PDA

View Full Version : Persistent Warning



gin_jammer
2017-12-03, 18:18
My online sessions have recently been interrupted repeatedly by a popup plus an audio warning to the effect that my computer "may" be infected. I can turn them off only with the Task Manager. I have done a Registry backup. FRST.txt and aswMBR follow.

Please help.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Ed (administrator) on ED-PC (03-12-2017 09:19:38)
Running from C:\Users\Ed\Desktop\Unused Icons
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-27] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [BingSvc] => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudPhotos] => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-08-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toast.net/start
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\c1chj0up.default-1479757157401
FF Homepage: hxxp://toast.net/start/
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-27] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-27] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4448016 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48912 2017-11-15] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [149592 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135872 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [249232 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [151024 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270344 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43992 2017-11-27] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35264 2017-11-27] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [117368 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [91976 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63280 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775552 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [381184 2017-11-27] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [143264 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [290776 2017-11-27] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 09:17 - 2017-12-03 09:17 - 00001032 _____ C:\Users\Ed\Desktop\FRST - Shortcut.lnk
2017-12-03 09:09 - 2017-12-03 09:09 - 01752064 _____ (Farbar) C:\Users\Ed\Downloads\FRST.exe
2017-12-03 09:04 - 2017-12-03 09:04 - 00000000 ____D C:\RegBackup
2017-12-03 08:59 - 2017-12-03 08:59 - 00002188 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-12-03 08:54 - 2017-12-03 08:54 - 05766144 _____ (Tweaking.com) C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
2017-11-27 08:46 - 2017-11-27 08:46 - 00001921 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-11-27 08:45 - 2017-11-27 08:44 - 00306448 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-11-27 08:45 - 2017-11-27 08:44 - 00149592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2017-11-14 18:57 - 2017-10-17 20:55 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-14 18:57 - 2017-10-17 20:55 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-14 18:57 - 2017-10-17 20:55 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-14 18:57 - 2017-10-17 20:55 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-14 18:57 - 2017-10-17 20:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-14 18:57 - 2017-10-17 20:55 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-14 18:57 - 2017-10-17 20:55 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-14 18:57 - 2017-10-16 17:49 - 01213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-14 18:57 - 2017-10-16 17:25 - 02402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-14 18:57 - 2017-10-16 16:55 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-11-14 18:57 - 2017-10-11 19:40 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-14 18:57 - 2017-10-11 19:37 - 11410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-14 18:57 - 2017-10-11 19:37 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-14 18:57 - 2017-10-11 19:26 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-14 18:57 - 2017-10-11 19:26 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-14 18:57 - 2017-10-11 19:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-14 18:57 - 2017-10-11 19:25 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-14 18:57 - 2017-10-11 19:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-14 18:57 - 2017-10-11 19:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-14 18:57 - 2017-10-11 19:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-14 18:57 - 2017-10-11 19:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-14 18:57 - 2017-10-11 19:14 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-14 18:57 - 2017-09-07 08:05 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-14 18:57 - 2017-09-07 08:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-14 18:56 - 2017-10-17 21:16 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-14 18:56 - 2017-10-17 21:11 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-14 18:56 - 2017-10-15 17:04 - 00313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-14 18:56 - 2017-10-04 08:04 - 01918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-14 18:56 - 2017-10-04 08:04 - 01321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-14 18:56 - 2017-10-04 08:04 - 00541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-14 18:56 - 2017-10-04 08:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-14 18:56 - 2017-10-04 08:04 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-14 18:56 - 2017-10-04 08:04 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-14 18:56 - 2017-10-04 08:04 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-08 16:09 - 2017-11-08 16:09 - 00154442 _____ C:\Users\Ed\Downloads\EasyPayTermsAgreement.pdf
2017-11-07 07:43 - 2017-11-30 15:23 - 00000000 ___RD C:\Users\Ed\iCloudDrive
2017-11-07 07:43 - 2017-11-07 07:43 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-07 07:43 - 2017-11-07 07:43 - 00000000 ____D C:\Users\Ed\AppData\Local\Apple Inc
2017-11-07 07:36 - 2017-11-07 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-05 11:02 - 2017-11-05 11:02 - 00630811 _____ C:\Users\Ed\Downloads\Statement_Nov 2017.pdf
2017-11-05 09:11 - 2017-11-07 08:09 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Apple Computer
2017-11-05 09:11 - 2017-11-07 07:42 - 00000000 ____D C:\Users\Ed\AppData\Local\Apple Computer
2017-11-05 09:10 - 2017-11-05 09:10 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-05 09:10 - 2017-11-05 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-05 09:10 - 2017-11-05 09:10 - 00000000 ____D C:\Program Files\iPod
2017-11-05 09:09 - 2017-11-05 09:10 - 00000000 ____D C:\Program Files\iTunes
2017-11-05 09:09 - 2017-11-05 09:09 - 00000000 ____D C:\ProgramData\Apple Computer
2017-11-05 09:08 - 2017-11-05 09:08 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-11-05 09:08 - 2017-11-05 09:08 - 00000000 ____D C:\Users\Ed\AppData\Local\Apple
2017-11-05 09:08 - 2017-11-05 09:08 - 00000000 ____D C:\Program Files\Apple Software Update
2017-11-05 09:07 - 2017-11-07 07:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-11-05 09:07 - 2017-11-05 09:08 - 00000000 ____D C:\ProgramData\Apple
2017-11-05 09:07 - 2017-11-05 09:07 - 00000000 ____D C:\Program Files\Bonjour
2017-11-05 09:04 - 2017-11-05 09:05 - 200617288 _____ (Apple Inc.) C:\Users\Ed\Downloads\iTunesSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 09:19 - 2016-03-23 19:19 - 00000000 ____D C:\FRST
2017-12-03 09:19 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Ed\Desktop\Unused Icons
2017-12-03 09:00 - 2015-10-09 16:43 - 00049465 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-12-03 08:47 - 2016-11-19 15:24 - 00000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
2017-12-03 04:18 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-03 04:18 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-30 16:36 - 2016-01-18 20:00 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Skype
2017-11-30 15:22 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-30 10:35 - 2015-07-22 08:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 10:20 - 2017-05-19 15:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-11-30 10:20 - 2015-08-10 15:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-29 03:06 - 2015-07-21 14:43 - 00000000 ____D C:\Windows\system32\MRT
2017-11-29 03:01 - 2017-10-11 02:01 - 124282896 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-29 03:01 - 2015-07-21 14:43 - 124282896 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-27 10:44 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2017-11-27 08:46 - 2017-05-29 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-27 08:46 - 2017-05-23 08:02 - 00381184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-11-27 08:44 - 2017-05-23 08:02 - 00775552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-11-27 08:44 - 2017-05-23 08:02 - 00290776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-11-27 08:44 - 2017-05-23 08:02 - 00143264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-11-27 08:44 - 2017-05-23 08:02 - 00117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-11-27 08:44 - 2017-05-23 08:02 - 00091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-11-27 08:44 - 2017-05-23 08:02 - 00063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-11-27 08:44 - 2017-05-23 08:02 - 00035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-11-27 08:43 - 2017-05-23 08:02 - 00270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2017-11-27 08:43 - 2017-05-23 08:02 - 00249232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2017-11-27 08:43 - 2017-05-23 08:02 - 00151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2017-11-27 08:43 - 2017-05-23 08:02 - 00135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2017-11-27 08:43 - 2017-05-23 08:02 - 00043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2017-11-24 15:50 - 2016-11-21 16:33 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2017-11-15 16:08 - 2015-08-10 15:55 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Mozilla
2017-11-15 09:03 - 2010-11-20 16:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-15 08:59 - 2016-05-09 05:30 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2017-11-15 08:56 - 2017-09-04 12:34 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2017-11-15 08:56 - 2017-01-10 09:02 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2017-11-15 06:56 - 2016-01-18 19:59 - 00000000 ____D C:\ProgramData\Skype
2017-11-15 04:01 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2017-11-15 03:24 - 2009-07-13 23:33 - 00310016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 03:21 - 2015-07-21 14:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-11-07 07:43 - 2015-07-21 13:41 - 00000000 ____D C:\Users\Ed
2017-11-06 12:53 - 2017-09-04 12:34 - 00000978 _____ C:\Users\Public\Desktop\AVG.lnk

==================== Files in the root of some directories =======

2015-12-29 21:38 - 2015-12-29 21:39 - 54113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe
2016-05-16 15:30 - 2016-05-16 15:30 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-11-29 00:36

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Ed (2017-12-03 09:20:28)
Running from C:\Users\Ed\Desktop\Unused Icons
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2218B6FE-7215-4EC9-B0E7-F47674AFA2F5}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AVG (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
AVG PC TuneUp (Version: 16.76.2 - AVG Technologies) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Elevated Installer (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
FMW 1 (Version: 1.226.3 - AVG Technologies) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
iCloud (HKLM\...\{8C0BFEB8-6679-4A88-B4EC-2DF8BEC18CE0}) (Version: 7.1.0.34 - Apple Inc.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
iTunes (HKLM\...\{ABDCBAEB-4276-4409-9145-E1E410377A9B}) (Version: 12.7.1.14 - Apple Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x86 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1.6541 - Mozilla)
Mozilla Thunderbird 52.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.5.0 (x86 en-US)) (Version: 52.5.0 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {1F4C501C-34A1-4D9E-B7C6-840AE68FE10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated)
Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {4EEBD237-DBCF-4B4A-A40E-F6ACB68CF00A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {865B7FA1-7AF1-4AE3-9506-F23373B0C070} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2017-11-27] (AVG Technologies CZ, s.r.o.)
Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {DCDA5300-1724-4338-B20E-88517EF64AD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
Task: {F7C8A13B-225A-4748-8F83-A40314F093E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0316avUpdateInfo.job => C:\ProgramData\Avg_Update_0316av\0316av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0615piUpdateInfo.job => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-01-16 19:11 - 2013-01-14 23:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00060160 _____ () C:\Program Files\AVG\Antivirus\module_lifetime.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00168216 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00238928 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00245704 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00152224 _____ () C:\Program Files\AVG\Antivirus\network_notifications.dll
2017-11-30 09:05 - 2017-11-30 09:05 - 05877992 _____ () C:\Program Files\AVG\Antivirus\defs\17113000\algo.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00711176 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00246728 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2017-11-30 15:25 - 2017-11-30 15:25 - 05877992 _____ () C:\Program Files\AVG\Antivirus\defs\17113006\algo.dll
2017-12-01 07:29 - 2017-12-01 07:29 - 05888920 _____ () C:\Program Files\AVG\Antivirus\defs\17120100\algo.dll
2017-12-01 15:31 - 2017-12-01 15:31 - 05888920 _____ () C:\Program Files\AVG\Antivirus\defs\17120110\algo.dll
2017-12-02 07:33 - 2017-12-02 07:33 - 05888920 _____ () C:\Program Files\AVG\Antivirus\defs\17120202\algo.dll
2017-12-03 07:35 - 2017-12-03 07:35 - 05888920 _____ () C:\Program Files\AVG\Antivirus\defs\17120300\algo.dll
2016-04-13 16:25 - 2016-04-13 16:25 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2017-10-18 23:52 - 2017-10-18 23:52 - 01042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-18 23:52 - 2017-10-18 23:52 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-07-25 12:53 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-10-18 23:51 - 2017-10-18 23:51 - 00189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2017-07-05 16:51 - 2017-07-05 16:51 - 67109376 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2016-12-02 18:14 - 2016-12-02 18:14 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2015-07-25 12:53 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-25 12:53 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-25 12:53 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00143912 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
2017-11-27 08:44 - 2017-11-27 08:44 - 00246728 _____ () c:\Program Files\AVG\Antivirus\StreamBack.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.

IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-11-17 14:44 - 00000734 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BBAE6A51-936A-4002-B8B4-0F02AABB30B2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B2128B1E-F10A-497D-9B81-0746EB32B04E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

02-12-2017 00:00:03 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2017 03:20:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0xdb8
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3

Error: (12/03/2017 03:20:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (12/02/2017 01:30:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x1890
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3

Error: (12/02/2017 01:30:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (12/01/2017 01:41:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x146c
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3

Error: (12/01/2017 01:41:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (11/30/2017 02:34:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x10c8
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3

Error: (11/30/2017 02:34:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (11/29/2017 01:30:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x12e8
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3

Error: (11/29/2017 01:30:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])


System errors:
=============
Error: (12/01/2017 03:31:15 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/30/2017 03:24:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/30/2017 03:24:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/30/2017 03:23:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (11/30/2017 03:23:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (11/30/2017 10:23:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/30/2017 10:23:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/30/2017 10:22:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/30/2017 10:22:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/30/2017 10:21:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 80%
Total physical RAM: 1944.03 MB
Available physical RAM: 374.78 MB
Total Virtual: 3888.06 MB
Available Virtual: 1715.27 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:249.07 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.36 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-12-03 09:26:52
-----------------------------
09:26:52.117 OS Version: Windows 6.1.7601 Service Pack 1
09:26:52.117 Number of processors: 2 586 0x170A
09:26:52.119 ComputerName: ED-PC UserName: Ed
09:27:24.804 Initialize success
09:27:24.911 VM: initialized successfully
09:27:24.913 VM: Intel CPU BiosDisabled
09:29:30.334 AVAST engine defs: 17030301
09:37:09.963 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"

***

Juliet
2017-12-04, 12:48
Start Farbar Recovery Scan Tool with Administrator privileges

or Right click on the FRST icon and select Run as administrator

Right click/highlight on the text below and select Copy.
beginning with Start:: and finishing with End::


Start::
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
Hosts:
Emptytemp:
End::


Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download [b]AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
https://i.imgur.com/BOMWOzf.png
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

created by Aura

~~~~~~~~~~~~~~~~~~

http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply



Please post these logs when finished.

gin_jammer
2017-12-04, 16:55
How do I use the text you instructed me to copy?

Juliet
2017-12-04, 23:03
I want you to use your mouse or what ever way you highlight and copy

Start::
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
Hosts:
Emptytemp:
End::

Then look for your Farbar Recovery Scan Tool Icon
Double click on it to open, then look for the [B]Fix button and click on that and it will run.

the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

gin_jammer
2017-12-05, 18:25
FRST gives me only a popup that says: "No fixlist.txt found"

Should I be saving the copied text as "fixlist.txt" ?

gin_jammer
2017-12-05, 18:27
The copied text remains on my clipboard unless I Save it somewhere...I assume.

Juliet
2017-12-05, 22:49
Let's try it a different way, there is something not working as intended here.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:


start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
Hosts:
Emptytemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
[b]NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

http://i.imgur.com/15wKX7o.jpg

gin_jammer
2017-12-07, 20:59
Fix result of Farbar Recovery Scan Tool (x86) Version: 06-12-2017
Ran by Ed (07-12-2017 13:49:29) Run:1
Running from E:\Computer
Loaded Profiles: Ed (Available Profiles: Ed)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [BingSvc] => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (� 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
Hosts:
Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => removed successfully.
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => moved successfully
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => path could not remove
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B184694-64C3-4633-94C5-945B3FA561D6}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B184694-64C3-4633-94C5-945B3FA561D6}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D21F6024-191F-4454-BBBC-09A650DA2549}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D21F6024-191F-4454-BBBC-09A650DA2549}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3212008 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 6680235 B
Edge => 0 B
Chrome => 0 B
Firefox => 50640262 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 21563 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 260 B
Ed => 464902670 B

RecycleBin => 3504192 B
EmptyTemp: => 516.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:50:51 ====

Juliet
2017-12-08, 01:44
Can I see

AdwCleaner log
RogueKiller log

gin_jammer
2017-12-08, 22:50
# AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 08 16:15:12 2017
# Updated on 2017/29/11 by Malwarebytes
# Running on Windows 7 Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Avg_Update_0316av


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: 0316avUpdateInfo
Deleted: 0615piUpdateInfo


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1355 B] - [2017/12/8 16:7:2]
C:/AdwCleaner/AdwCleaner[S1].txt - [1421 B] - [2017/12/8 16:10:53]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

# AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 08 16:07:02 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-08-2017.1
# Running on Windows 7 Home Premium (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_0316av


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic, 0316avUpdateInfo
PUP.Adware.Heuristic, 0615piUpdateInfo


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

RogueKiller V12.11.27.0 [Dec 4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Ed [Administrator]
Started from : C:\Users\Ed\Downloads\RogueKiller_portable32.exe
Mode : Scan -- Date : 12/08/2017 11:32:08 (Duration : 00:38:48)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://toast.net/start -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] c1chj0up.default-1479757157401 : user_pref("browser.startup.homepage", "http://toast.net/start/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++
--- User ---
[MBR] 0ca11b9123e05cfef88bb9f1d87d8255
[BSP] 7aadc9b130d3831ed8795562e918dbf1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 3450 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 7067648 | Size: 301793 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Ultra USB Device +++++
--- User ---
[MBR] b2a5207711aaeee8437ff9e9e721809e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 21952 | Size: 59285 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] fef81fdee75be3af8bc5addbeae9d54b
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7624 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

***

Juliet
2017-12-09, 14:33
Did you allow what RogueKiller found to be deleted?

How is your computer now?

gin_jammer
2017-12-09, 20:57
It seems like Roguekiller identified a couple of things it found and gave an option to eliminate them, but I did not do so. I didn't recall an instruction to do that. Since I just got the same popup/audio again, I still have the problem.

Should I run Roguekiller again, and allow it to delete what it finds?

Juliet
2017-12-09, 23:45
The site y our visiting is hosting something it shouldn't or they are not aware of it being attached.

When you have that pop up simply, open task manager, locate your browser and right, to end task.


It seems like Roguekiller identified a couple of things it found and gave an option to eliminate them, but I did not do so. I didn't recall an instruction to do that
right-click on Roguekiller and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;


Please post these 2 logs when finished.

gin_jammer
2017-12-21, 21:15
Sorry for my long silence. I was traveling for ten days.

***

RogueKiller V12.11.27.0 [Dec 4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Ed [Administrator]
Started from : C:\Users\Ed\Downloads\RogueKiller_portable32.exe
Mode : Delete -- Date : 12/21/2017 09:10:37 (Duration : 00:39:28)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://toast.net/start -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] c1chj0up.default-1479757157401 : user_pref("browser.startup.homepage", "http://toast.net/start/"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++
--- User ---
[MBR] 0ca11b9123e05cfef88bb9f1d87d8255
[BSP] 7aadc9b130d3831ed8795562e918dbf1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 3450 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 7067648 | Size: 301793 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Ultra USB Device +++++
--- User ---
[MBR] b2a5207711aaeee8437ff9e9e721809e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 21952 | Size: 59285 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] fef81fdee75be3af8bc5addbeae9d54b
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7624 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

***

Emisisoft Emergency Kit was installed and run as Administrator. Malware Scan found nothing and created no log.

***

Juliet
2017-12-22, 00:45
I would recommend you use a pop up blocker if your still having problems with that.

How is your computer now?

gin_jammer
2017-12-22, 10:26
Let me run my laptop for a day or so to see whether or not the popup repeats.

Please recommend a popup blocker, preferably one that's free.

Juliet
2017-12-22, 14:09
This is free
https://addons.mozilla.org/en-US/firefox/addon/adblock-for-firefox/

gin_jammer
2017-12-27, 02:19
I clicked on Add to Firefox, and then saw a tab saying it was installed. Made a small donation via PayPal, BUT I don't see any evidence anywhere of AdBlock being installed. Suggestion?

I have not seen/heard the obnoxious popup that prompted me to start this thread for the last couple of days. If you want to declare victory, let me know.

Thanks much for your help. Merry Christmas and a Happy 2018!

Juliet
2017-12-27, 14:41
The below link is for how to use AdBlock
https://adblockplus.org/getting_started

Merry Christmas and a Happy 2018 to you too!


I have not seen/heard the obnoxious popup that prompted me to start this thread for the last couple of days. If you want to declare victory, let me know.
Yes!


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

***********

gin_jammer
2017-12-27, 15:22
Will read: adblockplus.org/getting_started

I neglected to check Activate UAC when I ran DelFix (I went too fast...) Is this a problem?

Juliet
2017-12-27, 16:20
Activate UAC
Means User Action Control, the little box that pops up when you click on something to run....in a sense it involves administrator rights.

I think you should had clicked on that because I use mine. :)

gin_jammer
2017-12-27, 16:42
How about I run DelFix again, and this time, I check Activate UAC?

Juliet
2017-12-28, 00:49
sure, i think that will do

gin_jammer
2017-12-30, 13:50
DelFix says: ~ Activating UAC ... OK

Are we there yet?

Juliet
2017-12-30, 15:08
Your good to go!

Happy New Year.

Juliet
2018-01-25, 12:25
Thread re-opened

This is the message that was sent:
***************
During this past December and January, I downloaded and ran a number of tools that you suggested in the thread "Persistent Warning." The "popup" that had led me to seek help has never occurred since we concluded. At the end of our thread, you suggested that I employ Adblock, which I did, Since then, my laptop has been freezing very often, especially when I enter Facebook. Several times, I have seen a banner at the top of my screen saying that a Script, or a Website, was slowing my browser and asking what to do. It offers a couple of options: one says "Wait" and the other says "Stop It." Neither has been any help. My laptop is freezing up far too often, and I need help.

Should I start a new thread, or do you want to reopen the "Persistent Warning" thread?

~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you can, read over this link with suggestions and see if it applies here

https://support.mozilla.org/en-US/questions/1089615

gin_jammer
2018-01-26, 18:44
After reading a WHILE, I chose to run "Restore Firefox." I am currently trying the browser to find out if there's any difference. Will let you know.

gin_jammer
2018-01-26, 18:53
I barely got started trying out the refreshed browser when the old popup/audio warning came back up!!!

It warns not to shut down the computer. Task Manager says it's Firefox, but I turned it OFF using Task Manager, and then used Firefox to get back online and send this message.

Suggestion?

Juliet
2018-01-26, 20:34
http://i.imgur.com/zcMPezJ.pngAdwCleaner

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan

Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

~~~~~~~~~~~~~~~~~~~~~~``

https://i.imgur.com/j1Bynr2.pngMalwarebytes

Download and install the free version of Malwarebytes (https://www.malwarebytes.org/mwb-download/)
Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so

Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
http://i.imgur.com/Tu39lqJ.png
Let the scan run, the time required to complete the scan depends of your system and computer specs
http://i.imgur.com/Qqbh4g8.png
Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button

