Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Asus pc slowing down

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Asus pc slowing down

Unread postby humanerror » December 18th, 2020, 5:07 pm

Hello!

Thanks for your forum. I've enjoyed your service since 2008. Now it's a ASUS i3 pc bought in 2016 that's been slow for a while, but nothing dramatic. I don't know if it's a problem, but task manager shows some duplicates. I have Avast Premium, etc. Cheers.

- Humanerror

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by vesam (administrator) on DESKTOP-QL010TM (ASUSTeK COMPUTER INC. M32CD_A_F_K20CD_K31CD) (18-12-2020 22:39:29)
Running from C:\Users\vesam\Desktop
Loaded Profiles: vesam
Platform: Windows 10 Home Version 2004 19041.685 (X64) Language: suomi (Suomi)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Cleanup\TuneupUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(Avast Software s.r.o. -> The OpenVPN Project) C:\Program Files\AVAST Software\SecureLine VPN\OpenVPN\openvpn.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <34>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsMaps_10.2011.6.0_x64__8wekyb3d8bbwe\Maps.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(UNIVERSITY OF CALIFORNIA, BERKELEY -> Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [615144 2016-03-09] (Samsung Electronics CO., LTD. -> Samsung Electronics Co.,Ltd)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2596704 2020-12-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [70472 2020-09-02] (UNIVERSITY OF CALIFORNIA, BERKELEY -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8281416 2020-09-02] (UNIVERSITY OF CALIFORNIA, BERKELEY -> Space Sciences Laboratory)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [17683056 2019-03-14] (MyHeritage (USA) Inc. -> MyHeritage)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-11-17] (Dropbox, Inc -> Dropbox, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-386011426-3842006082-317715658-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\Installer\chrmstp.exe [2020-11-23] (Avast Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2020-11-19]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
BootExecute: autocheck autochk * icarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BBF419-5C99-475C-AAD4-F7705E344D96} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {14CC2D83-9EA7-413F-A5E2-54D4A10545D9} - System32\Tasks\Avast Software\Avast Cleanup Update BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [2812624 2020-12-04] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid dc87917b-4bf7-477b-9f9f-a40beb877691
Task: {1D02958E-BC17-40B7-A6EF-EC1DB0130B1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-07-08] (Google Inc -> Google Inc.)
Task: {280DA3BE-38E2-4AB5-8A54-055F4411DC33} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {2B7299EB-9AA1-44D0-9F9B-E48D18BDDEC0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4368792 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {4531E58A-1D5D-4945-8C98-5A2F1CCBB151} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4368792 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {493DC088-60AE-4392-A4C3-1AA252518A30} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe [1319424 2017-10-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {49D37C30-3489-4EDF-8CEE-D6C43A947182} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-07-08] (Google Inc -> Google Inc.)
Task: {56CFB7BE-AA0D-4FB3-AF48-D919D7664567} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124776 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {5782ACBA-2B0A-4049-96D8-1B66133C60B8} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {57FE4A73-8F65-41B6-AAD9-DC64B6A5F22C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5DBE283D-8AE7-4328-9F85-4F5A33234913} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {5DBE283D-8AE7-4328-9F85-4F5A33234913} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {5DBE283D-8AE7-4328-9F85-4F5A33234913} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {5F20B910-B695-450C-9173-32EBD7734875} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {63FA1BFB-16BB-4DB1-BB8C-927958CBA260} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1188968 2020-11-18] (Avast Software s.r.o. -> AVAST Software)
Task: {64A03DBE-1848-46F5-A90F-1E18D4BD76DC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6AAE6108-CD37-454F-B467-1AB7BB4E7EC0} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {8622FDA7-5A24-4D87-88A8-971D985EF718} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5442656 2020-11-25] (Avast Software s.r.o. -> Avast Software)
Task: {9B7344C3-53B1-4260-BE73-DE2132DD74E8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A60C751C-AE07-47CE-93CB-841911A55E3F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1321368 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {B25675A7-F5D5-4C69-9E0A-AB201AA66986} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4661856 2020-11-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 059f3281-c5e2-4301-9183-12ffe2be1de8
Task: {BD13D97D-9BF9-42B0-BCA7-10201B753123} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C0B974F2-18A3-47FD-91A8-C612614FC95B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
Task: {D90924FA-27C8-4BC6-BA93-8F18D8F6297F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23756168 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFBA6DBD-AAF4-48F4-88F4-2FBA4F8247D7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124776 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E04EE0F2-9987-480B-8BA2-FD82DA972BA8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23756168 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F43ACC64-7095-4588-A289-C935B35F8699} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {FADB2CAC-AC88-4F6B-B5E4-7D4885F9EC16} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5442656 2020-11-16] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{294a3d8b-c540-4481-8f5e-4ec86c1c29e1}: [DhcpNameServer] 62.241.198.246 62.241.198.245
Tcpip\..\Interfaces\{8e96dd2d-d016-4ff1-b999-50cbec634512}: [NameServer] 100.120.168.1
Tcpip\..\Interfaces\{ba7207a8-c52b-47df-aaf0-4060a2d7da17}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Edge:
======
Edge Notifications: HKU\S-1-5-21-386011426-3842006082-317715658-1001 -> hxxps://web.skype.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\vesam\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-20]

