WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow and Sluggish- First Cleanup

Started by wutwut , Dec 12 2018 09:13 AM

Regular Cleanup Slow Net Connection

This topic is locked

8 replies to this topic

#1 wutwut

New Member

Authentic Member
10 posts

Posted 12 December 2018 - 09:13 AM

I've generally been safe and careful but I have yet to do one of these big checks since I got this computer so I think it may be time (not even a virus scan). Lately it's been kind of slow and sluggish, some programs crash and net connection drops randomly while in game.

So here are the logs...

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2018-12-12 16:29:18
-----------------------------
16:29:18.966    OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:18.966    Number of processors: 4 586 0x3001
16:29:18.968    ComputerName: 4WATT UserName: Ohm
16:29:23.779    Initialize success
16:29:23.903    VM: initialized successfully
16:29:23.904    VM: Amd CPU supported
16:30:51.862    AVAST engine defs: 17030301
16:33:46.860    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
16:33:46.864    Disk 0 Vendor: ST1000DM CC45 Size: 953869MB BusType: 11
16:33:46.977    Disk 0 MBR read successfully
16:33:46.982    Disk 0 MBR scan
16:33:46.991    Disk 0 Windows 7 default MBR code
16:33:46.998    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       220999 MB offset 2048
16:33:47.005    Disk 0 Boot: NTFS     code=2
16:33:47.031    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       732869 MB offset 452608000
16:33:47.072    Disk 0 scanning C:\Windows\system32\drivers
16:33:53.987    Service scanning
16:34:11.632    Modules scanning
16:34:11.635    Disk 0 trace - called modules:
16:34:11.648    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
16:34:11.650    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800472d060]
16:34:11.651    3 CLASSPNP.SYS[fffff880019a743f] -> nt!IofCallDriver -> [0xfffffa800448e580]
16:34:11.651    5 amd_xata.sys[fffff88001163d00] -> nt!IofCallDriver -> \Device\00000067[0xfffffa80044852f0]
16:34:12.390    AVAST engine scan C:\Windows
16:34:13.797    AVAST engine scan C:\Windows\system32
16:36:34.633    AVAST engine scan C:\Windows\system32\drivers
16:36:44.051    AVAST engine scan C:\Users\Ohm
16:37:42.376    File: C:\Users\Ohm\AppData\Local\Epic Privacy Browser\Application\62.0.3202.94\Installer\setup.exe **INFECTED** Win32:MalOb-CA [Cryp]
16:37:43.942    File: C:\Users\Ohm\AppData\Local\Epic Privacy Browser\Application\epic.exe **INFECTED** Win32:MalOb-CA [Cryp]
16:46:29.756    Disk 0 MBR has been saved successfully to "D:\AtFiles!\CLEANUP!\MBR.dat"
16:46:29.762    The log file has been saved successfully to "D:\AtFiles!\CLEANUP!\aswMBR.txt"

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Ohm (12-12-2018 16:50:33)
Running from C:\Users\Ohm\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-07 10:40:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-546064741-869659242-2245885051-500 - Administrator - Disabled)
Guest (S-1-5-21-546064741-869659242-2245885051-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-546064741-869659242-2245885051-1003 - Limited - Enabled)
Ohm (S-1-5-21-546064741-869659242-2245885051-1000 - Administrator - Enabled) => C:\Users\Ohm

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
ACP Application (HKLM\...\{94FA306C-F668-C47F-F576-B3BE243244D2}) (Version: 2018.0516.1437.20 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.5.1 - Advanced Micro Devices, Inc.)
Apowersoft Screen Recorder Pro V2.1.9 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.1.9 - APOWERSOFT LIMITED)
APP Shop v1.0.12 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.12 - ASRock Inc.)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
ASUS USB-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.0.0.5 - ASUS)
A-Tuning v2.0.158 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.158 - )
AutoHotkey 1.1.30.01 (HKLM\...\AutoHotkey) (Version: 1.1.30.01 - Lexikos)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
calibre 64bit (HKLM\...\{A9CFF5B2-9CF6-4903-ACD1-CE9CFDFD6206}) (Version: 3.34.0 - Kovid Goyal)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Epic Privacy Browser (HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\Epic) (Version: 62.0.3202.94 - Epic)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 8.00.005 - FlashPeak Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
LibreOffice 6.1.3.2 (HKLM\...\{70F02214-8FF6-48DF-AF3E-7D1A5F7A6BAC}) (Version: 6.1.3.2 - The Document Foundation)
Magnifying Glass Pro 1.8 (HKLM-x32\...\Magnifying Glass Pro_is1) (Version: 1.8 - Workers Collection)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.5.4000 - Maxthon International Limited)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Opera Stable 56.0.3051.116 (HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\Opera 56.0.3051.116) (Version: 56.0.3051.116 - Opera Software)
Pale Moon 28.1.0 (x64 en-US) (HKLM\...\Pale Moon 28.1.0 (x64 en-US)) (Version: 28.1.0 - Moonchild Productions)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd)
ProtonVPN (HKLM-x32\...\{DD43CC6E-70A0-4739-A323-6255838B91FD}) (Version: 1.3.3 - ProtonVPN AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.3.3) (Version: 1.3.3 - ProtonVPN AG)
Prototype (HKLM-x32\...\Prototype_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SeaMonkey 2.49.1 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.1 (x86 en-US)) (Version: 2.49.1 - Mozilla)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-ProtonVPN 9.21.2 (HKLM\...\TAP-ProtonVPN) (Version: 9.21.2 - ProtonVPN AG)
Tixati (HKLM-x32\...\tixati) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Waterfox 56.2.5 (x64 en-US) (HKLM\...\Waterfox 56.2.5 (x64 en-US)) (Version: 56.2.5 - Waterfox Ltd)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn)
ZoneAlarm Firewall (HKLM-x32\...\{6B677C8A-0051-41D4-B70A-4E721C2667D5}) (Version: 15.1.522.17528 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.522.17528 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{6E442303-774D-4AEC-A2BA-F2F523B0ACAC}) (Version: 15.1.522.17528 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-24] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-24] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-05-16] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-24] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09DB47EA-FFAE-4D6B-A12D-6E314BEA0020} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-05-16] (Advanced Micro Devices, Inc.)
Task: {1CB47F2B-406C-42F6-B50C-3D9941839930} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-08] (Google Inc.)
Task: {32E2EDA9-8052-4583-9E3C-A6300EC19D53} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [2018-11-21] (Maxthon International ltd.)
Task: {5E930F89-6898-42C6-A72D-142726432837} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-08] (Google Inc.)
Task: {5FE0D1D6-CA49-45A5-9EC7-FE123B4F0469} - System32\Tasks\{C42FAC67-7005-46AC-A428-6A5D06984B65} => C:\Windows\system32\pcalua.exe -a C:\Wipefile\WipeFile.exe -d C:\Wipefile
Task: {6D3913C4-28BA-4590-82EB-E378DFBAEDC3} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-05-27] ()
Task: {70DC3C2D-AAB0-4333-820C-C9BD2BBDA272} - System32\Tasks\Games\UpdateCheck_S-1-5-21-546064741-869659242-2245885051-1000
Task: {741AB98E-A5BA-4A92-9444-2329ADA0A1A7} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2012-08-30] (Beepa P/L)
Task: {844CEC5E-D8D3-4F3E-9FDC-00C472BB9BB0} - System32\Tasks\Opera scheduled Autoupdate 1541954749 => C:\Users\Ohm\AppData\Local\Programs\Opera\launcher.exe [2018-11-26] (Opera Software)
Task: {AD38C546-5D75-4A39-9921-A403F478716A} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-05-16] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-02-07 13:14 - 2013-07-25 15:04 - 000454656 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2018-02-21 09:19 - 2018-02-21 09:19 - 000054024 _____ () C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
2018-10-13 17:37 - 2018-10-30 20:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-10-13 17:37 - 2018-09-23 02:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-04-24 21:12 - 2018-04-24 21:12 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:12 - 2018-04-24 21:12 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-10-13 17:37 - 2018-09-23 02:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-10-13 17:37 - 2018-09-23 02:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-05-16 21:23 - 2018-05-16 21:23 - 000356744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2018-02-08 23:00 - 2018-10-30 20:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-02-08 23:00 - 2016-09-01 03:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-02-08 23:00 - 2016-09-01 03:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-02-08 23:00 - 2016-09-01 03:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-02-08 23:00 - 2018-11-26 22:29 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2018-02-08 23:00 - 2017-12-20 03:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-02-08 23:00 - 2017-12-20 03:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-02-08 23:00 - 2017-12-20 03:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-02-08 23:00 - 2017-12-20 03:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-02-08 23:00 - 2017-12-20 03:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-02-08 23:00 - 2018-11-26 22:29 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-02-08 23:00 - 2016-07-05 00:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-12-12 12:20 - 2018-12-12 12:20 - 000081408 ____T () C:\Users\Ohm\AppData\Local\Microsoft\bass_vst.dll
2018-12-12 12:20 - 2018-12-12 12:20 - 001758720 ____T () C:\Users\Ohm\AppData\Local\Microsoft\engine_vx.dll
2013-12-13 04:47 - 2013-12-13 04:47 - 000333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-546064741-869659242-2245885051-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ohm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{13AC0B02-D261-474E-9172-A773776AA48C}] => (Allow) C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{4A8E9374-1F4E-483B-BBDD-F3190B747141}] => (Allow) C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{FBFE99E6-D536-4912-B6A1-671E8370A1C7}] => (Allow) LPort=1542
FirewallRules: [{3DACF9EB-D731-4D68-8008-DF0AB77FD6BC}] => (Allow) LPort=1542
FirewallRules: [{69AA44E2-C106-461D-8069-2C1E271CF14C}] => (Allow) LPort=53
FirewallRules: [{1F5568C3-2ECD-48FA-A1AD-B75A044C5175}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{2DBA2658-7FFB-4904-997F-4943CA94DF52}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3B90D67B-08BD-490A-910D-734B0F1D83DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E9DEE973-3A5D-46DB-96A2-CAAFEE6D96C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8B8849B3-FFD1-4D0A-9697-8888CFF30E0A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B94B6E6F-A1B4-45FC-BEDD-8F37D0BBDB9E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{337B4D99-4BF5-4295-A0F7-98E69FF3AE57}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EF0555F5-4C75-4B2C-85B5-A027D6B9F351}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{60A82F1C-1ACC-4244-9F96-38F9797B0A2A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5EEEE138-65FD-482A-8DA6-A3316AEC22B0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EF25E6C8-1D4B-4965-942B-18F6DF83F4D5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{366A78EF-FD44-4DB1-BDBD-4907953153D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FBD95A72-4A52-4C97-8674-E44B461AD792}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Martial Arts Brutality\dojo.exe
FirewallRules: [{E1344563-239E-4393-A997-E2A9F3CED800}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Martial Arts Brutality\dojo.exe
FirewallRules: [{6BD1B9F0-B1EB-4475-8785-087EE43DAE8E}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{51A404E6-A4A7-4922-8AE3-86F7C6F22989}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{11D3DC80-142E-4422-93FA-756ECA70D883}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{6041A69F-ADE5-4350-9F2A-FDE04C4CC25F}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{F0F690ED-D867-402F-9022-F55FD2F44E94}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Sentinels of the Multiverse\Sentinels.exe
FirewallRules: [{CAEDEF54-EF81-4426-92A1-C33F2E1E300D}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Sentinels of the Multiverse\Sentinels.exe
FirewallRules: [{6B4D3CA5-B537-46BD-97AD-A415C8829F53}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Eternal Card Game\Eternal.exe
FirewallRules: [{79B88A9C-259C-4CDA-A636-8DA6DAA3DE38}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Eternal Card Game\Eternal.exe
FirewallRules: [{3CF0DE86-0CF4-43C4-841C-D1C7668E974D}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Battlegrounds of Eldhelm\Eldhelm.exe
FirewallRules: [{56ECAE86-FAEF-44F4-9756-9C6838C30DB2}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Battlegrounds of Eldhelm\Eldhelm.exe
FirewallRules: [{F352B495-A898-4EEB-8D2F-C99BAE6B9C21}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Chronicle\Chronicle.exe
FirewallRules: [{3F1D6176-95BE-4A4C-87B0-E96501482CA7}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Chronicle\Chronicle.exe
FirewallRules: [{7A5954EB-F5D4-4015-AAF3-CEED4A0EF385}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Chronicle\WorkshopTool\WorkshopManager.exe
FirewallRules: [{4D8F6B25-B48D-4A4B-9A1B-960D6E4F9CA4}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Chronicle\WorkshopTool\WorkshopManager.exe
FirewallRules: [{F68017C0-D34B-4032-B938-A88000E12295}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Cards and Castles\Cards and Castles.exe
FirewallRules: [{5EBABB6A-AB9C-4B58-ACA4-17038921D9A7}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Cards and Castles\Cards and Castles.exe
FirewallRules: [{AE18D7BE-F2EF-4BB0-9C5D-75562A486949}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Spellweaver\Spellweaver.exe
FirewallRules: [{8BB0F1EA-68C6-4DA5-9ED7-2C039452CDF3}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Spellweaver\Spellweaver.exe
FirewallRules: [{6B49FF15-1AFB-4BF6-9294-7C6AE146A2C9}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Astral Heroes\AstralHeroes.exe
FirewallRules: [{12518C2A-8270-4DF7-BEC6-4AEF62C7AC16}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Astral Heroes\AstralHeroes.exe
FirewallRules: [{EB8D62E8-DBF9-40DA-A729-D6C8FA63013B}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Ortus Regni\OrtusRegni.exe
FirewallRules: [{DA3B6AD3-A220-42BE-9856-578811621444}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Ortus Regni\OrtusRegni.exe
FirewallRules: [{2184640D-C2C9-44DD-93CA-1AD6FF168DF6}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Tactical Monsters\Tactical Monsters.exe
FirewallRules: [{A4304288-FB07-42EA-82EC-24645002C3D8}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Tactical Monsters\Tactical Monsters.exe
FirewallRules: [{9246D236-DB76-4A09-A629-F93E80653D13}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{0F0E603F-E09F-4478-87CD-31274F77DD4B}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{905F4624-B9B4-4A1A-A192-184BB278556A}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Duel of Summoners\DuelofSummoners.exe
FirewallRules: [{1F04705D-021C-420E-B6CC-E67C8A76C14E}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Duel of Summoners\DuelofSummoners.exe
FirewallRules: [{3F6C1B57-8F1D-437A-91C9-BABD94FD2178}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Onirim - Solitaire Card Game\Onirim.exe
FirewallRules: [{D400429A-BB8B-44DF-91B4-9576F4FCAD78}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Onirim - Solitaire Card Game\Onirim.exe
FirewallRules: [{90390A5E-7D96-4008-A841-09227A5B65DD}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Pox Nora\PoxNora.exe
FirewallRules: [{3F46C582-CB46-4E20-99F8-376777F3F830}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Pox Nora\PoxNora.exe
FirewallRules: [{47CC63F3-6BAA-4882-96C7-C305F6992ACB}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\KROSMAGA\transition\transition.exe
FirewallRules: [{2E3A88C4-89CC-4008-991D-C0629550F690}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\KROSMAGA\transition\transition.exe
FirewallRules: [{7C611F52-3F19-473D-80FB-9C9662A7CA7B}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Labyrinth\labyrinth.exe
FirewallRules: [{23FD260B-B49E-481F-8D1F-1A04279CFDA1}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Labyrinth\labyrinth.exe
FirewallRules: [{5DB38868-76BA-4F68-9CDB-73462C479CFE}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Bombernauts\Bombernauts.exe
FirewallRules: [{447B2F0E-E096-4D0F-B181-9AC5432EC0E2}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Bombernauts\Bombernauts.exe
FirewallRules: [{85F9E4C2-E7CD-44C0-952A-4833D811F0C9}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{869E6D6A-6390-4853-B7F4-F4787B20BBA4}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{8ECBCA13-02E2-401D-9EE7-7CDBF89C3973}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\From The Depths\From_The_Depths.exe
FirewallRules: [{BA280F7C-0C0B-48FC-B482-102F3980AAE3}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\From The Depths\From_The_Depths.exe
FirewallRules: [{DAB351DB-B694-4D54-89F1-ACB47A439B5A}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Battlerite Royale\BattleriteRoyale.exe
FirewallRules: [{D624B9FF-7F37-4E83-A136-7362622075D5}] => (Allow) D:\StAllIns!!\STEAM!!\steamapps\common\Battlerite Royale\BattleriteRoyale.exe
FirewallRules: [{3D594138-089F-495D-9B7E-A96F27CBE7C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{158647BF-7FA8-4611-B72E-BB8763C5AF25}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{FE0BF3AE-9534-4008-A3F3-988202A5039A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SeriousSamDoubleD\SSLauncher.exe
FirewallRules: [{99553DA1-2204-4E91-AA9D-BEA8B60C31C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SeriousSamDoubleD\SSLauncher.exe
FirewallRules: [{B2A20AE9-3284-4B27-AA38-94139BFF3E22}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{6B2B4190-0A6F-48D6-BD7A-BF83EEBC19A1}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{A9B8405C-2DF6-483A-B962-1EF1FA96ADF2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{191FA7A8-41B4-4CD4-B09F-9F865E97288B}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{4BC42913-3309-4C4E-AEFA-4FB1FB61B30A}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe
FirewallRules: [{223599C5-15BD-46D8-8927-954F3F235014}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe
FirewallRules: [{AD7AD3CB-DA04-4708-8B64-20FCD08D9231}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{EF2CAD5C-A71D-478E-BC0C-7D7C45760C2E}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{29A545D4-CCF4-409B-921D-C3EC41DCC289}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-11-2018 16:24:17 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2018 12:21:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/12/2018 12:20:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RtWlan.exe, version: 1.0.0.5, time stamp: 0x5465be3a
Faulting module name: RtWlan.exe, version: 1.0.0.5, time stamp: 0x5465be3a
Exception code: 0xc0000005
Fault offset: 0x0000579a
Faulting process id: 0xf4c
Faulting application start time: 0x01d49204540143a7
Faulting application path: C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtWlan.exe
Faulting module path: C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtWlan.exe
Report Id: 92302f79-fdf7-11e8-b479-d0509953723f

Error: (12/12/2018 12:20:22 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/12/2018 10:01:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/12/2018 10:00:12 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/12/2018 05:48:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam.exe, version: 4.83.53.91, time stamp: 0x5bfc5505
Faulting module name: tier0_s.dll_unloaded, version: 0.0.0.0, time stamp: 0x5bfc548a
Exception code: 0xc0000005
Fault offset: 0x672e6ac0
Faulting process id: 0x9d8
Faulting application start time: 0x01d491cd534ea482
Faulting application path: C:\Program Files (x86)\Steam\Steam.exe
Faulting module path: tier0_s.dll
Report Id: c408a9b6-fdc0-11e8-ba45-d0509953723f

Error: (12/12/2018 05:47:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/12/2018 05:46:23 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (12/11/2018 05:23:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (12/11/2018 01:24:57 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/10/2018 10:08:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:07:22 PM on ‎12/‎10/‎2018 was unexpected.

Error: (12/07/2018 04:02:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/07/2018 03:15:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (12/07/2018 01:17:45 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/07/2018 01:17:45 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/07/2018 01:17:44 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

==================== Memory info ===========================

Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 45%
Total physical RAM: 3508.73 MB
Available physical RAM: 1904.14 MB
Total Virtual: 7015.64 MB
Available Virtual: 3832.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:215.82 GB) (Free:84.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (East) (Fixed) (Total:715.69 GB) (Free:30.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 000ACBE6)
Partition 1: (Active) - (Size=215.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=715.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by Ohm (administrator) on 4WATT (12-12-2018 16:49:42)
Running from C:\Users\Ohm\Desktop
Loaded Profiles: Ohm (Available Profiles: Ohm)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
() C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtlService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Epic Privacy Browser) C:\Users\Ohm\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Apowersoft) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [441856 2017-10-24] (Power Software Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144240 2017-12-29] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\Ohm\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-04-14] (Epic Privacy Browser)
HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\Run: [ApowersoftScreenRecorder] => C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe [3617944 2017-02-07] (Apowersoft)
HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\MountPoints2: F - F:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
HKU\S-1-5-21-546064741-869659242-2245885051-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=avantsearch6
HKU\S-1-5-21-546064741-869659242-2245885051-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-08] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-08] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-08] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-08] (Google Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: 88ekh0t2.default
FF DefaultProfile: u614m3x9.default
FF DefaultProfile: s6poxj0c.default
FF DefaultProfile: ltvqy08k.default
FF ProfilePath: C:\Users\Ohm\AppData\Roaming\Waterfox\Profiles\88ekh0t2.default [2018-12-12]
FF ProfilePath: C:\Users\Ohm\AppData\Roaming\Mozilla\SeaMonkey\Profiles\u614m3x9.default [2018-12-11]
FF ProfilePath: C:\Users\Ohm\AppData\Roaming\Mozilla\Firefox\Profiles\s6poxj0c.default [2018-12-12]
FF Extension: (Flash and Video Download) - C:\Users\Ohm\AppData\Roaming\Mozilla\Firefox\Profiles\s6poxj0c.default\Extensions\{adeadebb-fedc-4180-a7f4-cfdd87496551}.xpi [2018-12-05]
FF ProfilePath: C:\Users\Ohm\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ltvqy08k.default [2018-12-11]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin HKU\S-1-5-21-546064741-869659242-2245885051-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Ohm\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-04-14] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-546064741-869659242-2245885051-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Ohm\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-04-14] (Epic Privacy Browser)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://chrono.gg/"
CHR Profile: C:\Users\Ohm\AppData\Local\Google\Chrome\User Data\Default [2018-12-12]
CHR Extension: (Flash Video Downloader Plus) - C:\Users\Ohm\AppData\Local\Google\Chrome\User Data\Default\Extensions\alfnggielnhdpdamedeokgppcilgainm [2018-12-10]
CHR Extension: (Flash Downloader) - C:\Users\Ohm\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepdaplnjgknikdfmmiihcohocmpmimg [2018-12-05]
CHR Extension: (Flash Downloader) - C:\Users\Ohm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoageakflbgkobikeakdpilfejhdaggh [2018-12-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ohm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\Ohm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-02] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2018-05-16] (Advanced Micro Devices) [File not signed]
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-07-25] () [File not signed]
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [144152 2018-11-21] (Maxthon International ltd.)
R2 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [54024 2018-02-21] ()
R2 Realtek11nCU; C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107584 2017-12-29] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-19] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2017-12-28] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1057648 2017-12-29] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2018-05-16] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2018-02-07] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3591384 2014-10-13] (Realtek Semiconductor Corporation )
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-12-28] (Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\Ohm\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Ohm\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-12 16:49 - 2018-12-12 16:50 - 000012654 _____ C:\Users\Ohm\Desktop\FRST.txt
2018-12-12 16:49 - 2018-12-12 16:49 - 000000000 ____D C:\FRST
2018-12-12 06:52 - 2018-12-12 06:52 - 001035926 _____ C:\Users\Ohm\Downloads\MozBackup-1.5.1-EN.exe
2018-12-12 06:52 - 2018-12-12 06:52 - 000782052 _____ C:\Users\Ohm\Downloads\MozBackup-1.5.1-EN.zip
2018-12-12 06:45 - 2018-12-12 06:45 - 000086632 _____ C:\Users\Ohm\Downloads\mozillahistoryview-x64.zip
2018-12-11 19:48 - 2018-12-11 19:48 - 002417152 _____ (Farbar) C:\Users\Ohm\Desktop\FRST64.exe
2018-12-11 19:47 - 2018-12-11 19:47 - 005198336 _____ (AVAST Software) C:\Users\Ohm\Desktop\aswMBR.exe
2018-12-11 09:43 - 2018-12-12 12:20 - 000002956 _____ C:\Windows\System32\Tasks\AsrSP.exe
2018-12-06 19:04 - 2018-12-06 19:04 - 000002261 _____ C:\Users\Ohm\Desktop\#SharedObjects - Shortcut.lnk
2018-12-06 14:42 - 2018-12-07 15:25 - 000000000 ____D C:\The.Lego.Batman.The.Movie.2017.1080p.WEB-DL.DD5.1.H264-FGT[EtHD]
2018-12-05 15:41 - 2018-12-05 15:41 - 021272984 _____ C:\Users\Ohm\Downloads\sonny-2-2900 (1).swf
2018-12-05 15:35 - 2018-12-05 15:35 - 021272984 _____ C:\Users\Ohm\Downloads\sonny-2-2900.swf
2018-12-05 15:16 - 2018-12-05 15:16 - 000090012 _____ C:\Users\Ohm\Downloads\sonny-2
2018-12-02 06:16 - 2018-01-28 23:34 - 470034683 _____ C:\American.Made.2017.1080p.WEB-DL.DD5.1.H264-FGT.rar
2018-12-01 13:39 - 2018-12-01 13:39 - 046584093 _____ C:\Users\Ohm\Downloads\Transformers_Images.o8c
2018-11-28 10:46 - 2018-11-28 10:46 - 001840609 _____ (pendrivelinux.com) C:\Users\Ohm\Downloads\YUMI-2.0.6.0.exe
2018-11-25 20:22 - 2018-11-30 03:15 - 000000000 ____D C:\Spotlight.2015.1080p.BRRip.x264.AAC-ETRG
2018-11-23 16:06 - 2018-11-23 16:07 - 000000000 ____D C:\Users\Ohm\AppData\Roaming\WD Discovery
2018-11-23 16:06 - 2018-11-23 16:06 - 000000000 ____D C:\Users\Ohm\.wdc
2018-11-23 16:05 - 2018-11-23 16:05 - 000000000 ____D C:\ELEMENTS SE HDD!
2018-11-21 01:53 - 2018-11-24 19:58 - 000000000 ____D C:\The.Big.Short.2015.DVDScr.XVID.AC3.HQ.Hive-CM8
2018-11-16 21:40 - 2018-11-16 21:40 - 000001011 _____ C:\Users\Ohm\Desktop\Magnifying Glass Pro.lnk
2018-11-16 10:11 - 2018-12-05 19:19 - 000000000 ____D C:\A EXTRA SPACE!
2018-11-14 22:31 - 2018-11-14 22:31 - 000000000 ____D C:\Users\Ohm\AppData\Roaming\WorkersCollection
2018-11-14 22:31 - 2018-11-14 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magnifying Glass Pro 1.8
2018-11-14 22:31 - 2018-11-14 22:31 - 000000000 ____D C:\Program Files (x86)\MagniGlassPro
2018-11-14 07:25 - 2018-11-14 07:29 - 088129515 _____ C:\Users\Ohm\Downloads\keyforge-images_v2.o8c
2018-11-14 07:09 - 2018-11-14 07:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2018-11-14 07:09 - 2018-11-14 07:09 - 000000000 ____D C:\Program Files\AutoHotkey
2018-11-14 07:08 - 2018-11-14 07:08 - 003485159 _____ C:\Users\Ohm\Downloads\AutoHotkey_1.1.30.01_setup.exe
2018-11-14 06:49 - 2018-11-14 06:49 - 000087474 _____ C:\Users\Ohm\Downloads\composespecialcharacters-2.0.10.oxt
2018-11-14 06:08 - 2018-11-14 06:08 - 000000000 ____D C:\Users\Public\Documents\sun
2018-11-13 22:23 - 2018-11-13 22:23 - 000001444 _____ C:\Users\Public\Desktop\LibreOffice 6.1.lnk
2018-11-13 22:23 - 2018-11-13 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.1
2018-11-13 22:21 - 2018-11-13 22:22 - 000000000 ____D C:\Program Files\LibreOffice
2018-11-13 22:15 - 2018-11-13 22:15 - 283070464 _____ C:\Users\Ohm\Downloads\LibreOffice_6.1.3_Win_x64.msi
2018-11-13 22:11 - 2018-11-13 22:11 - 000000000 ____D C:\Users\Ohm\AppData\Roaming\NuGet
2018-11-13 22:11 - 2018-11-13 22:11 - 000000000 ____D C:\Users\Ohm\AppData\Local\NuGet
2018-11-13 22:01 - 2018-11-13 22:01 - 000001845 _____ C:\Users\Ohm\Desktop\OCTGN.lnk
2018-11-13 17:05 - 2018-11-13 17:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-11-13 17:05 - 2018-11-13 17:05 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-11-13 16:58 - 2018-11-14 22:21 - 000000000 ____D C:\Users\Ohm\Documents\OCTGN
2018-11-13 16:58 - 2018-11-13 16:58 - 011919629 _____ (OCTGN) C:\Users\Ohm\Downloads\OCTGN-Setup-3.2.92.0.exe
2018-11-13 16:58 - 2018-11-13 16:58 - 001432848 _____ (Microsoft Corporation) C:\Users\Ohm\Downloads\NDP472-KB4054531-Web.exe
2018-11-13 16:58 - 2018-11-13 16:58 - 000000000 ____D C:\Users\Ohm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCTGN

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-12 16:25 - 2018-02-08 14:46 - 000000000 ____D C:\Users\Ohm\AppData\LocalLow\Mozilla
2018-12-12 13:14 - 2018-02-08 23:00 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-12 12:28 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-12 12:28 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-12 12:26 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-12 12:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-12-12 12:22 - 2018-04-02 09:16 - 000003128 _____ C:\Windows\System32\Tasks\FRAPS
2018-12-12 12:22 - 2018-02-08 23:05 - 000000000 ____D C:\Fraps
2018-12-12 12:20 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-12 12:19 - 2018-02-07 13:11 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-12-12 12:03 - 2018-02-08 11:14 - 000000000 ____D C:\Users\Ohm\AppData\Roaming\vlc
2018-12-12 06:43 - 2018-10-13 21:18 - 000000000 ____D C:\Users\Ohm\AppData\Roaming\SlimBrowser
2018-12-11 04:26 - 2018-11-11 17:32 - 000000000 ____D C:\ZM0RN!
2018-12-07 23:00 - 2018-10-17 13:29 - 000000127 _____ C:\Users\Ohm\Desktop\New Text Document.txt
2018-11-27 14:56 - 2018-11-11 18:45 - 000004020 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1541954749
2018-11-26 22:20 - 2018-02-07 13:14 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 22:20 - 2018-02-07 13:14 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-26 13:23 - 2018-09-18 21:02 - 000000000 ____D C:\Users\Ohm\AppData\Roaming\tixati
2018-11-23 16:06 - 2018-02-07 12:40 - 000000000 ____D C:\Users\Ohm
2018-11-19 12:13 - 2018-11-11 18:55 - 000000000 ____D C:\Program Files\Waterfox
2018-11-18 18:03 - 2018-02-08 14:46 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-18 18:03 - 2018-02-08 14:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-14 07:09 - 2011-04-12 10:28 - 000000000 ____D C:\Windows\ShellNew
2018-11-14 06:06 - 2018-02-08 11:03 - 000094904 _____ C:\Users\Ohm\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-14 06:05 - 2009-07-14 06:45 - 000422264 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-13 17:02 - 2018-02-07 12:34 - 000773536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2018-10-22 12:05 - 2018-10-22 11:45 - 000112198 _____ () C:\Users\Ohm\AppData\Local\SSDD.rar
2018-03-28 12:22 - 2018-03-28 12:22 - 000000000 _____ () C:\Users\Ohm\AppData\Local\{C78D79C7-23EC-4BCF-8B03-1F5D875853EB}

Some files in TEMP:
====================
2018-11-23 16:06 - 2018-11-23 16:06 - 000073728 _____ () C:\Users\Ohm\AppData\Local\Temp\DD92.tmp.exe
2018-04-19 21:58 - 2018-04-19 21:58 - 000000000 _____ () C:\Users\Ohm\AppData\Local\Temp\GURA85F.exe
2015-12-30 01:40 - 2015-12-30 01:40 - 000008704 _____ () C:\Users\Ohm\AppData\Local\Temp\NSISUtils.dll
2018-03-10 19:00 - 2018-03-10 19:00 - 000737280 _____ () C:\Users\Ohm\AppData\Local\Temp\Protectb081c136.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-05 20:16

==================== End of FRST.txt ============================

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 12 December 2018 - 05:16 PM

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-546064741-869659242-2245885051-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=avantsearch6
U3 iswSvc; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\Ohm\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Ohm\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
2018-11-23 16:06 - 2018-11-23 16:06 - 000073728 _____ () C:\Users\Ohm\AppData\Local\Temp\DD92.tmp.exe
2018-04-19 21:58 - 2018-04-19 21:58 - 000000000 _____ () C:\Users\Ohm\AppData\Local\Temp\GURA85F.exe
2015-12-30 01:40 - 2015-12-30 01:40 - 000008704 _____ () C:\Users\Ohm\AppData\Local\Temp\NSISUtils.dll
2018-03-10 19:00 - 2018-03-10 19:00 - 000737280 _____ () C:\Users\Ohm\AppData\Local\Temp\Protectb081c136.dll
C:\Windows\Temp\*.*
Emptytemp:
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner - Fix Mode

Download AdwCleaner and move it to your Desktop
Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

~~~~~~~~~~~~~~`

RogueKiller

Download the right version of RogueKiller for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

created by Aura

~~
Please post these 3 logs when finished.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 wutwut

New Member

Authentic Member
10 posts

Posted 15 December 2018 - 03:13 AM

Alright, did it and here are the logs....

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Ohm (15-12-2018 01:48:26) Run:1
Running from C:\Users\Ohm\Desktop
Loaded Profiles: Ohm (Available Profiles: Ohm)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-546064741-869659242-2245885051-1000\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-546064741-869659242-2245885051-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=avantsearch6
U3 iswSvc; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\Ohm\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Ohm\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
2018-11-23 16:06 - 2018-11-23 16:06 - 000073728 _____ () C:\Users\Ohm\AppData\Local\Temp\DD92.tmp.exe
2018-04-19 21:58 - 2018-04-19 21:58 - 000000000 _____ () C:\Users\Ohm\AppData\Local\Temp\GURA85F.exe
2015-12-30 01:40 - 2015-12-30 01:40 - 000008704 _____ () C:\Users\Ohm\AppData\Local\Temp\NSISUtils.dll
2018-03-10 19:00 - 2018-03-10 19:00 - 000737280 _____ () C:\Users\Ohm\AppData\Local\Temp\Protectb081c136.dll
C:\Windows\Temp\*.*
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-546064741-869659242-2245885051-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRock A-Tuning" => removed successfully
HKU\S-1-5-21-546064741-869659242-2245885051-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully
iswSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
aswMBR => service not found.
aswVmm => service not found.
C:\Users\Ohm\AppData\Local\Temp\DD92.tmp.exe => moved successfully
C:\Users\Ohm\AppData\Local\Temp\GURA85F.exe => moved successfully
C:\Users\Ohm\AppData\Local\Temp\NSISUtils.dll => moved successfully
C:\Users\Ohm\AppData\Local\Temp\Protectb081c136.dll => moved successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\dd_NDP461-KB3102436-x86-x64-AllOS-ENU_decompression_log.txt => moved successfully
C:\Windows\Temp\dd_SetupUtility.txt => moved successfully
C:\Windows\Temp\dd_wcf_CA_smci_20180207_103352_541.txt => moved successfully
C:\Windows\Temp\dd_wcf_CA_smci_20180207_103408_874.txt => moved successfully
C:\Windows\Temp\DMI3FBD.tmp => moved successfully
C:\Windows\Temp\DMI6057.tmp => moved successfully
C:\Windows\Temp\DMI6E7B.tmp => moved successfully
C:\Windows\Temp\fwtsqmfile00.sqm => moved successfully
C:\Windows\Temp\GoogleToolbarInstaller1.log => moved successfully
C:\Windows\Temp\GoogleToolbarInstaller2.log => moved successfully
C:\Windows\Temp\GURB01C.tmp => moved successfully
C:\Windows\Temp\Microsoft .NET Framework 4.6.1 Setup_20180207_123255024-MSI_netfx_Full_x64.msi.txt => moved successfully
C:\Windows\Temp\Microsoft .NET Framework 4.6.1 Setup_20180207_123255024.html => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\RGI3AC0.tmp => moved successfully
C:\Windows\Temp\RGI3AC0.tmp-tmp => moved successfully
C:\Windows\Temp\TS_1114.tmp => moved successfully
C:\Windows\Temp\TS_1604.tmp => moved successfully
C:\Windows\Temp\TS_1B81.tmp => moved successfully
C:\Windows\Temp\TS_2B3B.tmp => moved successfully
C:\Windows\Temp\TS_300C.tmp => moved successfully
C:\Windows\Temp\TS_3348.tmp => moved successfully
C:\Windows\Temp\TS_3626.tmp => moved successfully
C:\Windows\Temp\TS_5210.tmp => moved successfully
C:\Windows\Temp\TS_6D4F.tmp => moved successfully
C:\Windows\Temp\TS_7DE.tmp => moved successfully
C:\Windows\Temp\TS_E93.tmp => moved successfully
C:\Windows\Temp\TS_ED3C.tmp => moved successfully
C:\Windows\Temp\UDD49BD.tmp => moved successfully
C:\Windows\Temp\UDD90AC.tmp => moved successfully
C:\Windows\Temp\UDD9E41.tmp => moved successfully
C:\Windows\Temp\UDDCBEC.tmp => moved successfully
C:\Windows\Temp\ZLT0002f.TMP => moved successfully
C:\Windows\Temp\ZLT00106.TMP => moved successfully
C:\Windows\Temp\ZLT001bd.TMP => moved successfully
C:\Windows\Temp\ZLT003e2.TMP => moved successfully
C:\Windows\Temp\ZLT005bb.TMP => moved successfully
C:\Windows\Temp\ZLT008b1.TMP => moved successfully
C:\Windows\Temp\ZLT00e6c.TMP => moved successfully
C:\Windows\Temp\ZLT0111f.TMP => moved successfully
C:\Windows\Temp\ZLT0174d.TMP => moved successfully
C:\Windows\Temp\ZLT01b61.TMP => moved successfully
C:\Windows\Temp\ZLT01be9.TMP => moved successfully
C:\Windows\Temp\ZLT022f8.TMP => moved successfully
C:\Windows\Temp\ZLT02d47.TMP => moved successfully
C:\Windows\Temp\ZLT02fbf.TMP => moved successfully
C:\Windows\Temp\ZLT032a2.TMP => moved successfully
C:\Windows\Temp\ZLT03563.TMP => moved successfully
C:\Windows\Temp\ZLT03805.TMP => moved successfully
C:\Windows\Temp\ZLT03a64.TMP => moved successfully
C:\Windows\Temp\ZLT03baa.TMP => moved successfully
C:\Windows\Temp\ZLT05158.TMP => moved successfully
C:\Windows\Temp\ZLT05330.TMP => moved successfully
C:\Windows\Temp\ZLT0561f.TMP => moved successfully
C:\Windows\Temp\ZLT0578a.TMP => moved successfully
C:\Windows\Temp\ZLT05a44.TMP => moved successfully
C:\Windows\Temp\ZLT05c83.TMP => moved successfully
C:\Windows\Temp\ZLT05d6b.TMP => moved successfully
C:\Windows\Temp\ZLT05e41.TMP => moved successfully
Could not move "C:\Windows\Temp\ZLT06493.TMP" => Scheduled to move on reboot.
C:\Windows\Temp\ZLT07163.TMP => moved successfully
C:\Windows\Temp\ZLT072dc.TMP => moved successfully
C:\Windows\Temp\ZLT07564.TMP => moved successfully
C:\Windows\Temp\ZLT07f10.TMP => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 180460980 B
Java, Flash, Steam htmlcache => 77113703 B
Windows/system/drivers => 2215246 B
Edge => 0 B
Chrome => 843964400 B
Firefox => 1094248928 B
Opera => 30967165 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 2494 B
Ohm => 1322609695 B

RecycleBin => 16614 B
EmptyTemp: => 3.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-12-2018 02:30:57)

C:\Windows\Temp\ZLT06493.TMP => Is moved successfully

==== End of Fixlog 02:30:57 ====

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-12-07.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-15-2018
# Duration: 00:00:02
# OS:       Windows 7 Ultimate
# Cleaned: 2
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1292 octets] - [15/12/2018 10:41:48]
AdwCleaner[S01].txt - [1353 octets] - [15/12/2018 10:42:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

RogueKiller Anti-Malware V13.0.16.0 (x64) [Dec 10 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/d...ad/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Ohm [Administrator]
Started from : C:\Users\Ohm\Desktop\RogueKiller_portable64.exe
Mode : Standard Scan, Scan -- Date : 2018/12/15 10:49:49 (Duration : 00:20:24)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 15 December 2018 - 05:41 AM

Let's check for remnants

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
After the installation IS complete let it update if it asks.
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
Then click on POST
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Emsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.

#5 wutwut

New Member

Authentic Member
10 posts

Posted 16 December 2018 - 11:35 AM

Yeah it's back to being more smooth in running and less stalls, no more disconnect in games now. It's good to see it wasn't too heavily infested so that means what I am doing must work. Here are these last logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/16/18
Scan Time: 7:04 PM
Log File: ab7e5522-0154-11e9-8380-00ffeead1dfb.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.508
Update Package Version: 1.0.8347
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: 4Watt\Ohm

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 222961
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 4 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Emsisoft Emergency Kit - Version 2018.6
Last update: 12/16/2018 7:25:42 PM
User account: 4Watt\Ohm
Computer name: 4WATT
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:   12/16/2018 7:26:31 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO    detected: Application.AdReg (A) [272387]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1    detected: Application.AdReg (A) [272388]

Scanned   73578
Found   2

Scan end:   12/16/2018 7:30:15 PM
Scan time:   0:03:44

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1   Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO   Application.AdReg (A)

Quarantined   2

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 17 December 2018 - 04:27 AM

Yeah it's back to being more smooth in running and less stalls,

Good deal

Use the computer today then report back and tell me whats happening.

Then, we'll remove tools and quarantine folders.

#7 wutwut

New Member

Authentic Member
10 posts

Posted 18 December 2018 - 03:45 AM

Yeah like I already said it's back to working smooth and great, haven't noticed anything I could say is an issue and no more random net drops/slower speeds. So thanks a whole bunch for your time, appreciate it.

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 18 December 2018 - 04:09 AM

Please download DelFix or from Here and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**************

#9 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 19 December 2018 - 05:31 PM

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Also tagged with one or more of these keywords: Regular Cleanup, Slow, Net Connection

Software → Microsoft Windows™ → Very Slow PC - no infections found Started by kangaroo , 12 Aug 2021 slow, unresponsive	3 replies 10,186 views	Ztruker 21 Aug 2021
Software → Microsoft Windows™ → Laptop very, very slow / Programs don't respond Started by ClementZ , 18 May 2021 software, hardware, age, slow and 2 more...	5 replies 10,354 views	PhillPower2 21 May 2021
Software → Microsoft Windows™ → Windows 10 very slow on video processing Started by kangaroo , 28 Mar 2020 Windows, slow, video processing	1 reply 10,205 views	kangaroo 29 Mar 2020
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Win7 laptop has slowed significantly - often CPU at 100% Started by dpculbertson , 05 Jul 2019 Win7, slow, cpu 100% 1 2	Hot 25 replies 81,505 views	Juliet 17 Jul 2019
Software → Microsoft Windows™ → 100% Disk Usage Started by Mr Stark , 27 Oct 2018 disk, usage, high, 100, malware and 5 more...	9 replies 32,336 views	PhillPower2 03 Nov 2018

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Body Background

skin color theme