If it asks you to restart your computer to complete the removal, do so

Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard.
https://i.imgur.com/1CtdZ26.png
Paste the content in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply



created by Aura
~~~

Please post
AdwCleaner log
Malwarebytes log
RogueKiller log

gin_jammer
2018-01-27, 07:21
# AdwCleaner 7.0.7.0 - Logfile created on Sat Jan 27 03:54:37 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 01-16-2018.1
# Running on Windows 7 Home Premium (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [952 B] - [2018/1/27 3:47:49]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

RogueKiller V12.12.1.0 [Jan 22 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Ed [Administrator]
Started from : C:\Users\Ed\Desktop\RogueKiller_portable32.exe
Mode : Delete -- Date : 01/26/2018 23:27:05 (Duration : 00:41:49)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] vduktc57.default-1479757157401-1516982433966 : user_pref("browser.startup.homepage", "https://www.toast.net/start/"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++
--- User ---
[MBR] 0ca11b9123e05cfef88bb9f1d87d8255
[BSP] 7aadc9b130d3831ed8795562e918dbf1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 3450 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 7067648 | Size: 301793 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Ultra USB Device +++++
--- User ---
[MBR] b2a5207711aaeee8437ff9e9e721809e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 21952 | Size: 59285 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] fef81fdee75be3af8bc5addbeae9d54b
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7624 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Juliet
2018-01-27, 13:08
Thank you for the logs. Were you able to run a Malwarebytes scan?

gin_jammer
2018-01-27, 19:05
Yes, I ran a Malwarebytes scan, but it found nothing.

Juliet
2018-01-27, 22:23
Give me an update on w hat the computer is doing now.

gin_jammer
2018-01-27, 22:31
Running extremely slowly and hanging up a lot.

Juliet
2018-01-27, 22:59
It's possible it's updating windows updates.

Let's see if there are any startup items we can disable to improve performance.

Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

gin_jammer
2018-01-27, 23:50
Can I post a screenprint here?

gin_jammer
2018-01-27, 23:54
When I double clicked on HijackThis, I got a message headed "HijackThis Beta"

gin_jammer
2018-01-27, 23:58
Oddly...computer seems to be running much better now...but for how long?

gin_jammer
2018-01-28, 00:05
I saved a jpg of the screenshot showing the HijackThis Beta message

gin_jammer
2018-01-28, 14:34
It's been some time since I attached a file, but I think I've attached the screenshot showing the message I got from HijackThis. Please have a look at it and tell me how to proceed.

gin_jammer
2018-01-28, 15:02
I clicked OK on the HijackThis Beta message, and then the following logfile appeared:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:47:17 AM, on 1/28/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 58.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVG\Antivirus\AVGUI.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Common Files\Apple\Apple Application Support\secd.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Ed\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\aswidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

--
End of file - 6995 bytes

I also got a long list of HilackThis results showing a couple of items checked, but there doesn't appear to be a way to Save it, so I've just left it open.

Suggestion?

Juliet
2018-01-28, 15:52
Close HJT, exit out the tool.

The error you saw previously will not effect what we do.

wuauclt.exe <-- was running when you took the scan
wuauclt.exe process is part of Windows Update AutoUpdate Client of Microsoft. Something from Microsoft was trying or searching ffor updates or had finished updating I can't tell

How to manually check for windows updates
https://support.microsoft.com/en-us/help/973135/how-to-download-a-windows-update-manually
scroll to Windows 7

~~~~~~
Typically, these entries are infrequently used tasks that can be started manually, if necessary.
Removing/disabling these items from statup will help with system resources.

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe



Reboot the computer to set the registry.


~~~~~~~~~~~~~~~~~~~~~~

whats happening now with the computer.

gin_jammer
2018-01-28, 20:28
After reboot, system started normally. Task Monitor shows considerable CPU Usage (greater than 40%) persisting. I haven't tried opening any apps.

gin_jammer
2018-01-28, 20:31
To run HijackThis, I had to use "Run as administrator" because whenever I clicked on "Open," I got the "Beta" message.

gin_jammer
2018-01-28, 20:57
I just got the popup/audio message again. See attachment.

Juliet
2018-01-29, 00:18
That message is a fake scam page.

When that pops up use Task manager to locate yor browser and then right click and end task.

~~~
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
http://i.imgur.com/MMFS6Lg.png Backup Opera Bookmarks (http://www.howtogeek.com/136116/how-to-easily-back-up-and-migrate-your-browser-bookmarks/) (scroll down)


Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
http://i.imgur.com/MMFS6Lg.png Opera: How to perform a clean reinstall of Opera (http://my.opera.com/spadija/blog/2011/10/17/how-to-perform-a-really-clean-reinstall-of-opera)

Juliet
2018-01-29, 00:20
Also, did you check manually for Microsoft updates?

gin_jammer
2018-01-29, 15:39
Whenever the popup/audio warning starts, it freezes my browser, but so far I've been able to turn it OFF using the Task Manager. Of course, whatever I'm then doing gets lost because computer has to restart.

I have Windows Updates set to Automatic. I navigated to Windows Updates from Control Panel. Under the "Status" heading, all updates show "Successful" except Windows 10, which evidently has tried and failed more than once. I don't think I need or want Windows 10.

Right now, the computer is behaving normally except for the popup/audio warning I showed you, and while it occurs unpredictably and is a nuisance, it only occurs once or twice a day depending on how much time I spend on the Internet. I've read that it is Adware and can be removed with HijackThis, so I wonder why that didn't get it..?

Juliet
2018-01-29, 19:46
The tool HJT only goes after items it's been instructed to, which as of this time we only use it to disable startup options. It's a very out of date tool to use for malware.

I had hoped when you added the AdBlocker this would had remedied the situation and when you reset the browsers.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Can you run a new FRST scan and post the logs please.

Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

gin_jammer
2018-01-30, 11:32
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27.01.2018
Ran by Ed (administrator) on ED-PC (30-01-2018 04:26:31)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [295512 2018-01-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [261944 2018-01-22] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vduktc57.default-1479757157401-1516982433966
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966 [2018-01-30]
FF Homepage: Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966 -> hxxps://www.toast.net/start/
FF Extension: (Pioneer Enrollment) - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\Extensions\pioneer-enrollment-study@mozilla.org.xpi [2018-01-27] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [301720 2018-01-01] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5957472 2018-01-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4448016 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48912 2017-11-15] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [150672 2018-01-01] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135872 2018-01-01] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [249232 2018-01-01] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [151024 2018-01-01] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270344 2018-01-01] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43992 2018-01-01] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35264 2018-01-01] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [116344 2018-01-10] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [91976 2018-01-01] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63280 2018-01-01] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775552 2018-01-01] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [382720 2018-01-10] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [143776 2018-01-01] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [287128 2018-01-01] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-29] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [168376 2018-01-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2018-01-29] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2018-01-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-01-29] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2018-01-30] (Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-01-26] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 04:26 - 2018-01-30 04:28 - 000011102 _____ C:\Users\Ed\Desktop\FRST.txt
2018-01-30 04:25 - 2018-01-30 04:26 - 000000000 ____D C:\FRST
2018-01-30 04:22 - 2018-01-30 04:22 - 001754112 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2018-01-30 04:20 - 2018-01-30 04:20 - 000056121 _____ C:\Users\Ed\Desktop\ccVcSjKu.htm
2018-01-29 08:51 - 2018-01-30 00:51 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-29 06:36 - 2018-01-29 06:36 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-29 06:26 - 2018-01-29 06:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-01-29 06:24 - 2018-01-29 06:24 - 000001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-01-29 06:24 - 2018-01-29 06:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-29 06:23 - 2018-01-29 06:23 - 000000000 ____D C:\Program Files\iPod
2018-01-29 06:21 - 2018-01-29 06:23 - 000000000 ____D C:\Program Files\iTunes
2018-01-29 06:14 - 2018-01-29 06:14 - 000000000 ____D C:\Program Files\Apple Software Update
2018-01-28 13:15 - 2018-01-29 06:37 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-28 13:07 - 2018-01-28 13:07 - 000000000 ____D C:\Users\Ed\Desktop\backups
2018-01-27 16:43 - 2018-01-27 16:44 - 000388608 _____ (Trend Micro Inc.) C:\Users\Ed\Desktop\HijackThis.exe
2018-01-27 00:15 - 2018-01-27 00:15 - 000004092 _____ C:\Users\Ed\Desktop\rk_51F7.tmp.txt
2018-01-26 23:18 - 2018-01-26 23:19 - 022536776 _____ (Adlice Software) C:\Users\Ed\Desktop\RogueKiller_portable32.exe
2018-01-26 23:11 - 2018-01-26 23:11 - 000000952 _____ C:\Users\Ed\Desktop\AdwCleaner[S0].txt
2018-01-26 23:04 - 2018-01-29 06:37 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-26 23:04 - 2018-01-26 23:04 - 000168376 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-26 23:04 - 2018-01-26 23:04 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-26 23:04 - 2018-01-26 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-26 23:03 - 2018-01-26 23:03 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-26 23:03 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-01-26 22:57 - 2018-01-26 22:57 - 082377272 _____ (Malwarebytes ) C:\Users\Ed\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3791.exe
2018-01-26 22:55 - 2018-01-26 22:55 - 000001018 _____ C:\Users\Ed\Desktop\AdwCleaner[S1].txt
2018-01-26 22:45 - 2018-01-26 22:54 - 000000000 ____D C:\AdwCleaner
2018-01-26 22:42 - 2018-01-26 22:42 - 008206624 _____ (Malwarebytes) C:\Users\Ed\Desktop\AdwCleaner.exe
2018-01-24 19:47 - 2018-01-01 07:37 - 000306960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-01-21 09:40 - 2018-01-21 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2017
2018-01-21 09:40 - 2018-01-21 09:40 - 000001994 _____ C:\Users\Public\Desktop\H&R Block 2017.lnk
2018-01-21 09:38 - 2018-01-21 09:40 - 000000000 ____D C:\Program Files\HRBlock2017
2018-01-21 08:01 - 2018-01-21 08:01 - 000131034 _____ C:\Users\Ed\Desktop\2017 YearEndSummary.pdf
2018-01-12 09:19 - 2018-01-12 09:19 - 000148433 _____ C:\Users\Ed\Downloads\EasyPayTermsAgreement(1).pdf
2018-01-04 23:31 - 2017-12-31 21:02 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-04 23:31 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-01-04 23:31 - 2017-12-31 20:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-04 23:31 - 2017-12-31 20:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-04 23:31 - 2017-12-31 20:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-04 23:31 - 2017-12-31 20:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-04 23:31 - 2017-12-31 20:54 - 000198888 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-01-04 23:31 - 2017-12-31 20:54 - 000198888 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-04 23:31 - 2017-12-31 20:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-04 23:31 - 2017-12-31 20:54 - 000139496 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-01-04 23:31 - 2017-12-31 20:54 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-04 23:31 - 2017-12-31 20:54 - 000105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-04 23:31 - 2017-12-31 20:54 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-04 23:31 - 2017-12-31 20:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-04 23:31 - 2017-12-31 20:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-04 23:31 - 2017-12-31 20:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-04 23:31 - 2017-12-31 20:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-04 23:31 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-04 23:31 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-04 23:31 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-04 23:31 - 2017-12-31 20:40 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-01-04 23:31 - 2017-12-31 20:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-04 23:31 - 2017-12-31 20:40 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-04 23:31 - 2017-12-31 20:40 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-01-04 23:31 - 2017-12-31 20:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-01-04 23:31 - 2017-12-31 20:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-04 23:31 - 2017-12-31 20:37 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-01-04 23:31 - 2017-12-31 20:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-04 23:31 - 2017-12-31 20:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-04 23:31 - 2017-12-31 20:36 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-04 23:31 - 2017-12-31 20:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-04 23:31 - 2017-12-31 20:35 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-04 23:31 - 2017-12-31 20:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-04 23:31 - 2017-12-31 20:35 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-04 23:31 - 2017-12-31 20:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-04 23:31 - 2017-12-31 20:35 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-04 23:31 - 2017-12-31 20:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-04 23:31 - 2017-12-31 20:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-01-04 23:31 - 2017-12-31 20:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-04 23:31 - 2017-12-31 20:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-04 23:31 - 2017-12-31 20:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-04 23:31 - 2017-12-21 01:27 - 000535656 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-04 23:31 - 2017-12-13 11:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-04 23:31 - 2017-12-13 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-04 23:31 - 2017-12-13 11:11 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-01-04 23:31 - 2017-12-13 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-01-04 23:31 - 2017-12-13 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-04 23:31 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-01-04 23:31 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-01-04 23:31 - 2017-12-05 10:50 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-04 23:31 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-01-01 07:38 - 2018-01-01 07:37 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 04:09 - 2016-11-19 15:24 - 000000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
2018-01-29 21:27 - 2009-07-13 23:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-29 21:27 - 2009-07-13 23:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-29 16:06 - 2017-05-19 15:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-29 16:06 - 2015-08-10 15:54 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-01-29 06:34 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-29 06:14 - 2017-11-05 09:08 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-01-29 06:09 - 2017-11-05 09:11 - 000000000 ____D C:\Users\Ed\AppData\Roaming\Apple Computer
2018-01-28 21:53 - 2017-12-26 19:54 - 000033280 _____ C:\Users\Ed\Desktop\Alert 24 25 Dec 2017.xls
2018-01-28 14:17 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2018-01-28 14:10 - 2015-07-25 09:29 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-01-28 14:10 - 2015-07-25 09:29 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-01-28 14:10 - 2015-07-25 09:29 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-27 15:28 - 2016-01-18 20:00 - 000000000 ____D C:\Users\Ed\AppData\Roaming\Skype
2018-01-27 15:27 - 2017-11-07 07:43 - 000000000 ___RD C:\Users\Ed\iCloudDrive
2018-01-27 08:08 - 2017-12-25 10:33 - 000000000 ____D C:\Users\Ed\AppData\Local\CrashDumps
2018-01-27 03:04 - 2010-11-20 16:01 - 000774404 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-27 01:27 - 2015-07-21 15:26 - 000000000 ____D C:\Users\Ed\Desktop\Unused Icons
2018-01-26 23:27 - 2017-12-08 11:32 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-01-26 23:03 - 2015-10-12 15:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-26 11:00 - 2016-11-21 14:39 - 000000000 ____D C:\Users\Ed\Desktop\Old Firefox Data
2018-01-24 19:49 - 2017-11-27 08:46 - 000001921 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-01-21 09:55 - 2015-11-12 13:46 - 000000000 ____D C:\Users\Ed\Documents\HRBlock
2018-01-21 09:48 - 2015-11-12 13:48 - 000000000 ____D C:\Users\Ed\AppData\Roaming\TaxCut
2018-01-21 09:31 - 2015-11-12 13:45 - 000000000 ____D C:\ProgramData\TaxCut
2018-01-17 03:16 - 2017-05-29 14:13 - 000000000 _____ C:\Windows\system32\last.dump
2018-01-10 19:38 - 2017-05-23 08:02 - 000382720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-01-10 19:38 - 2017-05-23 08:02 - 000116344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-01-10 03:11 - 2015-07-21 14:43 - 000000000 ____D C:\Windows\system32\MRT
2018-01-10 03:08 - 2017-10-11 02:01 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-10 03:07 - 2015-07-21 14:43 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-06 14:46 - 2015-09-01 13:00 - 000000000 ____D C:\TEMP
2018-01-05 04:22 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\rescache
2018-01-05 03:21 - 2009-07-13 23:33 - 000310016 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-02 07:18 - 2017-05-29 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2018-01-01 07:41 - 2016-11-21 16:33 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2018-01-01 07:37 - 2017-11-27 08:45 - 000150672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000287128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000143776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2018-01-01 07:37 - 2017-05-23 08:02 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys

==================== Files in the root of some directories =======

2015-12-29 21:38 - 2015-12-29 21:39 - 054113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe

Some files in TEMP:
====================
2018-01-26 23:26 - 2017-12-31 21:02 - 001310528 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-28 00:45

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by Ed (30-01-2018 04:28:42)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
AVG (HKLM\...\{E139344F-BAD1-4394-BEBC-9A215F146A37}) (Version: 1.231.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies)
AVG PC TuneUp (HKLM\...\{DD702788-AF7F-44FB-8423-5D1824F937EA}) (Version: 16.76.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
FMW 1 (HKLM\...\{B9B474D5-8B52-4A05-8DA0-CFECB057E523}) (Version: 1.226.3 - AVG Technologies) Hidden
Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2017 (HKLM\...\{16CC23D8-0CC6-4934-AA1F-B79AE31C405F}) (Version: 17.04.6301 - HRB Technology, LLC.)
iCloud (HKLM\...\{625E52CB-61F3-4FC0-916A-4E144948A023}) (Version: 7.3.0.20 - Apple Inc.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
iTunes (HKLM\...\{F9FEA709-DE8A-4ECB-A57B-FB2604EF24FB}) (Version: 12.7.3.46 - Apple Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x86 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla)
Mozilla Thunderbird 52.5.2 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.5.2 (x86 en-US)) (Version: 52.5.2 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-01-01] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-01-01] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00587C43-504F-45D2-BC47-1CB8C8368DD2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-01-06] (AVG Technologies CZ, s.r.o.)
Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-28] (Adobe Systems Incorporated)
Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {5791A7E9-AF24-49A0-9DD0-719571AC1CDE} - System32\Tasks\{416A5D32-82D3-40D7-9405-AFF201723BF7} => C:\Windows\system32\pcalua.exe -a C:\Users\Ed\Desktop\HijackThis.exe -d C:\Users\Ed\Desktop
Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {67E7081C-B0E8-43CD-8057-AC36A75146E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D52D8282-BBB0-4BA0-8F97-8C4AC21F8F38} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-01-01] (AVG Technologies CZ, s.r.o.)
Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2018-01-10] (Apple Inc.)
Task: {F7C8A13B-225A-4748-8F83-A40314F093E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-01-16 19:11 - 2013-01-14 23:47 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-01-01 07:37 - 2018-01-01 07:37 - 000059136 _____ () C:\Program Files\AVG\Antivirus\module_lifetime.dll
2018-01-01 07:37 - 2018-01-01 07:37 - 000058624 _____ () C:\Program Files\AVG\Antivirus\dll_loader.dll
2018-01-01 07:37 - 2018-01-01 07:37 - 000207272 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2018-01-01 07:37 - 2018-01-01 07:37 - 000290392 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2018-01-01 07:37 - 2018-01-01 07:37 - 000197368 _____ () C:\Program Files\AVG\Antivirus\network_notifications.dll
2018-01-29 05:19 - 2018-01-29 05:19 - 005775088 _____ () C:\Program Files\AVG\Antivirus\defs\18012902\algo.dll
2018-01-01 07:37 - 2018-01-01 07:37 - 000746528 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2018-01-01 07:37 - 2018-01-01 07:37 - 000295064 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2016-04-13 16:25 - 2016-04-13 16:25 - 000036864 _____ () C:\Windows\System32\pdf995mon.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-14 08:42 - 2017-02-14 08:42 - 000326144 _____ () C:\Program Files\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 14:32 - 2017-03-28 14:32 - 000073216 _____ () C:\Program Files\Garmin\Device Interaction Service\FixBootSector.dll
2016-12-02 18:14 - 2016-12-02 18:14 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-12-03 11:28 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-03 11:28 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-03 11:28 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-07-05 16:51 - 2017-07-05 16:51 - 067109376 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-01-22 03:21 - 2018-01-22 03:21 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 03:21 - 2018-01-22 03:21 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2018-01-26 23:03 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-26 23:03 - 2017-11-29 09:11 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-03 11:28 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2018-01-01 07:37 - 2018-01-01 07:37 - 000197936 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.

IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2017-12-07 13:50 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BBAE6A51-936A-4002-B8B4-0F02AABB30B2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80ECA08B-FB7B-4435-9E54-09F72EC1EA40}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3A56F231-0455-4CB6-ADF7-186661B5A4DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

27-01-2018 02:57:19 Scheduled Checkpoint
27-01-2018 03:00:12 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2018 01:56:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x134c
Faulting application start time: 0x01d3999761092932
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: a3fe20a7-058a-11e8-a25e-00226817a818

Error: (01/30/2018 01:56:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (01/29/2018 03:46:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0xb48
Faulting application start time: 0x01d398dda8ce67a6
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: eb5c5886-04d0-11e8-a2da-00226817a818

Error: (01/29/2018 03:46:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (01/28/2018 02:27:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x1944
Faulting application start time: 0x01d39809778c27b4
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ba5607eb-03fc-11e8-9450-00226817a818

Error: (01/28/2018 02:27:41 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (01/27/2018 08:13:15 AM) (Source: MsiInstaller) (EventID: 11706) (User: Ed-PC)
Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.

Error: (01/27/2018 08:08:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 9.0.0.2719, time stamp: 0x36f43422
Faulting module name: BLNMGRPS.DLL, version: 10.0.2607.0, time stamp: 0x3a83c213
Exception code: 0xc0000005
Fault offset: 0x00002b85
Faulting process id: 0x1da0
Faulting application start time: 0x01d3976cdd63e85e
Faulting application path: C:\Program Files\Microsoft Office\Office\EXCEL.EXE
Faulting module path: C:\PROGRA~1\MICROS~2\Office10\BLNMGRPS.DLL
Report Id: 20371577-0363-11e8-a1a3-00226817a818

Error: (01/27/2018 08:08:11 AM) (Source: MsiInstaller) (EventID: 11706) (User: Ed-PC)
Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.

Error: (01/27/2018 08:08:02 AM) (Source: MsiInstaller) (EventID: 11706) (User: Ed-PC)
Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.


System errors:
=============
Error: (01/29/2018 03:56:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (01/29/2018 07:31:17 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer LAPTOP-TKL884U4
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0.
The master browser is stopping or an election is being forced.

Error: (01/29/2018 06:46:11 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer LAPTOP-TKL884U4
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0.
The master browser is stopping or an election is being forced.

Error: (01/29/2018 06:37:49 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (01/29/2018 06:37:32 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/29/2018 06:36:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Garmin Device Interaction Service service hung on starting.

Error: (01/29/2018 06:35:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (01/29/2018 06:35:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/29/2018 06:35:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/29/2018 06:26:37 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 74%
Total physical RAM: 1944.03 MB
Available physical RAM: 503.15 MB
Total Virtual: 4222.06 MB
Available Virtual: 2204.68 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:244.08 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.3 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

Juliet
2018-01-30, 12:15
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::


Start::
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
2018-01-26 23:26 - 2017-12-31 21:02 - 001310528 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Emptytemp:
End::


Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

gin_jammer
2018-01-31, 23:05
Fix result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by Ed (31-01-2018 15:54:48) Run:1
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
2018-01-26 23:26 - 2017-12-31 21:02 - 001310528 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully.
C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14705992 B
Java, Flash, Steam htmlcache => 1236 B
Windows/system/drivers => 245942825 B
Edge => 0 B
Chrome => 0 B
Firefox => 382393278 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 260 B
Ed => 453879822 B

RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:56:43 ====

Juliet
2018-02-01, 01:04
Any more pop ups?

gin_jammer
2018-02-01, 17:13
I'll let you know after my browser has been open for a little while.

gin_jammer
2018-02-01, 22:53
It didn't take long for the popup/audio "warning" to appear.

By the way, it calls itself: "Internet Security Alert! Code 055BCCAC9FEC" and gives a dire audio warning about doing anything other than calling the phone number it provides. Don't worry. I didn't.

Juliet
2018-02-02, 00:19
It truly is scam and your computer is not at risk.

Zemana AntiMalware - Fix

Download and install Zemana AntiMalware (https://www.zemana.com/AntiMalware)
Open Zemana AntiMalware, and click on the Scan button
https://i.imgur.com/9bxAQfh.png
Wait for the scan to complete
https://i.imgur.com/19whQAs.png
Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
https://i.imgur.com/U4b97Kj.png
https://i.imgur.com/yiHmd7o.png
If it asks you to reboot your computer to finish the clean-up, do so
https://i.imgur.com/fO7GVK0.png
After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
https://i.imgur.com/2AHrjhI.png
A log will open in Notepad
Copy/paste the content of that log in your next reply

created by Aura
~~~~~~~~~~~~~~~`

Please download HitmanPro

For 32-bit Operating System - http://i.imgur.com/dEMD6.gif (http://dl.surfright.nl/HitmanPro.exe).
For 64-bit Operating System - http://i.imgur.com/dEMD6.gif] (http://dl.surfright.nl/HitmanPro_x64.exe)

2.Launch the program by double clicking on the http://i.imgur.com/5vo5F.jpg] icon.

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5-10 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

http://forums.majorgeeks.com/chaslang/images/Hitman/6-scanfin-choose.jpg] (http://forums.majorgeeks.com/chaslang/images/Hitman/6-scanfin-choose.jpg)

Navigate to C:\Documents and Settings\All Users\Application Data\HitmanPro\Logs (for Windows XP) or to C:\ProgramData\HitmanPro\Logs (for Windows Vista/7) open the report and copy and paste it to your next reply.

~~

Also, please read over these 2 links with further information
https://forums.malwarebytes.com/topic/216448-internet-security-alert-code-055bccac9fec/

https://www.bleepingcomputer.com/virus-removal/remove-the-internet-security-alert-tech-support-scam

gin_jammer
2018-02-02, 15:22
Zemana wiped out my wallpaper. The image was a Georgia Tech "GT" logo I found somewhere (don't recall where) and started using a couple of years ago.

Here's the Zemana log:

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2018/2/2
Operating System : Windows 7 32-bit
Processor : 2X Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
BIOS Mode : Legacy
CUID : 129372FD922810D98B2369
Scan Type : System Scan
Duration : 15m 28s
Scanned Objects : 72967
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Suspicious Wallpaper
Status : Scanned
Object : HKCU\Control Panel\Desktop\Wallpaper
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Control Panel\Desktop\Wallpaper = C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

Firefox Homepage
Status : Scanned
Object : https://www.toast.net/start/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Homepage

FP4AWEC.DLL
Status : Failed
Object : %commonprogramfiles%\microsoft shared\web server extensions\40\bin\fp4awec.dll
MD5 : 4B9B586FA57E590369754A113B189839
Publisher : -
Size : 450669
Version : 4.0.2.2611
Detection :
Cleaning Action : Quarantine
Related Objects :
File - %commonprogramfiles%\microsoft shared\web server extensions\40\bin\fp4awec.dll
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A0F-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A0E-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A13-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A11-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A01-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A00-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL


Cleaning Result
-------------------------------------------------------
Cleaned : 2
Reported as safe : 0
Failed : 0

***

After HitmanPro 3.8.0 ran, I found no C:\ProgramData\HitmanPro\Logs but had saved this log:



HitmanPro 3.8.0.292
www.hitmanpro.com

Computer name . . . . : ED-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : Ed-PC\Ed
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2018-02-02 07:55:46
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 46s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 91

Objects scanned . . . : 1,312,873
Files scanned . . . . : 35,994
Remnants scanned . . : 266,873 files / 1,010,006 keys

Suspicious files ____________________________________________________________

C:\Users\Ed\Desktop\FRST.exe
Size . . . . . . . : 1,754,112 bytes
Age . . . . . . . : 3.1 days (2018-01-30 04:22:06)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 0EEE64881C35F01D68C682D0EEDA4B17FA3B8A1A6B3C504BAEBC946117D8F2DC
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.

C:\Users\Ed\Desktop\Unused Icons\FRST.exe
Size . . . . . . . : 1,725,440 bytes
Age . . . . . . . : 680.5 days (2016-03-23 19:18:28)
Entropy . . . . . : 7.5
SHA-256 . . . . . : EDB662EF9C4A97718C0389AB1745337E8FAD0E627E2E7F3AFA81E680A12D815B
Needs elevation . : Yes
Fuzzy . . . . . . : 22.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)

Cookies _____________________________________________________________________

C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:254a.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:acuityplatform.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ad.360yield.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adaptv.advertising.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adbrn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:addthis.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adfarm1.adition.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adform.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adgrx.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adhigh.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adingo.jp
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adnxs.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.avocet.io
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.pubmatic.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.stickyadstv.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsrvr.org
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsymptotic.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adtechus.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:advertising.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:agkn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:angsrvr.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:assets.rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:atdmt.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:basebanner.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidr.io
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidswitch.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bluekai.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:casalemedia.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:connexity.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:contextweb.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:creative-serving.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:crwdcntrl.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:demdex.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dlx.addthis.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:domdex.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dotomi.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:doubleclick.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dpm.demdex.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dsp.linksynergy.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:erne.co
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:everesttech.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:go.sonobi.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:gssprt.jp
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:gwallet.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ib.mookie1.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:imrworldwide.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ipredictive.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:krxd.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:lijit.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:linksynergy.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:match.rundsp.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mathtag.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:media6degrees.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mediaplex.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ml314.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mookie1.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mxptint.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:nexac.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:openx.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:optimatic.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:outbrain.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:owneriq.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pixel.rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pool.admedo.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:postrelease.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pubmatic.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rfihub.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rlcdn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:scorecardresearch.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:simpli.fi
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:sitescout.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:skimresources.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:smartadserver.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:switchadhub.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:sxp.smartclip.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:taboola.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tap-secure.rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tap2-cdn.rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tapad.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tidaltv.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:trc.taboola.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tremorhub.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tribalfusion.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:turn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:w55c.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:weborama.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:weborama.fr

Juliet
2018-02-03, 00:41
Zemana wiped out my wallpaper. The image was a Georgia Tech "GT" logo I found somewhere
I think because it was downloaded and stored
AppData\Roaming folder which is a very common place for malware to attack.

~~~

https://www.google.com/search?q=Georgia+Tech+%22GT%22+logo&ie=utf-8&oe=utf-8&client=firefox-b-1
the above are Georgia Tech "GT" logos, you'll have to download a new one. Before placing it on your desktop please scan it out.

~~~~~~~~~~~~~~~~~~~~~~
Follow the below link to empty your cookies folder in Firefox.
https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

gin_jammer
2018-02-03, 04:23
I emptied all cookies. I'll work on the wallpaper image.

gin_jammer
2018-02-06, 17:05
The scam "warning" popup has not appeared since wallpaper was deleted on 2/2. My browser use has been about normal since then.

Juliet
2018-02-06, 23:10
Possibly a connection, I really don't know.

Hold off on downloading another then.

DelFix


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**************

gin_jammer
2018-02-07, 16:58
Here's what Delfix did:

# DelFix v1.010 - Logfile created 07/02/2018 at 09:55:51
# Updated 26/04/2015 by Xplode
# Username : Ed - ED-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Ed\Desktop\Addition.txt
Deleted : C:\Users\Ed\Desktop\AdwCleaner.exe
Deleted : C:\Users\Ed\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Ed\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\Ed\Desktop\Fixlog.txt
Deleted : C:\Users\Ed\Desktop\FRST.exe
Deleted : C:\Users\Ed\Desktop\FRST.txt
Deleted : C:\Users\Ed\Desktop\HijackThis.exe
Deleted : C:\Users\Ed\Desktop\RogueKiller_portable32.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

Juliet
2018-02-08, 00:32
Your good to go!

gin_jammer
2018-02-08, 02:41
Okay! Thank you very much.

Juliet
2018-02-08, 12:33
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.

Juliet
2018-02-16, 03:05
Re-opened

For the most part, if you see a browser based tech support scam, then you can simply close the browser and start it again.


please download Emsisoft Anti-Malware
https://www.bleepingcomputer.com/download/emsisoft-anti-malware/

Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup_bc.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.


If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking you to agree to a license agreement. Please access the agreement and click on the Install button to continue with the installation.

You will eventually get to a screen asking what type of license you wish to use with Emsisoft Anti-Malware.
select the Freeware or Test for 30 days, free option. If you receive an alert after clicking this button that your trial has expired, just click on the Yes button to enter freeware mode, which still allows the cleaning of infections.



You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and select your choice to continue.(Users choice)

Emsisoft Anti-Malware will now begin to update it's virus detections.

Please be patient as it may take a few minutes for the updates to finish downloading.


When the updates are completed, you will be at a screen asking if you wish to enable PUPs detection. We strongly suggest that you select Enable PUPs Detection to protect your computer from nuisance programs such as toolbars and adware.


You will now be at the final installation screen. Please click on the Finish Installation button end the setup and automatically launch Emsisoft Anti-Malware.

Emsisoft Anti-Malware will now start and display the start screen.

At this screen, please left-click on the Scan section.

You will now be at a screen asking what type of scan you would like to perform.

Please select the Malware Scan option to begin scanning your computer for infections. The Malware Scan option will take longer than the Quick Scan, but will also be the most thorough.

Please be patient while Emsisoft Anti-Malware scans your computer.

When the scan has finished, the program will display the scan results that shows what infections where found.
Please copy and paste this into your next reply.

Now click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so. Otherwise you can close the program.

gin_jammer
2018-02-17, 13:05
Downloaded EMSISOFT, but when I tried to run installation, I got a popup (see attached image) saying I needed to remove AVG. I'm reluctant to do so without first asking you about it.

Juliet
2018-02-17, 14:15
I see, thats from installing and using it for free for the 30 day trial period.

Let's try something else.


http://i.imgur.com/Ky7CZ60.png Malwarebytes Anti-Malware (MBAM)


Open Malwarebytes Anti-Malware.
Click the Settings tab, followed by Detection and Protection and place a checkmark next to Scan for rootkits.
Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/cvMlKv6.pngESET Online Scanner

Download and execute ESET Online Scanner (http://download.eset.com/special/eos/esetonlinescanner_enu.exe)
Check the following settings (two of them are under Advanced Settings, click on it to display them):

Enable detection of potentially unwanted applications
Enable detection of potentially unsafe applications
Scan archives
Scan for potentially unsafe applications
Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan

After you're done checking these options, click on the Scan button and ESET Online Scanner will download its virus signature database before starting the scan
Once done, the scan will start automatically. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete
On completion, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined
Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply
Once you're done, click on the Back button, then click on the Finish button


~~~~

Please post these 2 logs when finished.

gin_jammer
2018-02-19, 23:22
I tried to download Malwarebytes, but was denied. See attachment.

Juliet
2018-02-20, 00:39
Please follow this link to run the MalwareBytes Clean up tool and download a current version.
https://support.malwarebytes.com/docs/DOC-1112

gin_jammer
2018-02-21, 15:43
Did the Malwarebytes cleanup and installed new version. When I ran it, there were no threats found, see attached image.

Juliet
2018-02-22, 00:02
Good deal

What we can do is to install a tool that helps stops malicious java scripts, many people don't care for the tool since it can take quite a while to get used to.

NoScript
https://noscript.net/

How is the computer now?

gin_jammer
2018-02-23, 21:44
I got hit with the fake "warning" (which also halts my browser) twice in one day, and then I haven't seen it again since I notified you that it was back. Do you have any idea what triggers it?

Juliet
2018-02-24, 00:13
These are fake warnings - scams.

Please read: PSA: Tech Support Scams Pop-Ups on the Rise
https://blog.malwarebytes.com/threat-analysis/2014/11/psa-tech-support-scams-pop-ups-on-the-rise/

Also please read: Beware of Phony Tech Support Scams
https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=3897161

Use the task manager to close your browser.
How to Use the Task Manager in Windows 7
http://windows.microsoft.com/en-us/windows/end-process#1TC=windows-7

gin_jammer
2018-02-24, 15:29
Some questions before I try anything else:

1 - When I clicked on "http://windows.microsoft.com/en-us/w...#1TC=windows-7" to see what I could learn about using Task Manager in Windows 7, I did not find anything about Task Manager use. Can you steer me to it?

2 - You cautioned that some users don't care for the NoScript tool. Can you be more specific about that?

3 - I have not seen the fake warning pop-up in more than a week. Do you know if something specific triggers it, or whether it launches itself at random time intervals?

Juliet
2018-02-24, 16:16
Some questions before I try anything else:

1 - When I clicked on "http://windows.microsoft.com/en-us/w...#1TC=windows-7" to see what I could learn about using Task Manager in Windows 7, I did not find anything about Task Manager use. Can you steer me to it?

2 - You cautioned that some users don't care for the NoScript tool. Can you be more specific about that?

3 - I have not seen the fake warning pop-up in more than a week. Do you know if something specific triggers it, or whether it launches itself at random time intervals?

I'll supply a different link for task manager.
What I attempt to teach people is how to keep the window for task manager open, look at resources being used and which app or .exe is using the most and if it should be.
https://support.microsoft.com/en-us/help/323527/how-to-use-and-troubleshoot-issues-with-windows-task-manager
Myself, I don't allow self updaters to run. If a tool or program needs to update I go to the tool myself or to the web site to check.
This would apply to Adobe, Firefox, Chrome, Windows Updates, Java....it's a long list.

NoScript. Can be a handy tool to add to browsers. It has a way of being complicated but does do a good job on blocking out java script.
Some consider it annoying to use because you have to open the tool from your addons list to disable it to run on sites you know to be legit. (Then leaving the site enable it again)
Which, in itself can be a guess because at times some legit sites can be altered or attacked with malicious scripts and the developer of the site doesn't always know this without interactions from people who visit and or some kind of alerts to a problem.

fake warning pop-up in more than a week <= this is good.
I don't think it launches itself at random time intervals but rather it was web site related. What you can do and, to all those who might read over this topic is to buckle down with good security and layered protection in an aid to fight in browser protection.

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer (https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/) on Heimdal Security
Seven Useful Habits For A Safer Internet (https://blog.kaspersky.com/seven-useful-habits-for-a-safer-internet/3717/) on Kapsersky Blog
Tips for Secure Web Browsing: Cybersecurity 101 (https://www.veracode.com/blog/2013/01/tips-for-secure-web-browsing-cybersecurity-101) on VeraCode
Safe browsing habits (https://www.internetsafetyproject.org/wiki/safe-browsing-habits) on Internet Safety Project Wiki

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

created by Aura

Juliet
2018-03-02, 12:37
Are we finished?

gin_jammer
2018-03-05, 18:14
Every time I begin to think we are, the pop-up reappears, sometimes after several days of not having done so, and always for no apparent reason...except that I have my browser running. It of course does no permanent damage, but it stops whatever I'm trying to do at the time. Do you have any other removal tools I can try?

Juliet
2018-03-06, 00:09
We can continue to scan the computer till the cows come home.
My opinion is, it's coming from a web site your visiting.

Tried a different browser and have the same luck?

~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/RQKuhw1.pngZemana AntiMalware - Fix

Download and install Zemana AntiMalware (https://www.zemana.com/AntiMalware)
Open Zemana AntiMalware, and click on the Scan button
https://i.imgur.com/9bxAQfh.png
Wait for the scan to complete
https://i.imgur.com/19whQAs.png
Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
https://i.imgur.com/U4b97Kj.png
https://i.imgur.com/yiHmd7o.png
If it asks you to reboot your computer to finish the clean-up, do so
https://i.imgur.com/fO7GVK0.png
After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
https://i.imgur.com/2AHrjhI.png
A log will open in Notepad
Copy/paste the content of that log in your next reply


~~~~~~~~~~~~~~~~~~~~~~~~~`


Please download HitmanPro from here (http://dl.surfright.nl/HitmanPro.exe) (32-bit) or here (http://dl.surfright.nl/HitmanPro_x64.exe) (64-bit).
Double click on https://i.imgur.com/shAF6W1.png to start the program. (Windows Vista/7/8 users: Accept UAC warning if it is activated)
Note: If HitmanPro refuses to start then please hold down Ctrl when starting HitmanPro to activate Force Breach.
When HitmanPro's main screen appears, choose Next.
Place a checkmark in I accept the terms of the license agreement, then click Next.
Choose No, I only want to perform a one-time scan on this computer, then click Next.
Wait for HitmanPro to finish scanning your computer. This should take about 5 to 10 minutes.
When the scan is finished, all detected items will be displayed.
Referring to the screenshot below, click on the dropdown menu of an item in the list (if any) -> choose Apply to all -> click Ignore <= IMPORTANT!
http://i.imgur.com/Iph88Ru.png
This should apply the "Ignore" function to all detected items in the list. Then click Next.
Click Save log at the bottom of the HitmanPro window, and save the opened file to your Desktop.
http://i.imgur.com/SreJ8pi.png
Please Copy and Paste the contents of the log in your next reply.

gin_jammer
2018-03-06, 15:27
Can I keep my browser open while running these so I may refer to your step-by-step instructions?

Juliet
2018-03-06, 22:35
Can I keep my browser open while running these so I may refer to your step-by-step instructions?

you can print out instructions or save them to notepad to follow.

gin_jammer
2018-03-08, 21:11
When I tried to install Zemana AntiMalware, I got a popup, see Attached image: "Zemana popup.jpg"

I ran HitmanPro, which generated the following file:



HitmanPro 3.8.0.292
www.hitmanpro.com

Computer name . . . . : ED-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : Ed-PC\Ed
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2018-03-08 13:52:11
Scan mode . . . . . . : Normal
Scan duration . . . . : 7m 5s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 77

Objects scanned . . . : 1,527,876
Files scanned . . . . : 37,086
Remnants scanned . . : 268,536 files / 1,222,254 keys

Suspicious files ____________________________________________________________

C:\Users\Ed\Desktop\Unused Icons\FRST.exe
Size . . . . . . . : 1,725,440 bytes
Age . . . . . . . : 714.8 days (2016-03-23 19:18:28)
Entropy . . . . . : 7.5
SHA-256 . . . . . : EDB662EF9C4A97718C0389AB1745337E8FAD0E627E2E7F3AFA81E680A12D815B
Needs elevation . : Yes
Fuzzy . . . . . . : 22.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)

Cookies _____________________________________________________________________

C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:254a.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:acuityplatform.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ad.360yield.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adaptv.advertising.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adbrn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:addthis.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adform.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adgrx.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adhigh.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adnxs.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.nexage.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.pubmatic.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.stickyadstv.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsrvr.org
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsymptotic.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adtechus.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:advertising.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:agkn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:atdmt.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:att.demdex.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidr.io
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidswitch.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bluekai.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bs.serving-sys.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:casalemedia.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:connexity.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:contextweb.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:creative-serving.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:crwdcntrl.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ctnsnet.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:demdex.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dh.serving-sys.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dlx.addthis.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dotomi.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:doubleclick.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dpm.demdex.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:everesttech.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:eyereturn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:eyeviewads.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:go.sonobi.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:gwallet.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ib.mookie1.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ipredictive.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:korrelate.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:krxd.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:lijit.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:match.rundsp.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mathtag.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:media6degrees.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mediaplex.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ml314.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mookie1.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mxptint.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:openx.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:owneriq.net
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pixel.rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pool.admedo.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:postrelease.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pubmatic.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rfihub.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rlcdn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:scorecardresearch.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:secure-assets.rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:serving-sys.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:simpli.fi
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:sitescout.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:skimresources.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:smartadserver.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tap-secure.rubiconproject.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tapad.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tidaltv.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tribalfusion.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:turn.com
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:w55c.net

Juliet
2018-03-09, 12:00
The error from Zemana shows you have used the tool before .

Hows the computer now?

gin_jammer
2018-03-11, 17:16
I haven't seen the fake warning popup for a couple of days, but the last time I saw it was while browsing news articles.

I ran Excel this morning and discovered that keyboard arrow keys would not move the cursor from cell to cell rather would scroll the entire worksheet. I don't have a Scroll Lock key on my keyboard, but was able to turn scrolling OFF using the onscreen keyboard. Things like that make me think someone is messing with me.

The only way I can judge the state of my laptop is to use my browser normally for a few days. I'll let you know what happens.

Juliet
2018-03-12, 13:05
I can't help with Excel, I don't use any office products on my computer.
I tried to find support links you can follow.
https://support.microsoft.com/en-us/help/2671569/excel-2010-not-responding-hangs-freezes-or-stops-working

gin_jammer
2018-03-20, 14:22
I only mentioned the Excel glitch in case you thought it was related to this malware we're chasing. I restored arrow keys by using the on screen keyboard to turn "Scroll Lock" to OFF (since my keyboard doesn't have a Scroll Lock key).

The fake popup still appears, seemingly at random intervals. I have noticed that sometimes I can now turn it off (WITHOUT using the Task Manager) and then continue with whatever I was doing. On one occasion, the fake popup reappeared almost immediately, but that was the only time it's done that.

When the fake popup appears, it's listed on the Task Manager under the Applications tab. Could the App name it's listed by possibly be used to search for and delete it? I'll have to wait for another occurrence to write down the App name.

gin_jammer
2018-03-20, 14:32
I'm also noticing that my laptop often becomes non-responsive after the browser (Firefox) has been running awhile. If I persistently click on something, I eventually see a banner across the top of my screen indicating a script is running and asking what I wish to do. The banner presents a couple of buttons, one of which is "Stop it," but clicking that button does not produce an immediate result. Can I stop or block scripts another way?

Juliet
2018-03-21, 12:28
A good while back, I recommended you reset Firefox, was this done?

~~


When the fake popup appears, it's listed on the Task Manager under the Applications tab. Could the App name it's listed by possibly be used to search for and delete it? I'll have to wait for another occurrence to write down the App name.
Yes, the app name will help

~~

turn off all computers, iphones, ...
then unplug the power cable from the router,
then unplug the power cable from the (Cable) modem

....let it OFF for about 5 minutes.

Then with the computers still off,
plug back in the Cable modem power cable.

...when all the lights come on:
then plug in the router,

when all the lights come back on:
then start all computers:

Now check if your problem still exists.

~~

please read over the below link

https://support.mozilla.org/en-US/kb/warning-unresponsive-script

~~~~~~~~~~~~

I would like to see a new FRST log

Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

gin_jammer
2018-03-25, 16:07
I couldn't remember whether I had reset Firefox earlier, so I did it.

I have NOT yet done the modem/router power OFF steps.

Following are the new FRST logs:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Ed (2018-03-25 08:47:08)
Running from C:\Users\Ed\Desktop\Unused Icons
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.2.3046 - AVG Technologies)
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies)
AVG PC TuneUp (Version: 16.77.3 - AVG Technologies) Hidden
AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.2.632 - AVG)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Elevated Installer (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
FMW 1 (Version: 1.227.9 - AVG Technologies) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.7 - Google Inc.) Hidden
H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2017 (HKLM\...\{16CC23D8-0CC6-4934-AA1F-B79AE31C405F}) (Version: 17.04.6301 - HRB Technology, LLC.)
iCloud (HKLM\...\{625E52CB-61F3-4FC0-916A-4E144948A023}) (Version: 7.3.0.20 - Apple Inc.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
iTunes (HKLM\...\{F9FEA709-DE8A-4ECB-A57B-FB2604EF24FB}) (Version: 12.7.3.46 - Apple Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 59.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x86 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1.6648 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00587C43-504F-45D2-BC47-1CB8C8368DD2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-08] (AVG Technologies CZ, s.r.o.)
Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-13] (Adobe Systems Incorporated)
Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {5791A7E9-AF24-49A0-9DD0-719571AC1CDE} - System32\Tasks\{416A5D32-82D3-40D7-9405-AFF201723BF7} => pcalua.exe -a C:\Users\Ed\Desktop\HijackThis.exe -d C:\Users\Ed\Desktop
Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {66A7DC2E-3B8E-4781-A414-E0976D20FCD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-03-15] (Google Inc.)
Task: {67E7081C-B0E8-43CD-8057-AC36A75146E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {708BB84B-BC5F-4BBF-90C8-0CF407213F72} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-03-14] (AVG Technologies CZ, s.r.o.)
Task: {8A2122A1-72DF-44DD-BE31-58EC98A353E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-03-15] (Google Inc.)
Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {B31C2D05-2D45-4008-BAE2-9461602D42B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {B80053F6-2E6D-40C0-9141-C57BA20E1A70} - System32\Tasks\AVG Secure VPN Update => C:\Program Files\AVG\Secure VPN\VpnUpdate.exe [2018-03-14] (AVG Technologies CZ, s.r.o.)
Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2018-01-10] (Apple Inc.)
Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2018-01-22] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-03-14 09:48 - 2018-03-14 09:48 - 00289008 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 00281328 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2018-03-14 13:52 - 2018-03-14 13:52 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031402\algo.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 00758000 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 00965872 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 00476400 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-03-15 07:26 - 2018-03-15 07:26 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031500\algo.dll
2018-03-15 15:48 - 2018-03-15 15:48 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031508\algo.dll
2018-03-16 07:51 - 2018-03-16 07:51 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031602\algo.dll
2018-03-16 15:56 - 2018-03-16 15:56 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031604\algo.dll
2018-03-17 07:58 - 2018-03-17 07:58 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031700\algo.dll
2018-03-18 08:01 - 2018-03-18 08:01 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031800\algo.dll
2018-03-19 08:04 - 2018-03-19 08:04 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031900\algo.dll
2018-03-19 12:05 - 2018-03-19 12:05 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031902\algo.dll
2018-03-20 12:08 - 2018-03-20 12:08 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18032002\algo.dll
2016-04-13 17:25 - 2016-04-13 17:25 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 01042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 19:55 - 2017-11-30 19:55 - 00076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 00326144 _____ () C:\Program Files\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 15:32 - 2017-03-28 15:32 - 00073216 _____ () C:\Program Files\Garmin\Device Interaction Service\FixBootSector.dll
2017-12-03 12:28 - 2016-09-13 15:00 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-03-14 20:59 - 2018-03-14 20:59 - 00281840 _____ () C:\Program Files\AVG\Secure VPN\tasks_core.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 00619248 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 00289008 _____ () c:\Program Files\AVG\Antivirus\StreamBack.dll
2017-12-03 12:28 - 2017-05-12 12:36 - 00507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-16 20:11 - 2013-01-15 00:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-12-02 19:14 - 2016-12-02 19:14 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 67127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 00189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2018-02-22 08:59 - 2018-02-22 08:59 - 48936448 _____ () C:\Program Files\AVG\Secure VPN\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.

IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-01-31 16:56 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BBAE6A51-936A-4002-B8B4-0F02AABB30B2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80ECA08B-FB7B-4435-9E54-09F72EC1EA40}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3A56F231-0455-4CB6-ADF7-186661B5A4DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{383EF5B3-1057-404C-BC05-9F1BDD82073C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

10-03-2018 01:00:04 Scheduled Checkpoint
15-03-2018 03:00:14 Windows Update
23-03-2018 00:00:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AVG TAP Adapter v3
Description: AVG TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: avgTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2018 03:30:03 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (03/25/2018 03:30:00 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (03/25/2018 03:29:53 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.

Error: (03/25/2018 03:16:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x2f40
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3

Error: (03/25/2018 03:16:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (03/24/2018 04:34:27 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (03/24/2018 04:34:24 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (03/24/2018 04:34:19 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.

Error: (03/24/2018 02:38:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x2d58
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3

Error: (03/24/2018 02:38:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])


System errors:
=============
Error: (03/15/2018 10:22:25 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (03/15/2018 03:27:15 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Garmin Device Interaction Service service hung on starting.

Error: (03/15/2018 03:25:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/15/2018 03:25:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/13/2018 09:41:31 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (03/13/2018 06:47:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (03/13/2018 06:47:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (03/12/2018 05:32:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/01/2018 01:34:20 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/28/2018 03:05:42 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer LAPTOP-TKL884U4
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0.
The master browser is stopping or an election is being forced.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 45%
Total physical RAM: 1944.03 MB
Available physical RAM: 1052.13 MB
Total Virtual: 6422.79 MB
Available Virtual: 4692.72 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:229.92 GB) NTFS
Drive d: (DVD_VIDEO_RECORDER) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:57.87 GB) (Free:41.22 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Ed (administrator) on ED-PC (25-03-2018 08:46:07)
Running from C:\Users\Ed\Desktop\Unused Icons
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\VpnSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\Vpn.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219888 2018-01-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [294928 2018-03-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2018-02-22]
ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies CZ, s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{C9604640-2540-4F90-BBFC-7E5BF9549C72}: [NameServer] 77.234.40.79

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796
FF Homepage: www.toast.net/start
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2018-03-17] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Slides) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-15]
CHR Extension: (Docs) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-15]
CHR Extension: (Google Drive) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-15]
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-15]
CHR Extension: (Sheets) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-15]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [304776 2018-03-14] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5960472 2018-03-14] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189320 2018-01-25] (AVG Technologies CZ, s.r.o.)
S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SecureVpn; C:\Program Files\AVG\Secure VPN\VpnSvc.exe [5517040 2018-03-14] (AVG Technologies CZ, s.r.o.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4443136 2018-01-22] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [41472 2018-01-22] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [159424 2018-03-14] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135808 2018-03-14] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [179024 2018-03-14] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [150952 2018-03-14] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270272 2018-03-14] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43920 2018-03-14] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35192 2018-03-14] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [116784 2018-03-14] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [92416 2018-03-14] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63208 2018-03-14] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775992 2018-03-14] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [384240 2018-03-14] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [144728 2018-03-14] (AVG Technologies CZ, s.r.o.)
S3 avgTap; C:\Windows\System32\DRIVERS\avgTap.sys [49136 2017-12-05] (The OpenVPN Project)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [303168 2018-03-14] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-01-27] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-25 08:44 - 2018-03-25 08:46 - 00000000 ____D C:\FRST
2018-03-23 12:34 - 2018-03-14 09:48 - 00320440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-03-22 10:22 - 2018-03-22 10:22 - 00621873 _____ C:\Users\Ed\Downloads\Designing with Compression Springs.pdf
2018-03-15 11:01 - 2018-03-20 19:11 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-15 11:01 - 2018-03-20 19:11 - 00002136 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-15 10:59 - 2018-03-15 11:08 - 00000000 ____D C:\Users\Ed\AppData\Local\Google
2018-03-15 10:59 - 2018-03-15 11:00 - 00000000 ____D C:\Program Files\Google
2018-03-14 04:37 - 2018-03-08 23:14 - 04044992 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-03-14 04:37 - 2018-03-08 23:14 - 04025536 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-14 04:37 - 2018-03-08 23:14 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-03-14 04:37 - 2018-03-08 23:14 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-03-14 04:37 - 2018-03-08 23:14 - 00137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-03-14 04:37 - 2018-03-08 23:14 - 00137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-03-14 04:37 - 2018-03-08 23:14 - 00067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-03-14 04:37 - 2018-03-08 22:47 - 01310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 00554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-03-14 04:37 - 2018-03-08 22:43 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-03-14 04:37 - 2018-03-08 22:26 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-03-14 04:37 - 2018-03-08 22:24 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-03-14 04:37 - 2018-03-08 22:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-03-14 04:37 - 2018-03-08 22:22 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-03-14 04:37 - 2018-03-08 22:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-03-14 04:37 - 2018-03-08 22:22 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-03-14 04:37 - 2018-03-01 04:25 - 02404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-03-14 04:37 - 2018-02-21 23:06 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-03-14 04:37 - 2018-02-18 17:34 - 00535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-14 04:37 - 2018-02-13 14:31 - 00117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 04:37 - 2018-02-13 14:24 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 04:37 - 2018-02-13 10:04 - 01893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 04:37 - 2018-02-13 10:04 - 01319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 04:37 - 2018-02-13 10:04 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 04:37 - 2018-02-13 10:04 - 00508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 04:37 - 2018-02-13 10:04 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 04:37 - 2018-02-13 10:04 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 04:37 - 2018-02-13 10:04 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 04:37 - 2018-02-13 10:04 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-14 04:37 - 2018-02-10 14:49 - 00162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-03-14 04:37 - 2018-02-10 14:49 - 00154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-03-14 04:37 - 2018-02-10 14:49 - 00104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-03-14 04:37 - 2018-02-10 14:49 - 00057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-03-14 04:37 - 2018-02-10 14:49 - 00053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-03-14 04:37 - 2018-02-10 14:49 - 00052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-03-14 04:37 - 2018-02-10 14:49 - 00052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
2018-03-14 04:37 - 2018-02-10 14:49 - 00051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
2018-03-14 04:37 - 2018-02-10 14:49 - 00046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-03-14 04:37 - 2018-02-10 14:49 - 00032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-03-14 04:37 - 2018-02-10 14:49 - 00027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-03-14 04:37 - 2018-02-10 14:49 - 00021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-03-14 04:37 - 2018-02-10 14:49 - 00013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-03-14 04:37 - 2018-02-10 14:49 - 00011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-03-14 04:37 - 2018-02-10 14:48 - 00274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-03-14 04:37 - 2018-02-10 14:48 - 00052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
2018-03-14 04:37 - 2018-02-10 14:48 - 00052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-03-14 04:37 - 2018-02-10 14:23 - 02292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-14 04:37 - 2018-02-10 14:23 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-03-14 04:37 - 2018-02-10 14:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-03-14 04:37 - 2018-02-10 14:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-03-14 04:37 - 2018-02-10 13:36 - 00537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-03-14 04:37 - 2018-02-10 13:36 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-03-14 04:37 - 2018-02-10 13:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-03-14 04:37 - 2018-02-10 13:36 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-03-14 04:37 - 2018-02-02 14:54 - 00105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-03-14 04:37 - 2018-02-02 14:29 - 02365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-03-14 04:37 - 2018-02-02 14:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-03-14 04:37 - 2018-01-12 12:26 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-03-14 04:36 - 2018-03-08 22:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-03-14 04:36 - 2018-03-08 22:26 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-03-14 04:36 - 2018-03-08 22:26 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-03-14 04:36 - 2018-03-08 22:26 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-03-14 04:36 - 2018-03-08 22:26 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-03-14 04:36 - 2018-03-08 22:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-03-14 04:36 - 2018-03-08 22:22 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-03-14 04:36 - 2018-03-08 22:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-03-14 04:36 - 2018-03-08 22:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-03-14 04:36 - 2018-02-10 13:36 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-03-14 04:36 - 2018-02-02 14:29 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-03-14 04:36 - 2018-02-02 14:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-03-14 04:36 - 2018-02-02 14:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-03-14 04:36 - 2018-02-02 13:46 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-03-14 04:36 - 2018-01-15 15:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-03-08 14:49 - 2018-03-08 14:49 - 10993872 _____ (SurfRight B.V.) C:\Users\Ed\Downloads\HitmanPro.exe
2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-07 20:59 - 2018-03-07 20:59 - 00001785 _____ C:\Users\Ed\Desktop\Forum Instructions.txt
2018-03-04 19:33 - 2018-03-04 19:33 - 00569290 _____ C:\Users\Ed\Downloads\Statement_Mar 2018.pdf
2018-02-25 16:09 - 2018-02-25 16:38 - 00015872 _____ C:\Users\Ed\Desktop\Product Engineering Section 4140.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-25 08:46 - 2016-11-19 16:24 - 00000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
2018-03-25 03:36 - 2009-07-14 00:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-25 03:36 - 2009-07-14 00:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-23 12:34 - 2017-11-27 09:46 - 00001921 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-03-23 09:42 - 2017-12-26 20:54 - 00046592 _____ C:\Users\Ed\Desktop\Alert VISA.xls
2018-03-22 13:21 - 2016-11-21 15:39 - 00000000 ____D C:\Users\Ed\Desktop\Old Firefox Data
2018-03-19 17:14 - 2010-11-20 17:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-19 17:14 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2018-03-18 12:19 - 2017-12-25 11:33 - 00000000 ____D C:\Users\Ed\AppData\Local\CrashDumps
2018-03-17 07:46 - 2017-05-19 16:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2018-03-17 07:46 - 2015-08-10 16:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-15 04:02 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2018-03-15 03:25 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-15 03:24 - 2009-07-14 00:33 - 00310016 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-15 03:22 - 2015-07-21 15:47 - 00000000 ____D C:\Windows\system32\appraiser
2018-03-15 03:05 - 2015-07-21 15:43 - 00000000 ____D C:\Windows\system32\MRT
2018-03-15 03:01 - 2017-10-11 03:01 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-15 03:01 - 2015-07-21 15:43 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswfff991195401cb3d.tmp
2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf11e4b7f329d5e92.tmp
2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd959b35494881878.tmp
2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd33f11c9d0e49319.tmp
2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw663a794241db315e.tmp
2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw63a2c1ee2b7f6581.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe91d7cc0ce733145.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe5a0fef4827d6e31.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe47deb1bf6142293.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd8158c3b1d3d6821.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw776596a18c114177.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw39786af245ed0109.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf96ec2e66b52ced3.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asweac384d127347138.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb35683c2a039993c.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswa94130442dce11b8.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw6514ed46332a6f29.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw21a2daa47b175755.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf0a98d9cb70597b9.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asweeed440bd7f11749.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe71201abb49e7dac.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9a9a6c1944728a2d.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw8b8a58a2456acfc8.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw7de5ca48ed01e3ca.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf4fd7ac9c582a945.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd53a77b6236426c3.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswbc6f69ded7989a0d.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb12a8568651395bd.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw45a233ec723f1748.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw11b549b5b079c3d9.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswc69995a4891a3c50.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw73b2325e6fab2e62.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw61f351c642a73cc8.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw5a00b69d78395910.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw2e4839572d7b5211.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw dd05306b537ef0d.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe449228688d8e3d7.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswce9350919473cfef.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswab6ef4e60e462a2a.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9363d22f75635337.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw3c1e35049745f8ef.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw 51cdb0af6406b40.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswfc14ab855651fcf2.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdfc749ce49e69378.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswce7cb34c7c14d710.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswa99939d200630628.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw92e3c89f11066f25.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw3c0a370316b12cf5.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe1e22071d2f2b3e2.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdc55feafcacf73a6.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb1c1d88709718712.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw6dc5a76f5c807e04.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw269e0d7fc19832d6.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw195b35324e12d54c.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe648ffba10ddf7d7.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd10fb472153bdd42.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswaa6b4bb281ddfba8.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw99a150d99ad8f2a5.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw6b11afa2f712616e.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw57cf3a91e85bc3e2.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdfa9f2ccf0272f00.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdc438833292f5f97.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswbcbe7adccbdf8553.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw8e4101390aa72cba.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw81b3b5d940b8c41a.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw3e80a46da44cca5b.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf730e6541723a2cd.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw8ef29db4e5a079c9.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw74cc1371f680cfbd.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw131ceb79636e48f7.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw12cf2ebec1334209.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw 835fc390c86d1ed.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswfb822209accdb787.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf61704f2837b1dac.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb85ea0519309ddd5.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswa7d5d2952f582d87.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9523cb61b3e4db9c.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw1df0969a0ca7551f.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd64f0761e12b3169.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd5c0e3146c0740fe.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw8ef1b74897e24cb9.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw7a832f31c03783ea.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw5178cc98dd889790.tmp
2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw34ef025570d17ce3.tmp
2018-03-13 06:46 - 2018-02-02 08:26 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
2018-02-23 14:07 - 2015-07-22 09:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-12-29 22:38 - 2015-12-29 22:39 - 54113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe
2016-05-16 16:30 - 2016-05-16 16:30 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2018-03-19 00:54

==================== End of FRST.txt ============================

Juliet
2018-03-25, 19:52
I have NOT yet done the modem/router power OFF steps.
Please do attempt to do this.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::


Start::
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
Hosts:
Emptytemp:
End::


Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~`

I found a few left over Zemana files we can delete (in the above FRST fix) and attempt to download and install again.

https://i.imgur.com/KyRxOXI.pngZemana AntiMalware - Fix

Download and install Zemana AntiMalware (https://www.zemana.com/AntiMalware)
Open Zemana AntiMalware, and click on the Scan button
Wait for the scan to complete
Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
If it asks you to reboot your computer to finish the clean-up, do so
After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
A log will open in Notepad
Copy/paste the content of that log in your next reply


Please post these 2 logs when finished along with an update with how the computer is at the moment.

gin_jammer
2018-03-31, 22:50
I did the power OFF steps, BUT...my cable provider has combined the modem and router into one box, which I must reboot as a unit, and I have no control over its turn-on or turn-off sequence. Also, I won't be able to say whether this helped until I operate my browser for a while to see if the fake popup occurs again...or not.

I started FRST as Administrator and clicked Fix. FRST then gave a popup saying it cannot find Fixlist. Do I need to do something to/with the text you instructed me to highlight?

Juliet
2018-04-01, 02:27
I want you to highlight the script below, right click on it and select COPY


Start::
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
Hosts:
Emptytemp:
End::

Now, you copied it, open Farbar Recovery Scan Tool....look at the bottom of the tool and click on FIX button

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

gin_jammer
2018-04-01, 18:31
After highlighting/copying text, I run FRST (as Administrator), and when I click Fix button, I get popup shown in attached screen print.

Juliet
2018-04-02, 03:42
OK, I can see FRST on desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Or use this method Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

http://i.imgur.com/15wKX7o.jpg

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
Hosts:
Emptytemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

gin_jammer
2018-04-02, 17:52
Created and saved fixlist.txt on Desktop, and then ran FRST. Fixlog follows:

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Ed (2018-04-02 10:12:15) Run:1
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
Hosts:
Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
ZAM => service removed successfully.
ZAM_Guard => service removed successfully.
C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe => moved successfully
C:\Windows\ZAM_Guard.krnl.trace => moved successfully
C:\Windows\ZAM.krnl.trace => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 501.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 10:13:21 ====


After reboot, I attempted to use Zemana AntiMalware, but got a popup saying license expired.

Juliet
2018-04-02, 23:14
try downloading it again

http://i.imgur.com/RQKuhw1.pngZemana AntiMalware - Fix

Download and install Zemana AntiMalware (https://www.zemana.com/AntiMalware)
Open Zemana AntiMalware, and click on the Scan button
https://i.imgur.com/9bxAQfh.png
Wait for the scan to complete
https://i.imgur.com/19whQAs.png
Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
https://i.imgur.com/U4b97Kj.png
https://i.imgur.com/yiHmd7o.png
If it asks you to reboot your computer to finish the clean-up, do so
https://i.imgur.com/fO7GVK0.png
After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
https://i.imgur.com/2AHrjhI.png
A log will open in Notepad
Copy/paste the content of that log in your next reply


~~~~~~~~~~~~~~~~~~~~~~~~~`

gin_jammer
2018-04-05, 15:21
The fake alert popup appeared again yesterday. I opened Task Manager and did a screen shot of the so-called app it displayed. See Attachment.

I also downloaded Zemana AntiMalware again and tried to run it, but got the "License Expired" popup again. See Attachment.

Juliet
2018-04-05, 23:22
OK
for the Zemana alert, you've used up your free trail version. The next step in my mind would be to buy the product.

Please follow the below link with help in remove the Internet Security alert.
https://malwaretips.com/blogs/remove-internet-security-alert-code-055bccac9fec/

gin_jammer
2018-04-10, 17:51
I followed the steps in https://malwaretips.com/blogs/remove...-055bccac9fec/ which resulted in my buying HitmanPro.

The Adwclweaner and Malwarebytes both ran for free, but found nothing. HitmanPro removed (I think) a BUNCH of tracking cookies. I found no step that talked about downloading or running Zemana. Is that something I still must do?

Juliet
2018-04-10, 23:23
I found no step that talked about downloading or running Zemana. Is that something I still must do?
No, I wouldn't you will probably end up with to many programs trying to run/scan the system then that, creates a different problem.

What problems remain?

Juliet
2018-04-10, 23:26
Let me add a few things that can help protect your browser.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that you can experiment and see if they work well with your computer.

uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);

create by Aura

gin_jammer
2018-04-11, 11:28
Thanks.

Allow me to operate my browser for a couple of days to give the fake alert popup some chances to pop up.

I'm currently spending quite a bit of time online doing taxes after which I'll let you know how my browser seems to be doing.

Juliet
2018-04-12, 12:15
:bigthumb:

Juliet
2018-04-23, 16:40
Several days have past, I'll extend one more day to keep the topic open.

Juliet
2018-04-24, 12:34
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.