Computer is slow to start and slow to close

O

oldraider67

Well-known member
Joined
Feb 28, 2015
Posts
99
Hello,

I was poking around the internet and found HiJack This. Years ago I lurked at malware removal sites just to watch. I gained very little knowledge.

I ran HiJack This and saw some entries with "familiar" names. I decided to come here. Hijack This had
start page in the 01 section. urlRedirect in the 02 section, unknown owners in the 23 section.

FRST. TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.04.2019
Ran by thomas (administrator) on GIBBS (19-04-2019 18:43:56)
Running from C:\Users\thomas\Desktop
Loaded Profiles: thomas (Available Profiles: thomas)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(PWI, Inc. -> Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(PWI, Inc. -> Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(PWI, Inc. -> Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(PWI, Inc. -> Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (PWI, Inc. -> Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Policies\Explorer: [NoFileAssociation] 1
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\Run: [Bionix Wallpaper] => C:\BioniX Wallpaper\Bionix Wallpaper.exe [4557312 2014-05-30] (CubicDesign) [File not signed]
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {27093560-a59c-11e5-8fac-d050994673f6} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {da6de02d-921c-11e6-a24a-d050994673f6} - E:\AutoRun.exe
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {da6de03e-921c-11e6-a24a-d050994673f6} - E:\AutoRun.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2018-03-23] ()
Startup: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scroll Wheel.exe - Shortcut.lnk [2017-08-12]
ShortcutTarget: Scroll Wheel.exe - Shortcut.lnk -> C:\Users\thomas\Documents\Office Keyboard\Scroll Wheel.exe () [File not signed]
BootExecute: PDBoot.exeautocheck autochk *
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3F0CAA5A-B40E-49BB-A050-B6316CF7006D}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{3F0CAA5A-B40E-49BB-A050-B6316CF7006D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/advanced_search
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2018-04-17] (Belarc, Inc. -> Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-06-28] (Microsoft Corporation -> Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2019-02-26] [Legacy] [not signed]
FF HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-24] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-02] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc. -> Apple Inc.)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-06-06] (Bitdefender SRL -> Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S4 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (PWI, Inc. -> Privacyware/PWI, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [246688 2018-11-14] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [341136 2018-11-14] (Bitdefender SRL -> Bitdefender)
S2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [246688 2018-11-14] (Bitdefender SRL -> Bitdefender)
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [106816 2013-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [227648 2013-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [83176 2013-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [43240 2013-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1423680 2019-01-31] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [367096 2019-01-31] (Bitdefender SRL -> Bitdefender)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [290688 2019-01-31] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 epp; C:\EEK\BIN64\epp.sys [142952 2018-07-14] (Emsisoft Ltd -> Emsisoft Ltd)
R1 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [374632 2019-01-31] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [201000 2019-01-31] (Bitdefender SRL -> BitDefender LLC)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [133152 2013-09-29] (PWI, Inc. -> Privacyware/PWI, Inc.)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [180368 2017-08-11] (RH Software -> Ray Hinchliffe)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [610640 2019-01-31] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-19 18:43 - 2019-04-19 18:44 - 000018128 _____ C:\Users\thomas\Desktop\FRST.txt
2019-04-19 18:42 - 2019-04-19 18:43 - 000000000 ____D C:\FRST
2019-04-19 18:42 - 2019-04-19 18:42 - 002434048 _____ (Farbar) C:\Users\thomas\Desktop\FRST64.exe
2019-04-19 17:35 - 2019-04-19 17:35 - 000388608 _____ (Trend Micro Inc.) C:\Users\thomas\Desktop\HijackThis.exe
2019-04-19 17:24 - 2019-04-19 17:24 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\435176C4.sys
2019-04-19 17:24 - 2019-04-19 17:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-19 17:23 - 2019-04-19 17:32 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-04-19 17:23 - 2019-04-19 17:23 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2019-04-18 18:59 - 2019-04-18 18:59 - 008724028 _____ C:\Users\thomas\Desktop\Nothing Too Complicated.wma
2019-04-17 14:14 - 2019-04-17 14:36 - 000000880 _____ C:\Users\thomas\Documents\news.txt
2019-04-13 14:12 - 2019-04-13 14:12 - 000000458 _____ C:\Users\thomas\Documents\cc_20190413_141231.reg
2019-04-12 12:59 - 2019-04-12 13:00 - 000000810 _____ C:\Users\thomas\Documents\cc_20190412_125951.reg
2019-04-10 12:08 - 2019-04-10 12:08 - 000000434 _____ C:\Users\thomas\Documents\cc_20190410_120805.reg
2019-04-08 19:10 - 2019-02-16 01:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-04-08 19:10 - 2019-02-16 01:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-04-08 12:28 - 2019-04-08 12:28 - 000000452 _____ C:\Users\thomas\Documents\cc_20190408_122833.reg
2019-04-01 19:13 - 2019-02-10 12:41 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-04-01 19:13 - 2019-02-10 12:41 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-04-01 19:13 - 2019-02-10 12:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-04-01 19:13 - 2019-02-10 12:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-04-01 19:13 - 2019-02-10 12:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-04-01 19:13 - 2019-02-10 12:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-04-01 19:13 - 2019-02-10 12:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-04-01 19:13 - 2019-02-10 12:28 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-04-01 19:13 - 2019-02-10 12:10 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-04-01 19:13 - 2019-02-10 12:09 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-04-01 19:13 - 2019-02-10 12:09 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-04-01 19:13 - 2019-02-10 12:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-04-01 19:13 - 2019-02-10 12:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-04-01 19:13 - 2019-02-10 12:08 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-04-01 19:13 - 2019-02-10 12:07 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-04-01 19:13 - 2019-02-10 12:07 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-04-01 19:13 - 2019-02-10 12:07 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-04-01 19:13 - 2019-02-10 12:07 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-04-01 19:13 - 2019-02-10 12:02 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-04-01 19:13 - 2019-02-10 11:50 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-04-01 19:13 - 2019-02-10 11:49 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-04-01 19:13 - 2019-02-10 11:49 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-04-01 19:13 - 2019-02-10 11:38 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-04-01 19:13 - 2019-02-10 11:38 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-19 18:44 - 2017-07-30 10:50 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-04-19 18:42 - 2016-01-03 16:42 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {73479498-26B9-4066-BDEF-7C5E58430F33}.job
2019-04-19 18:42 - 2016-01-03 16:42 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {73479498-26B9-4066-BDEF-7C5E58430F33}.job
2019-04-19 18:21 - 2015-11-24 17:21 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {7EC4B7C8-5B72-4347-8F6D-4659AD5EC1EE}.job
2019-04-19 18:21 - 2015-11-24 17:21 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {7EC4B7C8-5B72-4347-8F6D-4659AD5EC1EE}.job
2019-04-19 18:16 - 2016-01-03 16:16 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {D8CE02CF-5403-4F75-B941-6DFE8AE0522E}.job
2019-04-19 18:16 - 2016-01-03 16:16 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D8CE02CF-5403-4F75-B941-6DFE8AE0522E}.job
2019-04-19 18:14 - 2018-12-20 16:14 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {D5D99104-A069-4B4E-B96A-18E139E53547}.job
2019-04-19 18:14 - 2018-12-20 16:14 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D5D99104-A069-4B4E-B96A-18E139E53547}.job
2019-04-19 17:17 - 2019-03-12 17:11 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2019-04-19 16:18 - 2018-06-15 12:22 - 000000000 ____D C:\EEK
2019-04-19 16:14 - 2009-07-14 00:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-19 16:14 - 2009-07-14 00:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-19 16:08 - 2017-12-30 14:33 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-04-19 16:08 - 2015-11-25 19:22 - 000000000 ____D C:\ProgramData\TEMP
2019-04-19 16:06 - 2016-11-29 15:48 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-04-19 16:03 - 2015-11-24 18:44 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2019-04-19 16:03 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-19 13:53 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-04-19 11:51 - 2018-07-05 14:13 - 000002183 _____ C:\Users\thomas\AppData\Local\restore.vbs
2019-04-18 19:01 - 2018-09-03 16:26 - 000000000 ____D C:\Users\thomas\AppData\Roaming\audacity
2019-04-18 13:45 - 2015-12-17 19:30 - 000000000 ____D C:\Users\thomas\AppData\Local\CrashDumps
2019-04-17 19:48 - 2016-01-01 14:13 - 000000280 _____ C:\Windows\system32\PDBootState
2019-04-16 17:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2019-04-16 17:38 - 2017-07-30 10:49 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-04-16 14:19 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2019-04-09 18:43 - 2017-07-08 12:13 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-04-09 18:43 - 2016-04-24 18:28 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-09 18:43 - 2016-04-24 18:28 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-09 18:43 - 2015-11-27 19:59 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-09 18:43 - 2015-11-24 17:01 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-05 18:27 - 2018-03-10 17:38 - 000000000 ____D C:\Users\thomas\Desktop\New Music
2019-04-05 16:49 - 2015-11-25 11:52 - 000000000 ___RD C:\Users\thomas\Desktop\Tom
2019-04-04 19:07 - 2009-07-14 01:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-01 19:26 - 2015-11-25 18:15 - 127411920 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-04-01 19:26 - 2015-11-25 18:15 - 000000000 ____D C:\Windows\system32\MRT
2019-04-01 19:14 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-04-01 19:14 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\Dism
==================== Files in the root of some directories =======
2016-01-21 16:41 - 2018-04-26 11:23 - 000007597 _____ () C:\Users\thomas\AppData\Local\Resmon.ResmonCfg
2018-07-05 14:13 - 2019-04-19 11:51 - 000002183 _____ () C:\Users\thomas\AppData\Local\restore.vbs
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-04-13 15:08
==================== End of FRST.txt ============================

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019
Ran by thomas (19-04-2019 18:45:19)
Running from C:\Users\thomas\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-11-30 00:35:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1115641942-2515039900-1325098645-500 - Administrator - Disabled)
Guest (S-1-5-21-1115641942-2515039900-1325098645-501 - Limited - Disabled)
thomas (S-1-5-21-1115641942-2515039900-1325098645-1000 - Administrator - Enabled) => C:\Users\thomas
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Antimalware (Disabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AS: Bitdefender Antivirus Free Antimalware (Disabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4500_G510gm_Help (HKLM-x32\...\{DF0B357C-5874-47D0-81E7-79AA890B0CE0}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (HKLM-x32\...\{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (HKLM-x32\...\{28379381-B56A-43e1-B505-3098D82B1C30}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Active@ DVD Eraser v 1.1 (HKLM-x32\...\Active@ DVD Eraser v 1.1) (Version: - )
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.171 - Adobe)
Album Art Downloader XUI 1.03 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.03 - hxxp://sourceforge.net/projects/album-art)
AMD Catalyst Install Manager (HKLM\...\{319956AE-0C18-650A-29A7-EE1504B178EE}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
Belarc Advisor 8.6b (HKLM-x32\...\Belarc Advisor) (Version: 8.6.2.0 - Belarc Inc.)
BioniX Wallpaper 8 (HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\BioniX Wallpaper 8) (Version: - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.8.29 - Bitdefender)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}) (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (HKLM-x32\...\{92A51949-EE4C-466D-AAF0-99E74A49A63F}) (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EasyCapture 1.2.0.0 (HKLM-x32\...\EasyCapture_is1) (Version: - )
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)
Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffind (HKLM-x32\...\{22AEF444-F607-4133-9B99-3E53AB794803}) (Version: 1.0.0 - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FreeRIP MP3 Converter 5.7.1.1 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 5.7.1.1 - GreenTree Applications SRL)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaHuman Audio Converter version 1.9.6.6 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.6.6 - MediaHuman)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5101.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mp3tag v2.89a (HKLM-x32\...\Mp3tag) (Version: 2.89a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
PerfectDisk Professional (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.893 - Raxco Software Inc.)
PodTrans 4.7.4 (HKLM-x32\...\{A5B89AC2-2FE2-4AFD-8CB4-2613E0BB85FF}}_is1) (Version: 4.7.4 - iMobie Inc.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (HKLM-x32\...\{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Status (HKLM-x32\...\{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Uninstall 6.27.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.27.0 - Gavrila Martau)
TrayApp (HKLM-x32\...\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}) (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaks.com Logon Changer (HKLM-x32\...\{528BA2FD-E247-45E4-9174-2F2CF795BFC7}) (Version: 3.0.0 - Advanced PC Media LLC)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\thomas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\thomas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\thomas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\thomas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\thomas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-04-02] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {047B9EA8-13C6-46C6-BF61-FDFE7A0D72BB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1057C86D-4640-4759-9E73-ABCEDDC50020} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Create Custom Restore Point) (For User thomas) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {1753D261-3BE1-4D18-9E35-CA03C46861F6} - System32\Tasks\{1143A199-E5B2-46E2-8948-4C9F880FA0AC} => C:\Program Files (x86)\EasyCapture\EasyCapture.EXE (XYStudio) [File not signed]
Task: {1CA9F60F-FF9D-4CCC-99E6-2E9DEF39E488} - System32\Tasks\{14AA4A15-C85F-463A-AEE0-DFDF878FD207} => C:\BioniX Wallpaper\Bionix Wallpaper.exe (CubicDesign) [File not signed]
Task: {1F022BBD-3FF3-4A36-8B05-5E0E3F3037EF} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Keep X Number of Restore Points) (For User thomas) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {2868CD2D-B81C-4535-8886-9157DCE163DF} - System32\Tasks\EPSON WF-3640 Series Invitation {D8CE02CF-5403-4F75-B941-6DFE8AE0522E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {2953A657-C355-4A69-B888-B6FA4DE78CE2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
Task: {337C6258-9763-4E28-99F2-00776F5569FA} - System32\Tasks\{1A965DFB-D08E-4762-B38F-5F7D330F0E2B} => C:\BioniX Wallpaper\Bionix Wallpaper.exe (CubicDesign) [File not signed]
Task: {34939CB2-118F-4679-A624-57DF429C925C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
Task: {39414F21-2AB7-45B2-BF19-53322C533CA5} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe (Bitdefender SRL -> Bitdefender)
Task: {437C3CD9-AB58-429A-B808-83A02A35D547} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask
Task: {4E4ED6ED-A4A4-4852-9070-7FDAD222C1EB} - System32\Tasks\{C40FBA1A-45B1-4AA0-A6BA-19555BCED356} => C:\Program Files (x86)\EasyCapture\EasyCapture.EXE (XYStudio) [File not signed]
Task: {50001ED6-45B7-427F-AF98-0D903FBA900A} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Create Restore Point) (For User thomas) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {5C29A2E1-D5C0-46E5-A61D-CB4CA781BBBD} - System32\Tasks\{C2D74885-6E10-4609-A467-E18EA1473214} => C:\Program Files (x86)\EasyCapture\EasyCapture.EXE (XYStudio) [File not signed]
Task: {5C9FD4A5-2752-4E94-BAB1-A2BB75560F10} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Delete old Restore Points) (For User thomas) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {695598EE-93A7-42A8-910E-828E578528A6} - System32\Tasks\EPSON WF-3640 Series Update {73479498-26B9-4066-BDEF-7C5E58430F33} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {760AEF61-81E0-4CA5-81DC-BDADE023DC19} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {7740D10B-BA93-4646-93FD-AB6C92686BEA} - System32\Tasks\EPSON WF-3640 Series Invitation {7EC4B7C8-5B72-4347-8F6D-4659AD5EC1EE} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {80B1FF6A-54DA-4AAF-B2C4-0E48B51ACB6F} - System32\Tasks\{E9E4211A-928B-47E8-B92C-EC834931AF3B} => C:\BioniX Wallpaper\Bionix Wallpaper.exe (CubicDesign) [File not signed]
Task: {8EEE60DE-C028-45D3-94AE-78C4E9A92F67} - System32\Tasks\EPSON WF-3640 Series Update {7EC4B7C8-5B72-4347-8F6D-4659AD5EC1EE} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {8F1124AA-0BDE-4961-90BD-637233E6C9EF} - System32\Tasks\EPSON WF-3640 Series Update {D8CE02CF-5403-4F75-B941-6DFE8AE0522E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {950CDCCB-4C02-4175-AB61-8F56E95AF210} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (For User thomas) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {A5702AF2-B395-4890-BB25-A7E7A5DEEFC2} - System32\Tasks\{9A57D222-2664-4453-BEB5-DED9137C5699} => C:\Windows\system32\pcalua.exe -a C:\Users\thomas\Desktop\jre-8u111-windows-i586.exe -d C:\Users\thomas\Desktop
Task: {C594D10A-C173-4B94-8E4A-843AC65CCCE9} - System32\Tasks\EPSON WF-3640 Series Invitation {D5D99104-A069-4B4E-B96A-18E139E53547} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {CB90FE83-942D-48FC-9A21-A112CB5DC504} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {CE5F82DF-1393-445B-91A6-3814D20BFDC2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1115641942-2515039900-1325098645-1000
Task: {CF80C996-728D-436D-BE07-7C77367AC0F6} - System32\Tasks\EPSON WF-3640 Series Update {D5D99104-A069-4B4E-B96A-18E139E53547} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {CFFFD1E3-29A7-495E-96BE-644919E59195} - System32\Tasks\EPSON WF-3640 Series Invitation {73479498-26B9-4066-BDEF-7C5E58430F33} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {DFC216EA-21A6-43FD-83B5-7F5A232E10C2} - \Microsoft\Windows\Wininet\CacheTask -> No File <==== ATTENTION
Task: {E8B8E129-C973-4D4B-91F7-CB60BC6762D9} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {73479498-26B9-4066-BDEF-7C5E58430F33}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {7EC4B7C8-5B72-4347-8F6D-4659AD5EC1EE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D5D99104-A069-4B4E-B96A-18E139E53547}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D8CE02CF-5403-4F75-B941-6DFE8AE0522E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {73479498-26B9-4066-BDEF-7C5E58430F33}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{73479498-26B9-4066-BDEF-7C5E58430F33} /F:UpdateSYSTEMÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {7EC4B7C8-5B72-4347-8F6D-4659AD5EC1EE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{7EC4B7C8-5B72-4347-8F6D-4659AD5EC1EE} /F:UpdateSYSTEMÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {D5D99104-A069-4B4E-B96A-18E139E53547}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{D5D99104-A069-4B4E-B96A-18E139E53547} /F:UpdateSYSTEMÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {D8CE02CF-5403-4F75-B941-6DFE8AE0522E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{D8CE02CF-5403-4F75-B941-6DFE8AE0522E} /F:UpdateSYSTEMÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2015-11-24 17:14 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2015-11-24 17:14 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll
2014-04-02 05:47 - 2014-04-02 05:47 - 000344064 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2014-04-02 05:47 - 2014-04-02 05:47 - 000214528 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-11-04 17:03 - 2013-11-04 17:03 - 000818688 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-11-04 17:03 - 2013-11-04 17:03 - 003650560 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2008-12-03 21:05 - 2008-12-03 21:05 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-12-03 21:05 - 2008-12-03 21:05 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2009-05-21 22:35 - 2009-05-21 22:35 - 000923136 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2015-07-20 18:48 - 2015-07-20 18:48 - 001006080 ____R (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\System.Data.SQLite.dll
2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\ccvideo.com -> hxxps://www.ccvideo.com
IE trusted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\ccvideo.com -> hxxp://www.ccvideo.com
IE trusted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\tcm.com -> hxxp://shop.tcm.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\1001movie.com -> 1001movie.com
There are 6092 more sites.

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-12 17:30 - 2019-04-17 17:44 - 000444606 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 ad.activesolutions.cz
0.0.0.0 app.activetrail.com
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 wad.adbasket.net
0.0.0.0 adbox.hu
0.0.0.0 b.adbox.lv
There are 12141 more lines.

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin;C:\Program Files (x86)\HP\Digital Imaging\bin\;C:\Program Files (x86)\HP\Digital Imaging\bin\Qt\Qt 4.3.3;
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\thomas\AppData\Roaming\BioniX Wallpaper 8\BioniXWallpaper.bmp
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\startupfolder: C:^Users^thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: EPLTarget =>
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CF494558-39B9-4CCC-A665-941D41ED1910}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{B6A135A7-A42C-4896-8B83-10550E704C69}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CF98F9C-84EB-4BE2-96A3-42DCE87CEC62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{48CB43D5-D123-4EB6-9E22-575979990CD8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{B273939C-4173-47E4-B9B3-837C338EB91C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{F9C23B57-6457-4322-A941-14C13FC4D398}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{3CF7C769-0CA9-4B22-B11F-7535CB252196}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{0EAA95CD-4FAF-4205-84BB-52919A7E7D39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{88AD170E-46F3-4E99-9A84-E1DD4EF309F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{A866EF4E-12CC-4AA5-AFD6-A22B8449DD53}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{59F7FC78-EC96-4F4B-B1CD-41327CA79108}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{BE6FDF9E-DD58-49A4-80B3-A0CA07D385DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{B5F121CE-4031-48A0-BA4B-C9360F3117E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{4F4F8BB7-44CC-45F4-80EA-E825C7DEBBAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D39390C0-6108-45EB-B562-A9514251809C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{CFEB858A-CF16-4175-8202-C3FF0C42E8F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{2BB9BAB5-B976-42CB-B8EE-131D9FA1481E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{62002BC8-38E5-44F7-803B-9D87719E4930}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{66260153-37D5-461D-B7A9-3E6270A5060B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{E6D3BAD1-8F37-4CD7-8F83-5269662D8B8C}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{6336B59B-3CA0-457A-9B23-52D6EFF57B18}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0D743A78-A238-4A6B-B7B8-8EB5B9A31084}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{7A12E643-A509-4FC1-A61A-D6D421E857E1}] => (Allow) C:\Users\thomas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12D2CAB3-D869-4448-919F-89CA8155563C}] => (Allow) LPort=2869
FirewallRules: [{2C3AEF26-A26B-4F3D-9205-AD8E69867589}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{4BD0B7CF-B2E7-4C29-B3EB-C442AC4EA712}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{A99593AD-0CC8-4E7E-A723-4C769484AE10}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
==================== Restore Points =========================
11-04-2019 18:00:43 QRM Restore Point
12-04-2019 13:02:35 QRM Restore Point
13-04-2019 14:13:06 QRM Restore Point
16-04-2019 12:35:49 QRM Restore Point
17-04-2019 12:09:34 QRM Restore Point
18-04-2019 13:46:27 QRM Restore Point
19-04-2019 11:51:50 QRM Restore Point
19-04-2019 18:31:05 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/19/2019 06:42:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 18.4.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 156c
Start Time: 01d4f70126e915b7
Termination Time: 0
Application Path: C:\Users\thomas\Desktop\FRST64.exe
Report Id: 6b3d2e92-62f4-11e9-90c5-d050994673f6
Error: (04/19/2019 12:19:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (04/18/2019 06:29:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PDEngine.exe, version: 14.0.893.0, time stamp: 0x5b5b845d
Faulting module name: PDEngine.exe, version: 14.0.893.0, time stamp: 0x5b5b845d
Exception code: 0xc0000005
Fault offset: 0x0000000000142c51
Faulting process id: 0x76c
Faulting application start time: 0x01d4f635e588d572
Faulting application path: C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
Faulting module path: C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
Report Id: 7574f439-6229-11e9-869e-d050994673f6
Error: (04/18/2019 02:28:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (04/17/2019 02:13:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19301, time stamp: 0x5c74d6c9
Faulting module name: MSHTML.dll, version: 11.0.9600.19301, time stamp: 0x5c74e9b6
Exception code: 0xc00000fd
Fault offset: 0x000a9095
Faulting process id: 0xe84
Faulting application start time: 0x01d4f54936ca2c07
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\MSHTML.dll
Report Id: 7aff4036-613c-11e9-a594-d050994673f6
Error: (04/17/2019 02:13:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19301, time stamp: 0x5c74d6c9
Faulting module name: MSHTML.dll, version: 11.0.9600.19301, time stamp: 0x5c74e9b6
Exception code: 0xc00000fd
Fault offset: 0x000a9028
Faulting process id: 0xe64
Faulting application start time: 0x01d4f548fed0fe7f
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\MSHTML.dll
Report Id: 729b20bc-613c-11e9-a594-d050994673f6
Error: (04/17/2019 02:11:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19301 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1254
Start Time: 01d4f548ea6c9cd7
Termination Time: 15
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (04/17/2019 02:10:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19301 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1208
Start Time: 01d4f548a79c9056
Termination Time: 10
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:

System errors:
=============
Error: (04/19/2019 06:37:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (04/19/2019 06:37:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (04/19/2019 06:14:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 47. The internal error state is 800.
Error: (04/19/2019 06:00:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 47. The internal error state is 800.
Error: (04/19/2019 04:06:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Diagnostic System Host service hung on starting.
Error: (04/19/2019 04:05:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147014847 = The requested address is not valid in its context.
Error: (04/19/2019 04:04:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender Correlation Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/19/2019 04:04:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bitdefender Correlation Service service to connect.

==================== Memory info ===========================
Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 56%
Total physical RAM: 7093.51 MB
Available physical RAM: 3078.63 MB
Total Virtual: 14185.16 MB
Available Virtual: 10002.22 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:844.52 GB) NTFS
\\?\Volume{3105cc9f-9176-11e5-880b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E92144BC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
Hi, oldraider67.

1. Priority: if you have not re-enabled BitDefender and Privatefirewall, please do so immediately. You do not need to disable either unless asked to do so temporarily.

2. Speaking of Privatefirewall, it has not been supported for some time and isn't even offered any longer at PrivacyWare. I strongly suggest that you enable the built in Window firewall and uninstall the long-abandoned Privatefirewall. If you elect to uninstall Privatefirewall, follow the steps below to enable the Windows Firewall:
  • Go to Start→Control Panel→System and Security→Windows Firewall.
  • Click the Turn Windows Firewall On or Off link in the left pane of the window.
  • Select the Turn on Windows Firewall radio button
3. I'm glad you didn't try to do anything with HJT. Trend Micro essentially abandoned it a long time ago so I'd suggest you delete it from your desktop. On that note, I did not see anything malicious in the logs. As I've discovered with my 2008 computers (by the way, both running Windows 10), as they get older, they do have a tendency to slow down.

4. There are very few reasons these days to continue having Java installed on your computer and I recommend that you uninstall both versions on your computer:

Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)

However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional. Since you have a 64-bit computer, if nothing else, at least uninstall the x32 version.

5. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
Toolbar: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {27093560-a59c-11e5-8fac-d050994673f6} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {da6de02d-921c-11e6-a24a-d050994673f6} - E:\AutoRun.exe
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {da6de03e-921c-11e6-a24a-d050994673f6} - E:\AutoRun.exe
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {DFC216EA-21A6-43FD-83B5-7F5A232E10C2} - \Microsoft\Windows\Wininet\CacheTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
 
Last edited:
Hi Corrine,

I'll update Java after I finish this response.

I checked Private Firewall and Bitdefender. Both show as running is the services tab of the task manager. However, there is no CPU usage on the process tab.

Bit defender blocked two threats on 4/19/2019

The first was listed as

JS:Trojan.Cryxos1726.

Path: C\users\Thomas\AppData\LocalMicrosoft\Windows\Temporary InternetFiles\Low\Content\IE5\yIGBSL8A\call-now2-ie [1].htm=>(INFECTED_JS.)

The second was listed as

Infected Web Resource scanningsessiontech.bz/POI/call-now2-ie/?id=926136810

Here is the Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019
Ran by thomas (20-04-2019 14:54:29) Run:1
Running from C:\Users\thomas\Desktop
Loaded Profiles: thomas (Available Profiles: thomas)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Toolbar: HKU\S-1-5-21-1115641942-2515039900-1325098645-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {27093560-a59c-11e5-8fac-d050994673f6} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {da6de02d-921c-11e6-a24a-d050994673f6} - E:\AutoRun.exe
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\...\MountPoints2: {da6de03e-921c-11e6-a24a-d050994673f6} - E:\AutoRun.exe
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Users\thomas\Desktop\Misc_Tools\FoxitReaderPortable 8.0.2.0805\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {DFC216EA-21A6-43FD-83B5-7F5A232E10C2} - \Microsoft\Windows\Wininet\CacheTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27093560-a59c-11e5-8fac-d050994673f6} => removed successfully
HKLM\Software\Classes\CLSID\{27093560-a59c-11e5-8fac-d050994673f6} => not found
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da6de02d-921c-11e6-a24a-d050994673f6} => removed successfully
HKLM\Software\Classes\CLSID\{da6de02d-921c-11e6-a24a-d050994673f6} => not found
HKU\S-1-5-21-1115641942-2515039900-1325098645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da6de03e-921c-11e6-a24a-d050994673f6} => removed successfully
HKLM\Software\Classes\CLSID\{da6de03e-921c-11e6-a24a-d050994673f6} => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFC216EA-21A6-43FD-83B5-7F5A232E10C2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFC216EA-21A6-43FD-83B5-7F5A232E10C2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\CacheTask" => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12721393 B
Java, Flash, Steam htmlcache => 1833 B
Windows/system/drivers => 199128 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 33192 B
NetworkService => 33192 B
thomas => 1710336 B
RecycleBin => 55079139 B
EmptyTemp: => 66.6 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 14:55:53 ====

Thanks
 
From my finding at F-Secure, the two blocks by BitDefender were most likely from opening a malicious or compromised webpage hosting a malicious JavaScript file.

Just to get a second opinion, please do a scan with ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.
 
Hi Corrine,

I must have don something wrong. did not see another file created after I closed the ESET scan

I saved the first log created as oldraider67.txt

4/20/2019 19:31:16 PM
Files scanned: 228993
Infected files: 0
Cleaned threats: 0
Total scan time: 01:14:21
Scan status: Finished

Thanks

oldraider67
 
That's ok. What you posted shows 0 (zero) infected files.

Have you seen any improvement in startup/shutdown time? It doesn't seem that you have any unnecessary processes running. It could very well be due to age -- I know I'm certainly slowing down. ;) Keep in mind that Windows 7 is reaching end of support January 14, 2020.
 
Hi Corrine,

I'm sorry I didn't get back to you sooner.

The computer is working fine again.

Thank you for your help :-)

oldraider67
 
Thank you for letting me know, oldraider67.

Please do the following to Uninstall FRST
  • Right-click on FRST/FRST64, and select Rename.
  • Rename it to Uninstall.exe and press Enter on your keyboard.
  • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top