FireFox:
========
FF DefaultProfile: 477kck9w.default-1594386348892
FF ProfilePath: C:\Users\vesam\AppData\Roaming\Mozilla\Firefox\Profiles\xl04bfz0.default-release [2020-10-20]
FF ProfilePath: C:\Users\vesam\AppData\Roaming\Mozilla\Firefox\Profiles\477kck9w.default-1594386348892 [2020-09-19]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)

Chrome:
=======
CHR Profile: C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default [2020-12-18]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.fi__
CHR Extension: (Slides) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-08]
CHR Extension: (Sheets) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docsin offline-tila) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-12-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-12]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Notifications for Instagram) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2019-10-14]
CHR Extension: (Gmail) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\vesam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]
CHR Profile: C:\Users\vesam\AppData\Local\Google\Chrome\User Data\System Profile [2019-11-01]
CHR HKU\S-1-5-21-386011426-3842006082-317715658-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1230608 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\elevation_service.exe [1136920 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12968552 2020-12-04] (Avast Software s.r.o. -> AVAST Software)
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10634632 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-16] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-16] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-11-17] (Dropbox, Inc -> Dropbox, Inc.)
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics CO., LTD. -> Samsung Electronics Co.,Ltd)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [7897696 2020-11-18] (Avast Software s.r.o. -> AVAST Software)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-07-10] (Oracle Corporation -> Oracle Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-20] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522480 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469472 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216984 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-09-07] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326064 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [59312 2020-08-04] (Avast Software s.r.o. -> Avast Software)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [237840 2020-07-11] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247232 2020-07-11] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-10-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-10-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-18 22:39 - 2020-12-18 22:41 - 000025665 _____ C:\Users\vesam\Desktop\FRST.txt
2020-12-18 22:34 - 2020-12-18 22:40 - 000000000 ____D C:\FRST
2020-12-18 22:33 - 2020-12-18 22:33 - 002286592 _____ (Farbar) C:\Users\vesam\Desktop\FRST64.exe
2020-12-18 20:49 - 2020-12-18 20:50 - 000465264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-18 20:14 - 2020-12-18 20:14 - 001321688 _____ (Google LLC) C:\Users\vesam\Desktop\installbackupandsync.exe
2020-12-18 19:44 - 2020-12-18 19:44 - 000000000 ____D C:\Users\vesam\Desktop\htr-20201218T172021Z-001
2020-12-18 19:23 - 2020-12-18 19:44 - 1205757316 _____ C:\Users\vesam\Desktop\htr-20201218T172021Z-001.zip
2020-12-17 18:53 - 2020-12-17 18:53 - 000340576 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-12-17 18:53 - 2020-12-17 18:53 - 000216984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-12-13 14:47 - 2020-12-13 14:47 - 000000999 _____ C:\Users\vesam\AppData\Local\recently-used.xbel
2020-12-12 18:57 - 2020-12-12 18:57 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-12 18:57 - 2020-12-12 18:57 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-12 18:56 - 2020-12-12 18:56 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-12 18:56 - 2020-12-12 18:56 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-12 18:56 - 2020-12-12 18:56 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-12 18:56 - 2020-12-12 18:56 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-12 18:56 - 2020-12-12 18:56 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-12 18:56 - 2020-12-12 18:56 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-12 18:55 - 2020-12-12 18:55 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-12 18:55 - 2020-12-12 18:55 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-12 18:55 - 2020-12-12 18:55 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-12 18:55 - 2020-12-12 18:55 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-12 18:55 - 2020-12-12 18:55 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-12 18:55 - 2020-12-12 18:55 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-12 18:55 - 2020-12-12 18:55 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-12 18:54 - 2020-12-12 18:54 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-12 18:54 - 2020-12-12 18:54 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-12 18:54 - 2020-12-12 18:54 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-12 18:54 - 2020-12-12 18:54 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-12 18:54 - 2020-12-12 18:54 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-12 18:54 - 2020-12-12 18:54 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-12 18:54 - 2020-12-12 18:54 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-11-30 23:10 - 2020-11-30 23:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-11-20 20:33 - 2020-11-20 20:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-18 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-18 22:05 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-18 21:52 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-18 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-18 21:26 - 2020-08-25 22:53 - 000003516 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-18 21:26 - 2020-08-25 22:53 - 000003292 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-18 21:26 - 2020-08-25 22:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-12-18 21:24 - 2018-05-26 09:21 - 000000000 ____D C:\Users\vesam\AppData\Local\AVAST Software
2020-12-18 21:21 - 2016-07-10 21:29 - 000000000 ____D C:\ProgramData\BOINC
2020-12-18 21:06 - 2016-07-08 08:23 - 000000000 ____D C:\ProgramData\AVAST Software
2020-12-18 20:51 - 2016-07-08 07:55 - 000000000 __SHD C:\Users\vesam\IntelGraphicsProfiles
2020-12-18 20:50 - 2020-08-25 22:53 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2020-12-18 20:49 - 2020-08-25 22:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-18 20:49 - 2020-08-25 22:23 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-18 20:49 - 2016-02-27 03:07 - 000000000 ____D C:\Intel
2020-12-18 20:48 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-18 19:12 - 2020-08-25 22:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-17 18:54 - 2020-08-25 22:53 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-12-17 18:53 - 2020-10-14 10:59 - 000176384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-12-17 18:53 - 2020-04-22 07:10 - 000522480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-12-17 18:53 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-17 18:53 - 2019-01-14 20:03 - 000332880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-12-17 18:53 - 2019-01-05 18:23 - 000247888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-12-17 18:53 - 2019-01-05 18:23 - 000097360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-12-17 18:53 - 2018-10-11 11:07 - 000042424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-12-17 18:53 - 2018-06-26 20:31 - 000016832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-12-17 18:53 - 2018-05-24 21:25 - 000851256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-12-17 18:53 - 2018-05-24 21:25 - 000469472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-12-17 18:53 - 2018-05-24 21:25 - 000326064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-12-17 18:53 - 2018-05-24 21:25 - 000208672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-12-17 18:53 - 2018-05-24 21:25 - 000108928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-12-17 18:53 - 2018-05-24 21:25 - 000084496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-12-13 23:06 - 2016-07-25 18:48 - 000000000 ____D C:\Users\vesam\.gimp-2.8
2020-12-13 14:47 - 2016-07-25 18:50 - 000000000 ____D C:\Users\vesam\AppData\Local\gtk-2.0
2020-12-13 14:30 - 2020-08-10 18:27 - 000000000 ____D C:\Users\vesam\AppData\Roaming\audacity
2020-12-12 22:21 - 2018-10-14 16:10 - 000000000 ____D C:\Users\vesam\AppData\Local\D3DSCache
2020-12-12 21:57 - 2020-08-25 22:45 - 001258522 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-12 21:57 - 2019-12-07 16:53 - 000402278 _____ C:\WINDOWS\system32\perfh00B.dat
2020-12-12 21:57 - 2019-12-07 16:53 - 000073432 _____ C:\WINDOWS\system32\perfc00B.dat
2020-12-12 20:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-12 20:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-12 20:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-12 20:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-12 20:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-12 20:00 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-12 20:00 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-12 19:05 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-12 09:45 - 2020-08-23 19:52 - 000002432 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-10 19:58 - 2018-08-26 20:34 - 000000000 ____D C:\Users\vesam\AppData\Local\CrashDumps
2020-12-08 17:04 - 2016-07-08 08:20 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-08 17:04 - 2016-07-08 08:20 - 000002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-30 23:12 - 2020-10-20 21:43 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-30 23:12 - 2020-10-20 21:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-30 23:11 - 2019-12-16 16:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-11-30 20:49 - 2020-08-25 22:53 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-30 20:49 - 2020-08-25 22:53 - 000003310 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-25 18:57 - 2018-02-11 17:21 - 000000000 ____D C:\Users\vesam\AppData\Local\PlaceholderTileLogoFolder
2020-11-23 22:29 - 2018-05-26 09:22 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-11-22 18:53 - 2020-08-25 20:50 - 000000000 ____D C:\Users\vesam\AppData\Roaming\Free M4a to MP3 Converter
2020-11-22 18:43 - 2020-08-25 20:51 - 000000000 ____D C:\Users\vesam\AppData\Roaming\AdvertismentImages
2020-11-18 23:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-11-18 19:10 - 2018-04-25 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google

==================== Files in the root of some directories ========

2020-12-13 14:47 - 2020-12-13 14:47 - 000000999 _____ () C:\Users\vesam\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by vesam (18-12-2020 22:45:17)
Running from C:\Users\vesam\Desktop
Windows 10 Home Version 2004 19041.685 (X64) (2020-08-25 20:55:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

DefaultAccount (S-1-5-21-386011426-3842006082-317715658-503 - Limited - Disabled)
Järjestelmänvalvoja (S-1-5-21-386011426-3842006082-317715658-500 - Administrator - Disabled)
vesam (S-1-5-21-386011426-3842006082-317715658-1001 - Administrator - Enabled) => C:\Users\vesam
Vieras (S-1-5-21-386011426-3842006082-317715658-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-386011426-3842006082-317715658-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Connect 9 Add-in (HKU\S-1-5-21-386011426-3842006082-317715658-1001\...\Adobe Connect 9 Add-in) (Version: 11.9.980.387 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 20.1.9481.1346 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 86.1.6960.198 - AVAST Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.8.5262.1418 - Avast Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Backup and Sync from Google (HKLM\...\{3A8CD593-8CF9-45B4-9932-FC41CBC14E15}) (Version: 3.53.3404.7585 - Google, Inc.)
BOINC (HKLM\...\{31209A01-4F85-4476-9A23-A64C75AE94FC}) (Version: 7.16.11 - Space Sciences Laboratory, U.C. Berkeley)
Crescendo Music Notation Editor (HKLM-x32\...\Crescendo) (Version: 1.86 - NCH Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 110.4.458 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.335.1 - Dropbox, Inc.) Hidden
Free M4a to MP3 Converter X (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Microsoft 365 for Enterprise - fi-fi (HKLM\...\O365ProPlusRetail - fi-fi) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-386011426-3842006082-317715658-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-386011426-3842006082-317715658-1001\...\Teams) (Version: 1.3.00.19173 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 fi) (HKLM\...\Mozilla Firefox 83.0 (x64 fi)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8516 - MyHeritage.com)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040B-0000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
OpenOffice 4.1.5 (HKLM-x32\...\{018CA28E-3FAB-49C3-A3B8-D6962F27A92D}) (Version: 4.15.9789 - Apache Software Foundation)
Oracle VM VirtualBox 6.1.12 (HKLM\...\{BD4C2875-9059-4C94-A7B5-493A538AC180}) (Version: 6.1.12 - Oracle Corporation)
R for Windows 3.4.3 (HKLM\...\R for Windows 3.4.3_is1) (Version: 3.4.3 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
SopCast 4.2.0 (HKLM-x32\...\SopCast) (Version: 4.2.0 - www.sopcast.com)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.24753 - Microsoft Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Elokuvakone -> C:\Program Files\WindowsApps\Microsoft.MovieMoments_6.3.9654.20464_x64__8wekyb3d8bbwe [2016-07-12] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) [MS Ad]
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-03-26] (OverDrive Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Valokuvat-lisäosa -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-15] (Microsoft Corporation)
Video Maker - VideoShow -> C:\Program Files\WindowsApps\39691Videopix.VideoMaker-VideoShow_1.1.57.0_x64__dxz7h1qnd1pge [2020-10-17] (Videopix)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-386011426-3842006082-317715658-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\vesam\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20107.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-386011426-3842006082-317715658-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\vesam\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20107.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-386011426-3842006082-317715658-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vesam\Dropbox [2019-12-16 17:11]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxDTCM.dll [2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\vesam\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) =============

2020-12-18 21:13 - 2020-12-18 21:13 - 000114176 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\_ctypes.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000172544 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\_elementtree.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 002255872 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\_hashlib.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000032256 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\_multiprocessing.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000046080 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\_psutil_windows.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000047616 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\_socket.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 002824704 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\_ssl.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000026112 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\_yappi.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000080896 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\bz2.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000016384 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\common.time34.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000007680 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\hashobjs_ext.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000301568 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\PIL._imaging.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000168448 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\pyexpat.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 001084416 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\pysqlite2._sqlite.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000548864 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\pythoncom27.dll
2020-12-18 21:13 - 2020-12-18 21:13 - 000137728 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\pywintypes27.dll
2020-12-18 21:13 - 2020-12-18 21:13 - 000010752 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\select.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000020992 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\thumbnails_ext.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000689664 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\unicodedata.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000119808 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\usb_ext.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000128512 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32api.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000438784 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32com.shell.shell.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000011776 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32crypt.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000023040 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32event.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000149504 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32file.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000223232 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32gui.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000048128 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32inet.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000029696 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32pdh.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000027648 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32pipe.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000044032 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32process.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000020480 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32profile.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000136192 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32security.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000026624 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\win32ts.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000034816 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\windows.conditional.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000038400 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\windows.connectivity.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000071680 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\windows.device_monitor.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000109056 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\windows.volumes.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000020480 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\windows.winwrap.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 001325056 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wx._controls_.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 001489408 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wx._core_.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 001007104 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wx._gdi_.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000103424 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wx._html2.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 000916992 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wx._misc_.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 001039872 _____ () [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wx._windows_.pyd
2020-12-18 21:13 - 2020-12-18 21:13 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\python27.dll
2020-12-18 21:13 - 2020-12-18 21:13 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wxbase30u_net_vc90_x64.dll
2020-12-18 21:13 - 2020-12-18 21:13 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wxbase30u_vc90_x64.dll
2020-12-18 21:13 - 2020-12-18 21:13 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wxmsw30u_adv_vc90_x64.dll
2020-12-18 21:13 - 2020-12-18 21:13 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wxmsw30u_core_vc90_x64.dll
2020-12-18 21:13 - 2020-12-18 21:13 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wxmsw30u_html_vc90_x64.dll
2020-12-18 21:13 - 2020-12-18 21:13 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\vesam\AppData\Local\Temp\_MEI80842\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-386011426-3842006082-317715658-1001\...\sharepoint.com -> hxxps://eduvantaa-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2019-01-05 18:18 - 000000028 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-386011426-3842006082-317715658-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 100.120.168.1 - 62.241.198.246
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
VirtualBox Host-Only Network #3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
SecureLine: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
WLAN: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Samsung Link"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Family Tree Builder Update"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-386011426-3842006082-317715658-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-386011426-3842006082-317715658-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-386011426-3842006082-317715658-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E8C0B274-A8F1-4988-9F0F-95C7C4B179CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C06F3191-ADA6-44AD-906B-D091FBA3F388}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{E4C6EB4B-23A7-41A3-AE32-C373E977C494}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{97155C9F-FD05-415B-9C04-F21E99CFE800}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18 DEMO\FIFASetup\fifaconfig.exe => No File
FirewallRules: [{72BDF11D-07C7-4A38-9A62-804FC7E06C99}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18 DEMO\FIFASetup\fifaconfig.exe => No File
FirewallRules: [{4EA88574-0FC9-410A-85F9-64218FE7EC5B}] => (Allow) LPort=5354
FirewallRules: [{C7C3177B-2569-4931-A33D-E9C7F1E6C06B}] => (Allow) LPort=5354
FirewallRules: [{80975BD6-37D3-4D51-A16A-844A8465931F}] => (Allow) LPort=5354
FirewallRules: [{B5B49C2F-24DB-45FE-8BA0-165760A1C478}] => (Allow) LPort=5354
FirewallRules: [{B8BB6FF8-98E0-4280-8EC2-983A5518715F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F4895590-541D-43D8-894B-5AFBAC07A83D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{A310CAD4-65B9-418D-955C-5C890FD21491}] => (Allow) C:\Users\vesam\AppData\Roaming\ACEStream\engine\ace_engine.exe => No File
FirewallRules: [{5D6DE5BA-AE92-4431-A6D6-42B390FF0678}] => (Allow) C:\Users\vesam\AppData\Roaming\ACEStream\engine\ace_engine.exe => No File
FirewallRules: [{F3DF5CFF-C259-486C-8833-5335A5A4078D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{2574A983-C49F-41A2-9F62-C78C9A1CEA7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{4CF8D0E6-AC2B-449A-BD2D-111E99AA38A0}] => (Allow) LPort=1900
FirewallRules: [{2940BD08-83A1-4207-BC5F-290CDB65D005}] => (Allow) LPort=7900
FirewallRules: [{014F17B2-4517-413F-AC8C-198C7246059B}] => (Allow) LPort=24234
FirewallRules: [{87FC6CF4-A061-4EEE-B2AE-D452CC427613}] => (Allow) LPort=7679
FirewallRules: [{C9607608-488D-4876-BAE9-781FFE87670F}] => (Allow) LPort=7676
FirewallRules: [{C64A69C9-B79A-41AB-B7A0-1319093B6D9D}] => (Allow) LPort=8643
FirewallRules: [{0B5E2334-0E7C-4DDA-B21A-ECE35C70CC4B}] => (Allow) LPort=8743
FirewallRules: [{8A61E0D3-45E9-443B-9517-843CB47718C0}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe => No File
FirewallRules: [{3702482E-ECC1-47CC-A9BE-565EC036AE49}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe => No File
FirewallRules: [{A9B240A4-1D8A-4B99-B8FA-E92D4338A9C7}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co.,Ltd)
FirewallRules: [{D4D31348-0981-4099-B5D0-642DEC707E77}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co.,Ltd)
FirewallRules: [{F12A5377-A548-4013-8F0E-AA55C246C7D3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co.,Ltd)
FirewallRules: [{DF6A6BFB-3899-49E3-A3BC-59BB0F3FFA8F}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co.,Ltd)
FirewallRules: [{C34D44B4-1C92-487F-9D13-B70BA2B92E14}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F7F7BFFC-FB4A-492F-B412-832312FD9FE5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B909AAC6-501A-4DD2-9773-B14FE6B9702D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E2AF89FB-88B5-41F3-9C5C-FCFE76508864}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2556E76B-0921-4BA3-BD2D-914835C2E556}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A67798B3-B1DB-4A7E-A766-CE58416E57FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4591A643-0BCA-4E4D-8901-28338E53E8ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DC9C17EA-CFD2-491A-B0DB-A5F32910D8DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DB689FF1-D616-45E0-9069-53CB90654D7A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21BD6D4B-7651-42DD-A9B1-C868E636AE9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8C8E78D-238F-4F9C-986E-7C41861783F9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FEC337CF-99D6-4893-B2BB-6D148BB33AD5}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{24E8B47F-BA03-47FC-9A82-CB1ACF446EDC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{0E9564D3-9BBE-4B76-B9EF-61454E0E4D16}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-12-2020 19:45:20 Ajoitettu tarkistuspiste
10-12-2020 19:33:19 Ajoitettu tarkistuspiste
12-12-2020 18:20:27 Windowsin moduulien asennusohjelma

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/18/2020 10:48:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4692,D,23) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 32, PgnoRoot: 1887) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1887 => 1512, 32).

Tag: BtDownClinesLowEmpty

Fatal: 1

Error: (12/18/2020 10:48:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4692,D,21) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 32, PgnoRoot: 1887) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1887 => 1512, 32).

Tag: BtDownClinesLowEmpty

Fatal: 1

Error: (12/18/2020 10:47:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4692,D,23) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 32, PgnoRoot: 1887) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1887 => 1512, 32).

Tag: BtDownClinesLowEmpty

Fatal: 1

Error: (12/18/2020 10:47:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4692,D,21) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 32, PgnoRoot: 1887) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1887 => 1512, 32).

Tag: BtDownClinesLowEmpty

Fatal: 1

Error: (12/18/2020 10:46:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4692,D,23) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 32, PgnoRoot: 1887) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1887 => 1512, 32).

Tag: BtDownClinesLowEmpty

Fatal: 1

Error: (12/18/2020 10:46:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4692,D,21) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 32, PgnoRoot: 1887) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1887 => 1512, 32).

Tag: BtDownClinesLowEmpty

Fatal: 1

Error: (12/18/2020 10:45:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4692,D,23) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 32, PgnoRoot: 1887) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1887 => 1512, 32).

Tag: BtDownClinesLowEmpty

Fatal: 1

Error: (12/18/2020 10:45:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4692,D,21) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 32, PgnoRoot: 1887) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1887 => 1512, 32).

Tag: BtDownClinesLowEmpty

Fatal: 1


System errors:
=============
Error: (12/18/2020 10:13:51 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Ohjain havaitsi sisäisen ohjainvirheen laitteella \Device\VBoxNetLwf.

Error: (12/18/2020 10:08:48 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Ohjain havaitsi sisäisen ohjainvirheen laitteella \Device\VBoxNetLwf.

Error: (12/18/2020 10:06:45 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Ohjain havaitsi sisäisen ohjainvirheen laitteella \Device\VBoxNetLwf.

Error: (12/18/2020 10:05:25 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Ohjain havaitsi sisäisen ohjainvirheen laitteella \Device\VBoxNetLwf.

Error: (12/18/2020 09:21:06 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Ohjain havaitsi sisäisen ohjainvirheen laitteella \Device\VBoxNetLwf.

Error: (12/18/2020 08:52:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Aikakatkaisu (30000 millisekuntia) odotettaessa tapahtuman vastausta avast! Tools-palvelusta.

Error: (12/18/2020 08:51:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Palvelu Tietoturvakeskus lopetettiin virheen takia. Virhe:
%%16389

Error: (12/18/2020 08:49:33 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Ohjain havaitsi sisäisen ohjainvirheen laitteella \Device\VBoxNetLwf.


Windows Defender:
===================================
Date: 2020-10-20 23:13:34.7380000Z
Description:
Microsoft Defenderin virustentorjunta: tarkistus on lopetettu, ennen kuin se oli valmis.
Tarkistustunnus: {42087E7B-D6BA-4480-A350-B1EAEF58417B}
Tarkistustyyppi: Haittaohjelmien torjuntaohjelma
Tarkistusparametrit: Pikatarkistus
Käyttäjä: NT-hallinta\SYSTEM

Date: 2020-12-07 21:37:20.6410000Z
Description:
Microsoft Defenderin virustentorjunta on havainnut virheen yrittäessään päivittää suojaustietoja.
Uusi suojaustietojen versio:
Edellinen suojaustietojen versio: 1.325.1105.0
Päivityslähde: Microsoft Update -palvelin
Suojaustietojen tyyppi: Virustentorjunta
Päivitystyyppi: Täysi
Käyttäjä: NT-hallinta\SYSTEM
Nykyinen moduuliversio:
Edellinen moduuliversio: 1.1.17600.3
Virhekoodi: 0x8024001e
Virheen kuvaus: Järjestelmässä ilmeni odottamaton ongelma päivityksiä tarkistettaessa. Lisätietoja päivitysten asentamisesta tai vianmäärityksestä on Ohje- ja tukikeskuksessa.

Date: 2020-11-07 18:07:54.2740000Z
Description:
Microsoft Defenderin virustentorjunta on havainnut virheen yrittäessään päivittää suojaustietoja.
Uusi suojaustietojen versio:
Edellinen suojaustietojen versio: 1.325.1105.0
Päivityslähde: Microsoft Malware Protection Center
Suojaustietojen tyyppi: Virustentorjunta
Päivitystyyppi: Täysi
Käyttäjä: NT-hallinta\Verkkopalvelu
Nykyinen moduuliversio:
Edellinen moduuliversio: 1.1.17600.3
Virhekoodi: 0x80072ee7
Virheen kuvaus: Palvelimen nimen tai osoitteen tulkitseminen ei onnistunut

Date: 2020-11-07 18:07:54.2730000Z
Description:
Microsoft Defenderin virustentorjunta on havainnut virheen yrittäessään päivittää suojaustietoja.
Uusi suojaustietojen versio:
Edellinen suojaustietojen versio: 1.325.1105.0
Päivityslähde: Microsoft Malware Protection Center
Suojaustietojen tyyppi: Vakoiluohjelmien torjunta
Päivitystyyppi: Täysi
Käyttäjä: NT-hallinta\Verkkopalvelu
Nykyinen moduuliversio:
Edellinen moduuliversio: 1.1.17600.3
Virhekoodi: 0x80072ee7
Virheen kuvaus: Palvelimen nimen tai osoitteen tulkitseminen ei onnistunut

Date: 2020-11-07 18:07:54.2730000Z
Description:
Microsoft Defenderin virustentorjunta on havainnut virheen yrittäessään päivittää suojaustietoja.
Uusi suojaustietojen versio:
Edellinen suojaustietojen versio: 1.325.1105.0
Päivityslähde: Microsoft Malware Protection Center
Suojaustietojen tyyppi: Virustentorjunta
Päivitystyyppi: Täysi
Käyttäjä: NT-hallinta\Verkkopalvelu
Nykyinen moduuliversio:
Edellinen moduuliversio: 1.1.17600.3
Virhekoodi: 0x80072ee7
Virheen kuvaus: Palvelimen nimen tai osoitteen tulkitseminen ei onnistunut

Date: 2020-11-07 18:07:54.2620000Z
Description:
Microsoft Defenderin virustentorjunta on havainnut virheen yrittäessään päivittää suojaustietoja.
Uusi suojaustietojen versio:
Edellinen suojaustietojen versio: 1.325.1105.0
Päivityslähde: Microsoft Malware Protection Center
Suojaustietojen tyyppi: Virustentorjunta
Päivitystyyppi: Täysi
Käyttäjä: NT-hallinta\Verkkopalvelu
Nykyinen moduuliversio:
Edellinen moduuliversio: 1.1.17600.3
Virhekoodi: 0x80072ee7
Virheen kuvaus: Palvelimen nimen tai osoitteen tulkitseminen ei onnistunut

CodeIntegrity:
===================================

Date: 2020-12-18 22:47:21.9760000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 22:47:21.7430000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 22:46:07.7970000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 22:45:31.8550000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 22:45:12.1540000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 22:44:40.4300000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 22:44:14.9410000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 22:43:16.3620000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0501 10/06/2015
Motherboard: ASUSTeK COMPUTER INC. M32CD_A_F_K20CD_K31CD
Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 74%
Total physical RAM: 8077.89 MB
Available physical RAM: 2041.02 MB
Total Virtual: 9357.89 MB
Available Virtual: 2383.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.5 GB) (Free:60.2 GB) NTFS
Drive d: (Data) (Fixed) (Total:780.91 GB) (Free:597.76 GB) NTFS

\\?\Volume{002e4d88-20bf-4333-bf97-8172dbc418f4}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
\\?\Volume{5240f47e-f658-4799-83d5-34dd3ff9da32}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.19 GB) NTFS
\\?\Volume{cfebc63b-f687-4b2c-a085-c0973d8de0c3}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 35422FF6)

Partition: GPT.

==================== End of Addition.txt =======================
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am
Advertisement
Register to Remove

Re: Asus pc slowing down

Unread postby mAL_rEm018 » December 18th, 2020, 5:22 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi humanerror,

Welcome back! I've had the pleasure of working with you in the past. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.

mAL
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Asus pc slowing down

Unread postby mAL_rEm018 » December 20th, 2020, 9:04 am

Hello humanerror,

My apologies for the delay. I was sure I had sent my reply, but it seems it hasn't posted.

Please answer the following question:
    *Do you use this computer for any type of business purposes?


Backup your registry using TCRB
  • Open Tweaking.com Registry Backup. (I see it's already installed on your computer)
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.


-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question
  • Were you able to successfully make the backup?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Asus pc slowing down

Unread postby humanerror » December 20th, 2020, 12:30 pm

Hello,

Thanks for yoyr quick reply anyway.
No, I don't use this computer for business purposes.
The backup was successful.
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Asus pc slowing down

Unread postby mAL_rEm018 » December 20th, 2020, 4:14 pm

Hello humanerror,

The reason I asked if you're using this computer for business is that I notice you have Microsoft 365 for Enterprise installed on it. This is not something I would expect to see on a computer that is not used for any type of business purposes. Could you tell me how you acquired the software?

CKScanner

  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question
  • CKFiles.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Asus pc slowing down

Unread postby humanerror » December 21st, 2020, 1:49 am

Yes. It's from the city/municipality I worked for a couple of years ago. Office 365 was offered for free for all employers to use in their homes.
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Asus pc slowing down

Unread postby humanerror » December 21st, 2020, 2:11 am

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files\r\r-3.4.3\library\survival\tests\data.cracks
c:\users\vesam\desktop\htr-20201218t172021z-001\htr\hellstonerecs\webhell\at\uuscrack.html
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.630.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.630.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\r\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.685.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.685.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\r\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\ssh-keygen.exe
scanner sequence 3.CE.11.BANAF0
----- EOF -----
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: Asus pc slowing down

Unread postby mAL_rEm018 » December 21st, 2020, 6:35 pm

Hello humanerror,

humanerror wrote:Yes. It's from the city/municipality I worked for a couple of years ago. Office 365 was offered for free for all employers to use in their homes.

Unfortunately, I won't be able to help you with your computer problems. What you describe is considered business use here at Malware Removal.


May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which I linked to in my initial post.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

This doesn't mean that we won't be able to help you in the future, but not if your computer hasn't been formatted. That being said, I wish you the best in getting your computer problems resolved.


I will now go ahead and close this topic.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 346 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware