA5A5-C387-4020-B03E-ED85DCF9C81B}] => (Allow) C:\Windows\System32\dlbacoms.exe (Dell Inc. ->  )
FirewallRules: [{DB5797A6-BCF6-4DF4-9407-A4698066A7BC}] => (Allow) LPort=1900
FirewallRules: [{0620903F-7B29-49C3-AF00-2B0A4DD5103E}] => (Allow) LPort=2869
FirewallRules: [{D97B2500-F7B8-425B-98B1-5D98D6640ECF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90801967-9DC5-4AA3-AB49-1A9BF51354A1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CCD6E898-331F-4040-BDBC-CE9527213146}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{BB4B79E7-FF82-4347-B35A-753CD8C8C0DC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
01-07-2019 12:29:45 Scheduled Checkpoint
09-07-2019 16:20:57 Windows Update
16-07-2019 20:02:34 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2019 09:05:57 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
Error: (07/21/2019 08:46:28 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostw (2000,R,98) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.
 
Error: (07/21/2019 08:46:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (2000,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Jim\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (07/21/2019 08:46:28 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (2000,R,98) WebCacheLocal: An attempt to open the file "C:\Users\Jim\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/21/2019 08:46:17 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (2000,R,98) WebCacheLocal: An attempt to open the file "C:\Users\Jim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/21/2019 08:46:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (2000,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Jim\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (07/21/2019 08:46:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (2000,R,98) WebCacheLocal: An attempt to open the file "C:\Users\Jim\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/21/2019 08:05:56 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
 
System errors:
=============
Error: (07/21/2019 09:07:05 PM) (Source: DCOM) (EventID: 10016) (User: Jim-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Jim-PC\Jim SID (S-1-5-21-3988621694-3172890893-754654441-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/21/2019 09:00:45 PM) (Source: DCOM) (EventID: 10016) (User: Jim-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Jim-PC\Jim SID (S-1-5-21-3988621694-3172890893-754654441-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/21/2019 08:42:35 PM) (Source: DCOM) (EventID: 10016) (User: Jim-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Jim-PC\Jim SID (S-1-5-21-3988621694-3172890893-754654441-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/21/2019 08:37:29 PM) (Source: DCOM) (EventID: 10016) (User: Jim-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Jim-PC\Jim SID (S-1-5-21-3988621694-3172890893-754654441-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/21/2019 08:29:02 PM) (Source: DCOM) (EventID: 10016) (User: Jim-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Jim-PC\Jim SID (S-1-5-21-3988621694-3172890893-754654441-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/21/2019 08:27:24 PM) (Source: DCOM) (EventID: 10016) (User: Jim-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Jim-PC\Jim SID (S-1-5-21-3988621694-3172890893-754654441-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/21/2019 07:51:25 PM) (Source: DCOM) (EventID: 10016) (User: Jim-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user Jim-PC\Jim SID (S-1-5-21-3988621694-3172890893-754654441-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/21/2019 07:50:33 PM) (Source: DCOM) (EventID: 10016) (User: Jim-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Jim-PC\Jim SID (S-1-5-21-3988621694-3172890893-754654441-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2019-03-14 21:56:06.784
Description: 
Windows Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.15700.9
Previous Engine Version: 1.1.14600.4
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2019-07-14 12:44:21.969
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-13 18:10:10.439
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-12 07:14:53.403
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-10 08:24:10.985
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-08 09:01:55.444
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-07 10:35:04.401
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-06 08:07:59.563
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-05 09:04:32.030
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.0.4 02/10/2009
Motherboard: Dell Inc. 0N185P
Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 84%
Total physical RAM: 2046.98 MB
Available physical RAM: 319.44 MB
Total Virtual: 4094.98 MB
Available Virtual: 1281.47 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:232.35 GB) (Free:182.43 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{a42d04a3-0000-0000-0000-f0183a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
thank you

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,711 posts
  • MVP

Don't think it's a virus.

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#3
jp_17315

jp_17315

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Process CPU Private Bytes Working Set PID Verified Signer
System Idle Process 75.33 36 K 4 K 0
procexp.exe 14.43 24,448 K 51,576 K 9860 (Verified) Microsoft Corporation
chrome.exe 2.04 82,140 K 133,412 K 10084 (Verified) Google LLC
System 1.76 80 K 8,700 K 4
dwm.exe 1.37 22,436 K 35,084 K 1148
chrome.exe 1.33 49,764 K 66,372 K 8404 (Verified) Google LLC
Interrupts 0.97 0 K 0 K n/a
chrome.exe 0.96 50,616 K 57,624 K 1108 (Verified) Google LLC
csrss.exe 0.67 1,516 K 4,192 K 640
explorer.exe 0.43 46,680 K 60,960 K 3364 (Verified) Microsoft Windows
AvastUI.exe 0.27 34,964 K 52,112 K 1844 (Verified) AVAST Software s.r.o.
DLBAmon.exe 0.12 1,332 K 6,656 K 6772 (Verified) Dell Inc.
iPodService.exe 0.04 1,680 K 6,652 K 7536 (Verified) Apple Inc.
AvastSvc.exe 0.04 120,220 K 42,380 K 2196 (Verified) AVAST Software s.r.o.
EEventManager.exe 0.04 2,376 K 9,768 K 7036 (Verified) SEIKO EPSON CORPORATION
SearchIndexer.exe 0.03 21,888 K 22,128 K 4260 (Verified) Microsoft Windows
TeamViewer_Service.exe 0.03 3,960 K 12,380 K 3040 (Verified) TeamViewer GmbH
svchost.exe 0.02 7,492 K 19,048 K 940 (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe 0.02 2,636 K 8,976 K 2852 (Verified) Apple Inc.
OneDrive.exe 0.02 30,488 K 17,368 K 7376 (Verified) Microsoft Corporation
AvastBrowser.exe 0.01 28,948 K 24,348 K 8036 (Verified) AVAST Software s.r.o.
svchost.exe 0.01 37,068 K 44,688 K 1340 (Verified) Microsoft Windows Publisher
SASCORE.EXE 0.01 996 K 5,016 K 2828
AvastBrowser.exe 0.01 27,612 K 35,040 K 1284 (Verified) AVAST Software s.r.o.
AvastBrowser.exe 0.01 20,232 K 32,316 K 7564 (Verified) AVAST Software s.r.o.
lsass.exe 0.01 4,524 K 11,328 K 836 (Verified) Microsoft Windows Publisher
svchost.exe 0.01 3,032 K 9,216 K 3112 (Verified) Microsoft Windows Publisher
smartscreen.exe < 0.01 12,168 K 24,484 K 7192 (Verified) Microsoft Windows
csrss.exe < 0.01 1,216 K 4,060 K 516
WmiPrvSE.exe < 0.01 24,796 K 31,344 K 2020
aswidsagent.exe < 0.01 15,712 K 33,664 K 7296 (Verified) AVAST Software s.r.o.
iTunesHelper.exe < 0.01 3,096 K 8,608 K 7068 (Verified) Apple Inc.
WmiPrvSE.exe 1,956 K 7,316 K 8564
WmiPrvSE.exe 4,488 K 10,928 K 4376
WinStore.App.exe Suspended 27,696 K 47,636 K 4848 (No signature was present in the subject) Microsoft Corporation
winlogon.exe 1,908 K 6,932 K 720
wininit.exe 1,060 K 5,080 K 624
vVX3000.exe 1,768 K 7,872 K 7088 (Verified) Microsoft Corporation
Video.UI.exe Suspended 26,372 K 6,640 K 6416 (No signature was present in the subject)
unsecapp.exe 1,088 K 5,976 K 9384
taskhostw.exe 6,260 K 14,040 K 2576 (Verified) Microsoft Windows
SystemSettings.exe Suspended 21,088 K 38,236 K 6472 (Verified) Microsoft Windows
svchost.exe 4,872 K 11,532 K 1052 (Verified) Microsoft Windows Publisher
svchost.exe 30,092 K 47,000 K 1240 (Verified) Microsoft Windows Publisher
svchost.exe 11,108 K 32,828 K 2356 (Verified) Microsoft Windows Publisher
svchost.exe 2,996 K 7,380 K 3120 (Verified) Microsoft Windows Publisher
svchost.exe 15,484 K 22,432 K 1296 (Verified) Microsoft Windows Publisher
svchost.exe 5,280 K 12,476 K 800 (Verified) Microsoft Windows Publisher
svchost.exe 6,692 K 17,464 K 1556 (Verified) Microsoft Windows Publisher
svchost.exe 2,300 K 9,916 K 820 (Verified) Microsoft Windows Publisher
svchost.exe 13,388 K 23,124 K 1268 (Verified) Microsoft Windows Publisher
svchost.exe 7,728 K 21,140 K 2860 (Verified) Microsoft Windows Publisher
svchost.exe 7,872 K 21,160 K 1484 (Verified) Microsoft Windows Publisher
svchost.exe 2,768 K 9,332 K 8892
svchost.exe 1,396 K 6,016 K 2524 (Verified) Microsoft Windows Publisher
svchost.exe 2,984 K 7,372 K 2844 (Verified) Microsoft Windows Publisher
svchost.exe 2,612 K 8,776 K 3412 (Verified) Microsoft Windows Publisher
svchost.exe 1,560 K 6,780 K 3104 (Verified) Microsoft Windows Publisher
svchost.exe 1,680 K 7,360 K 2100 (Verified) Microsoft Windows Publisher
svchost.exe 1,268 K 5,100 K 2088 (Verified) Microsoft Windows Publisher
svchost.exe 1,632 K 7,924 K 1860 (Verified) Microsoft Windows Publisher
spoolsv.exe 4,916 K 10,324 K 2492 (Verified) Microsoft Windows
SMSvcHost.exe 14,640 K 7,788 K 4248 (Verified) Microsoft Corporation
SMSvcHost.exe 16,144 K 9,528 K 2984 (Verified) Microsoft Corporation
smss.exe 316 K 776 K 384
SkypeBackgroundHost.exe Suspended 1,580 K 7,156 K 3504 (No signature was present in the subject) Microsoft Corporation
SkypeApp.exe Suspended 19,228 K 204 K 6272 (No signature was present in the subject) Microsoft Corporation
sihost.exe 4,532 K 18,028 K 2380 (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 23,992 K 37,956 K 5240 (Verified) Microsoft Windows
services.exe 3,176 K 6,276 K 828
sedsvc.exe 3,744 K 6,700 K 7808 (Verified) Microsoft Windows
SecurityHealthService.exe 3,432 K 12,596 K 3080 (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 48,600 K 46,656 K 5400 (Verified) Microsoft Windows
RuntimeBroker.exe 1,592 K 6,976 K 7716 (Verified) Microsoft Windows
RuntimeBroker.exe 3,380 K 16,124 K 6464 (Verified) Microsoft Windows
RuntimeBroker.exe 8,524 K 20,496 K 1984 (Verified) Microsoft Windows
RuntimeBroker.exe 1,992 K 7,232 K 2128 (Verified) Microsoft Windows
RuntimeBroker.exe 5,736 K 19,252 K 4468 (Verified) Microsoft Windows
RuntimeBroker.exe 2,028 K 12,364 K 4864 (Verified) Microsoft Windows
RuntimeBroker.exe 4,396 K 13,312 K 5996 (Verified) Microsoft Windows
RuntimeBroker.exe 4,692 K 16,696 K 5456 (Verified) Microsoft Windows
Registry 1,820 K 23,156 K 88
PLNRnote.exe 1,332 K 5,784 K 8136 (No signature was present in the subject) Sierra Online, Inc.
MSASCuiL.exe 1,564 K 7,912 K 6668 (Verified) Microsoft Windows
mqsvc.exe 3,292 K 9,200 K 3296 (Verified) Microsoft Windows
Microsoft.Photos.exe Suspended 43,708 K 5,316 K 4564 (No signature was present in the subject)
Memory Compression 360 K 41,828 K 1916
LockApp.exe Suspended 11,408 K 31,312 K 1348 (Verified) Microsoft Windows
GoogleUpdate.exe 2,168 K 72 K 1368
fontdrvhost.exe 10,664 K 4,712 K 956
fontdrvhost.exe 1,488 K 3,012 K 948
escsvc.exe 896 K 4,600 K 3068 (Verified) SEIKO EPSON Corporation
EPCP.exe 1,632 K 5,900 K 2896 (Verified) SEIKO EPSON CORPORATION
dllhost.exe 1,076 K 5,724 K 5196 (Verified) Microsoft Windows
dllhost.exe 1,560 K 8,720 K 9932 (Verified) Microsoft Windows
ctfmon.exe 2,744 K 10,096 K 2792
chrome.exe 52,556 K 79,364 K 6116 (Verified) Google LLC
chrome.exe 21,304 K 37,112 K 3904 (Verified) Google LLC
chrome.exe 29,284 K 44,756 K 1188 (Verified) Google LLC
chrome.exe 23,620 K 31,112 K 1280 (Verified) Google LLC
chrome.exe 18,664 K 33,972 K 8052 (Verified) Google LLC
chrome.exe 29,980 K 47,628 K 3480 (Verified) Google LLC
chrome.exe 24,228 K 38,700 K 9140 (Verified) Google LLC
chrome.exe 21,660 K 34,364 K 7164 (Verified) Google LLC
chrome.exe 22,248 K 35,596 K 812 (Verified) Google LLC
chrome.exe 20,556 K 35,296 K 7692 (Verified) Google LLC
chrome.exe 23,112 K 38,948 K 9936 (Verified) Google LLC
chrome.exe 1,796 K 7,824 K 10212 (Verified) Google LLC
chrome.exe 2,416 K 7,200 K 10168 (Verified) Google LLC
BrYNSvc.exe 1,828 K 8,128 K 7056 (No signature was present in the subject) Brother Industries, Ltd.
AvastBrowserCrashHandler.exe 1,532 K 72 K 4676
AvastBrowser.exe 17,352 K 30,600 K 8080 (Verified) AVAST Software s.r.o.
AvastBrowser.exe 2,248 K 7,340 K 7888 (Verified) AVAST Software s.r.o.
AvastBrowser.exe 2,204 K 6,692 K 7732 (Verified) AVAST Software s.r.o.
atiesrxx.exe 760 K 3,492 K 1836 (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 1,712 K 6,820 K 1868
armsvc.exe 1,056 K 5,112 K 2836 (Verified) Adobe Systems, Incorporated
ApplicationFrameHost.exe 8,720 K 23,652 K 6208 (Verified) Microsoft Windows
 
 
when I did the command line and hit enter to open note pad it said junk.txt could not be found.
 
 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,711 posts
  • MVP

Don't worry about the junk.txt file.  We don't need it since there are no svchost.exe file taking up a lot of CPU time.

 

Uninstall:

 

Avast Secure Browser

(this is installed as an opt out option when you install Avast.)

 

CCleaner (We don't need it and it can be a bit too aggressive removing files)

 

CryptoPrevent v4.7.0  (Makes it hard to make changes.  You can reinstall it when we are done. )

 

SUPERAntiSpyware (puts a lot of sites in the hosts file which slows things down in Win 10)

 

In Chrome, go to:

 

chrome://extensions/

 

For each extension, move the blue ball to the left so that it turns white.  (You can leave the Chrome Apps as they are). 

 

Now go to:

 

chrome://settings/

 

Scroll down to the bottom and click on Advanced

 

Under Privacy and Security, turn off

Preload pages for faster browsing and searching

 

Under System, turn off

Continue running background apps when Google Chrome is closed

 

Close Chrome and Restart Chrome.

 

Are you still getting your popups?  If not, one of the extensions you turned off is the culprit.  Go back in and turn on a few at a time and restart Chrome to see if they come back.  Try to isolate it to one or two extensions.  If that doesn't help then:

 

Go to

https://www.bleeping...oad/adwcleaner/

AdwCleaner Download

    Download Now <== Click on the green button

 

Save the file then right click and Run As Admin.

 

Scan Now.

 

When it finishes (if it found anything) Clean and Repair

 

If that doesn't help then

 

 

 

Let's run Rogue Killer

http://www.adlice.co...iller/#download
Portable 32 bits <== Use this one
Portable 64 bits

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 


  • 0

#5
jp_17315

jp_17315

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

heres the roguekiller log file. Computer is much better and Ithink most of the pop ups are/were from the multiple extensions that he had.

 

RogueKiller Anti-Malware V13.3.2.0 [Jul 15 2019] (Free) by Adlice Software
Operating System : Windows 10 (10.0.17134) 32 bits
Started in : Normal mode
User : Jim [Administrator]
Started from : C:\Users\Jim\Desktop\RogueKiller_portable32.exe
Signatures : 20190723_195507, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/07/23 17:09:04 (Duration : 00:46:48)
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\IncrediMail -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3988621694-3172890893-754654441-1001\Software\IM -- N/A -> Found
  [PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-21-3988621694-3172890893-754654441-1001\Software\IncrediMail -- N/A -> Found
  [PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\IncrediMail -- N/A -> Found
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.IncrediMail (Potentially Malicious)] (folder) IncrediMail -- C:\ProgramData\IncrediMail -> Found
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Chrome Addon
  [PUP.Mindspark (Potentially Malicious)] FromDocToPDF (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\EFNJGL~1) -- efnjglmhkadcodfecjljffkhkcljagfo -> Found
  [PUP.Mindspark (Potentially Malicious)] FromDocToPDF (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ICOMKE~1) -- icomkegadoijccpafapbjlncpafipoha -> Found
  [PUP.SearchManager (Potentially Malicious)] DoctoPDF (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\JFGKPE~1) -- jfgkpeobcmjlocjpfgocelimhppdmigj -> Found
  [PUP.Mindspark (Potentially Malicious)] Search Extension by Ask (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\LGFEHF~1) -- lgfehfbnofiffladdncogfobimealokp -> Found
  [PUP.Gen0 (Potentially Malicious)] SearchLock (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\MADAKP~1) -- madakpajlmcpaodhfbekojajlhbdklol -> Found
  [PUP.Mindspark (Potentially Malicious)] FromDocToPDF (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\MALLPE~1) -- mallpejgeafdahhflmliiahjdpgbegpk -> Found
  [PUP.Gen3 (Potentially Malicious)] MapsGalaxy (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\MFLADG~1) -- mfladgpfndhlfcnjnglanjlfncbpjhng -> Found
  [PUP.Mindspark (Potentially Malicious)] MyTransitGuide (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\NPMOIK~1) -- npmoikddpdgbhgbkjgjemncoegpojpng -> Found
  [PUP.Mindspark (Potentially Malicious)] PDF Viewer & Converter by FromDocToPDF (C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\PBNEIE~1) -- pbneiecbhikjapoihjpemfmpaalkafkh -> Found

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP