View Full Version : Laptop at times almost frozen
gin_jammer
2018-10-07, 17:39
Lately during sluggish laptop performance, I've seen a yellow banner at the top of my screen saying a script MAY be running, and there's a button to Stop it, but I can't always get to it before it disappears, and when I can and click it, I do NOT notice any performance change right away.
Last evening (10/6), my laptop became so unresponsive that I powered it OFF. This morning when I turned it ON, it ran CHKDSK on its own. After that, it had an epileptic seizure during which it momentarily displayed (flashed onto the screen) a series of "stuff" I can't even describe. Finally, it settled down and allowed keyboard control.
I did Registry backup, and then ran FRST and aswMBR.
FRST generated Addition and FRST text files, which both follow, but aswMBR generated nothing.
***
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06.10.2018
Ran by Ed (07-10-2018 10:49:51)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.6.3066 - AVG Technologies)
AVG PC TuneUp (HKLM\...\{1EC0253F-2E87-44B9-9EBA-9A102B9FA5EC}) (Version: 16.78.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.78.3.33194 - AVG Technologies)
AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.2.632 - AVG)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
FMW 1 (HKLM\...\{C22DCE85-A6B0-4D3D-81AC-460D7726CCA5}) (Version: 1.227.45 - AVG Technologies) Hidden
Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2017 (HKLM\...\{16CC23D8-0CC6-4934-AA1F-B79AE31C405F}) (Version: 17.04.7601 - HRB Technology, LLC.)
iCloud (HKLM\...\{41F9DCCB-2880-455B-BE44-616D221A0907}) (Version: 7.6.0.15 - Apple Inc.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
iTunes (HKLM\...\{F9FEA709-DE8A-4ECB-A57B-FB2604EF24FB}) (Version: 12.7.3.46 - Apple Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x86 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3.6848 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.28 (HKLM\...\Skype_is1) (Version: 8.28 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-08-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-15] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-08-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00587C43-504F-45D2-BC47-1CB8C8368DD2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-16] (AVG Technologies CZ, s.r.o.)
Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {2D8E2A7D-4CA7-49EC-8DAA-7959C38DD9E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-13] (Adobe Systems Incorporated)
Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {5791A7E9-AF24-49A0-9DD0-719571AC1CDE} - System32\Tasks\{416A5D32-82D3-40D7-9405-AFF201723BF7} => C:\Windows\system32\pcalua.exe -a C:\Users\Ed\Desktop\HijackThis.exe -d C:\Users\Ed\Desktop
Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {6BC8DC70-50EB-42F9-B736-2899ED27BD82} - System32\Tasks\AVG Secure VPN Update => C:\Program Files\AVG\Secure VPN\VpnUpdate.exe [2018-07-30] (AVG Technologies CZ, s.r.o.)
Task: {9413DBD0-2DAC-429F-82BF-7483B33D3F59} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-08-26] (AVG Technologies CZ, s.r.o.)
Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2018-06-26] (Apple Inc.)
Task: {EACC9B78-691D-4701-B1EF-EBB9D8B49235} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2018-07-26] (AVG Technologies CZ, s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-08-26 11:49 - 2018-08-26 11:49 - 000574192 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-08-26 11:49 - 2018-08-26 11:49 - 000897264 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-08-26 11:49 - 2018-08-26 11:49 - 000987888 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-08-26 11:49 - 2018-08-26 11:49 - 000542448 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-07 08:26 - 2018-10-07 08:26 - 005708488 _____ () C:\Program Files\AVG\Antivirus\defs\18100702\algo.dll
2014-01-16 20:11 - 2013-01-15 00:47 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-04-13 17:25 - 2016-04-13 17:25 - 000036864 _____ () C:\Windows\System32\pdf995mon.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-12-02 19:14 - 2016-12-02 19:14 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-12-03 12:28 - 2016-09-13 15:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-06-23 06:56 - 2018-06-23 06:56 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2018-06-27 21:01 - 2018-06-27 21:00 - 067127976 _____ () C:\Program Files\AVG\Secure VPN\libcef.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 000326144 _____ () C:\Program Files\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 15:32 - 2017-03-28 15:32 - 000073216 _____ () C:\Program Files\Garmin\Device Interaction Service\FixBootSector.dll
2018-04-10 10:13 - 2018-08-30 14:20 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7873 more sites.
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com
There are 7873 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2018-10-03 06:02 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80ECA08B-FB7B-4435-9E54-09F72EC1EA40}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3A56F231-0455-4CB6-ADF7-186661B5A4DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{29DCD986-D2D4-4E4C-A496-5A99584B85E3}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3748A6F8-53E4-46FB-BF30-9EEE858836E0}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{48AB0D36-565C-4831-B4A9-63A9BC02600D}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{0C9B3188-57EB-46B1-AEA3-60B91FCB4DB0}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
21-09-2018 02:35:23 Scheduled Checkpoint
29-09-2018 00:00:05 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: AVG TAP Adapter v3
Description: AVG TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: avgTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/07/2018 09:20:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Ed\Desktop\BIN64\a2cmd.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/07/2018 08:40:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x183c
Faulting application start time: 0x01d45e3a94132c7c
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 1e20068a-ca2e-11e8-9b20-00226817a818
Error: (10/07/2018 08:40:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
Error: (10/07/2018 08:39:43 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (10/07/2018 08:39:40 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (10/06/2018 04:11:19 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (10/06/2018 04:11:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (10/06/2018 04:07:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x2f9c
Faulting application start time: 0x01d45d4b87de9b15
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: cdc8697c-c93e-11e8-a19a-00226817a818
System errors:
=============
Error: (10/07/2018 08:34:57 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a45\??\C:\System Volume Information\Syscache.hve
Error: (10/07/2018 08:13:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (10/07/2018 08:10:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
Error: (10/07/2018 08:08:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (10/07/2018 08:08:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (10/07/2018 08:08:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (10/07/2018 08:08:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (10/07/2018 08:06:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:58:51 PM on 10/6/2018 was unexpected.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 48%
Total physical RAM: 1944.03 MB
Available physical RAM: 992.74 MB
Total Virtual: 6911.13 MB
Available Virtual: 5339.34 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:228.4 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.18 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32
\\?\Volume{0c055244-2ff0-11e5-bcc9-806e6f6e6963}\ (System) (Fixed) (Total:3.37 GB) (Free:0.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 57.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)
==================== End of Addition.txt ============================
***
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.10.2018
Ran by Ed (administrator) on ED-PC (07-10-2018 10:49:02)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\Vpn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\VpnSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Foundation) C:\Program Files\Mozilla Firefox\pingsender.exe
(Mozilla Foundation) C:\Program Files\Mozilla Firefox\crashreporter.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219888 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291056 2018-08-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2018-02-22]
ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2018-08-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 75.114.81.1 209.18.47.62
Tcpip\..\Interfaces\{C9604640-2540-4F90-BBFC-7E5BF9549C72}: [NameServer] 77.234.40.79
Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
FireFox:
========
FF DefaultProfile: 259s4omg.default-1479757157401-1521739273796
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796 [2018-10-07]
FF Homepage: Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796 -> www.toast.net/start
FF Extension: (Firefox Monitor) - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796\features\{59a768a4-6bff-47d9-8d60-054b42e15660}\fxmonitor@mozilla.org.xpi [2018-10-04]
FF Extension: (Telemetry coverage) - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796\features\{59a768a4-6bff-47d9-8d60-054b42e15660}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-04] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default [2018-09-11]
CHR Extension: (Slides) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-15]
CHR Extension: (Docs) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-15]
CHR Extension: (Google Drive) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-15]
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-15]
CHR Extension: (Sheets) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Skype) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-26]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-11]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-08-26] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6537768 2018-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189832 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SecureVpn; C:\Program Files\AVG\Secure VPN\VpnSvc.exe [5514360 2018-07-30] (AVG Technologies CZ, s.r.o.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [5226496 2018-07-26] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [41472 2018-07-26] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [159936 2018-08-26] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [181240 2018-08-26] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [157840 2018-08-26] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [276712 2018-08-26] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [50360 2018-08-26] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35192 2018-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [127656 2018-09-11] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [93440 2018-08-26] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [64232 2018-08-28] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [776504 2018-08-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [388848 2018-09-04] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [158224 2018-09-12] (AVG Technologies CZ, s.r.o.)
S3 avgTap; C:\Windows\System32\DRIVERS\avgTap.sys [49136 2017-12-05] (The OpenVPN Project)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [303680 2018-08-26] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-10-07] (Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-01-27] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
U3 aswMBR; \??\C:\Users\Ed\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Ed\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-07 10:49 - 2018-10-07 10:49 - 000012741 _____ C:\Users\Ed\Desktop\FRST.txt
2018-10-07 10:43 - 2018-10-07 10:43 - 000000510 _____ C:\Users\Ed\Desktop\aswMBR.txt
2018-10-07 10:37 - 2018-10-07 10:37 - 005198336 _____ (AVAST Software) C:\Users\Ed\Downloads\aswMBR.exe
2018-10-07 10:09 - 2018-10-07 10:09 - 001774592 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2018-10-07 10:01 - 2018-10-07 10:01 - 000066883 _____ C:\Users\Ed\Desktop\fGdFB7Zt.htm
2018-10-07 09:58 - 2018-10-07 09:58 - 000000000 ____D C:\RegBackup
2018-10-07 09:57 - 2018-10-07 09:57 - 000002148 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-10-07 09:55 - 2018-10-07 09:55 - 000001653 _____ C:\Users\Ed\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
2018-10-07 09:52 - 2018-10-07 09:53 - 005766144 _____ (Tweaking.com) C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
2018-10-07 09:47 - 2018-10-07 09:47 - 000005757 _____ C:\Users\Ed\Desktop\Tashi posting instructions.txt
2018-10-07 08:08 - 2018-10-07 08:08 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-07 08:06 - 2018-10-07 08:06 - 000003472 ____N C:\bootsqm.dat
2018-09-11 21:44 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 21:44 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 21:44 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 21:44 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 21:44 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 21:44 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 21:44 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 21:44 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 21:44 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 21:44 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 21:44 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 21:44 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 21:44 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 21:44 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 21:44 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 21:44 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 21:44 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 21:44 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 21:44 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 21:44 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 21:44 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 21:44 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 21:44 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 21:43 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 21:43 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 21:43 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 21:43 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 21:43 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 21:43 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 21:43 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 21:43 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 21:43 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 21:43 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 21:43 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 21:43 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 21:43 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 21:43 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 21:43 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 21:43 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 21:43 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 21:43 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 21:43 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 21:43 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 21:43 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 21:43 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 21:43 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 21:43 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 21:43 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-11 19:58 - 2018-09-11 19:58 - 000000035 _____ C:\END
2018-09-11 16:42 - 2018-08-26 11:49 - 000324336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-09-11 14:43 - 2018-09-11 14:43 - 000000000 ____D C:\ProgramData\UpdShl
2018-09-11 14:42 - 2018-09-11 14:42 - 000000000 _RSHD C:\ProgramData\Key-Base
2018-09-11 14:42 - 2018-09-11 14:42 - 000000000 ____D C:\ProgramData\{B0BE0BAA-6184-5036-9887-FB6FB3FDB9E0}
2018-09-11 14:41 - 2018-09-11 19:58 - 000000000 ____D C:\Program Files\AVG Software
2018-09-11 14:41 - 2018-09-11 14:41 - 000000000 ____D C:\Users\Ed\AppData\Local\AVGAntiTrack
2018-09-11 14:41 - 2018-09-11 14:41 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-07 10:49 - 2018-03-25 08:44 - 000000000 ____D C:\FRST
2018-10-07 10:47 - 2016-11-19 16:24 - 000000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
2018-10-07 10:16 - 2009-07-14 00:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-07 10:16 - 2009-07-14 00:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-07 09:58 - 2015-10-09 17:43 - 000066737 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2018-10-07 09:42 - 2015-07-21 16:26 - 000000000 ____D C:\Users\Ed\Desktop\Unused Icons
2018-10-07 09:20 - 2015-07-22 09:55 - 000000000 ____D C:\Users\Ed\AppData\LocalLow\Adobe
2018-10-07 08:07 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-07 08:06 - 2017-05-19 16:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-07 08:06 - 2015-08-10 16:54 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-10-02 13:03 - 2015-07-22 09:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-13 21:02 - 2010-11-20 17:01 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-13 21:02 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-13 11:49 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
2018-09-13 08:43 - 2009-07-14 00:33 - 000310016 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-13 08:17 - 2015-07-21 15:43 - 000000000 ____D C:\Windows\system32\MRT
2018-09-13 08:12 - 2015-07-21 15:43 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-12 16:43 - 2017-05-23 09:02 - 000158224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-09-11 17:26 - 2018-03-15 10:59 - 000000000 ____D C:\Program Files\Google
2018-09-11 16:45 - 2017-11-27 09:46 - 000001953 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-09-11 11:50 - 2017-05-23 09:02 - 000127656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
==================== Files in the root of some directories =======
2015-12-29 22:38 - 2015-12-29 22:39 - 054113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe
Some files in TEMP:
====================
2018-10-07 09:17 - 2018-10-07 09:17 - 083792120 _____ (Garmin Ltd or its subsidiaries) C:\Users\Ed\AppData\Local\Temp\GarminExpressInstaller.exe
2018-08-27 19:43 - 2018-08-27 19:43 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Ed\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-10-05 00:52
==================== End of FRST.txt ============================
I've seen a yellow banner at the top of my screen saying a script MAY be running
Which browser are you using when this error pops up?
As far as seeing something malicious, I didn't but located in the logs were system errors. I can list those but not sure if they really are having an impact on your computer.
Garmin GPS\Express SelfUpdater <== might be due to compatibility issues and it throws out several errors.
Microsoft Office 2000 Premium <== same here, might be due to compatibility issues or didn't receive updates correctly
Windows Update service hung on starting (Has this service been disabled?, might be a good idea to disable it and when ready run manual checks often like once a month)
Spybot-S&D 2 Scanner Service service failed to start <== something here might have been disabled.
~~
Let's see what we can do.
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
Start::
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
U3 aswMBR; \??\C:\Users\Ed\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Ed\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
2018-10-07 09:17 - 2018-10-07 09:17 - 083792120 _____ (Garmin Ltd or its subsidiaries) C:\Users\Ed\AppData\Local\Temp\GarminExpressInstaller.exe
2018-08-27 19:43 - 2018-08-27 19:43 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Ed\AppData\Local\Temp\SkypeSetup.exe
C:\Windows\Temp\*.*
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
**********************
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
created by Aura
***********************
Please post
Fixlog.txt
AdwCleaner log
RogueKiller
gin_jammer
2018-10-14, 21:16
Browser is: Firefox Quantum version 6.2.3 (32 bit)
Fix result of Farbar Recovery Scan Tool (x86) Version: 06.10.2018
Ran by Ed (14-10-2018 12:18:17) Run:1
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
U3 aswMBR; \??\C:\Users\Ed\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Ed\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
2018-10-07 09:17 - 2018-10-07 09:17 - 083792120 _____ (Garmin Ltd or its subsidiaries) C:\Users\Ed\AppData\Local\Temp\GarminExpressInstaller.exe
2018-08-27 19:43 - 2018-08-27 19:43 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Ed\AppData\Local\Temp\SkypeSetup.exe
C:\Windows\Temp\*.*
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
HKLM\System\CurrentControlSet\Services\ZAM => removed successfully.
ZAM => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => removed successfully.
ZAM_Guard => service removed successfully.
aswMBR => service not found.
aswVmm => service not found.
C:\Users\Ed\AppData\Local\Temp\GarminExpressInstaller.exe => moved successfully
C:\Users\Ed\AppData\Local\Temp\SkypeSetup.exe => moved successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\AdobeARM_NotLocked.log => moved successfully
C:\Windows\Temp\ArmUI.ini => moved successfully
C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00002.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00003.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00004.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00005.log => moved successfully
C:\Windows\Temp\asw-dcbb1e4d-dead-481e-af9f-614a9896bd57.tmp => moved successfully
C:\Windows\Temp\dd_NDP46-KB4338420-x86_decompression_log.txt => moved successfully
C:\Windows\Temp\dd_NDP46-KB4344146-x86_decompression_log.txt => moved successfully
C:\Windows\Temp\dd_NDP46-KB4457016-x86_decompression_log.txt => moved successfully
C:\Windows\Temp\dd_NDP46-KB4457035-x86_decompression_log.txt => moved successfully
C:\Windows\Temp\dd_NDP47-KB4096418-x86_decompression_log.txt => moved successfully
C:\Windows\Temp\dd_ndp472-kb4054541-x86-x64-enu_decompression_log.txt => moved successfully
C:\Windows\Temp\dd_ndp472-kb4087364-x86_decompression_log.txt => moved successfully
C:\Windows\Temp\dd_SetupUtility.txt => moved successfully
C:\Windows\Temp\dd_wcf_CA_smci_20180509_070807_489.txt => moved successfully
C:\Windows\Temp\dd_wcf_CA_smci_20180711_070234_834.txt => moved successfully
C:\Windows\Temp\dd_wcf_CA_smci_20180722_053654_302.txt => moved successfully
C:\Windows\Temp\dd_wcf_CA_smci_20180815_070301_566.txt => moved successfully
C:\Windows\Temp\dd_wcf_CA_smci_20180913_122104_094.txt => moved successfully
C:\Windows\Temp\dd_wcf_CA_smci_20181010_070828_793.txt => moved successfully
C:\Windows\Temp\fwtsqmfile00.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile01.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile02.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile03.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile04.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile05.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile06.sqm => moved successfully
C:\Windows\Temp\KB4087364_20180722_014013697-Microsoft .NET Framework 4.7.2-MSP0.txt => moved successfully
C:\Windows\Temp\KB4087364_20180722_014013697.html => moved successfully
C:\Windows\Temp\KB4096418_20180509_030717010-Microsoft .NET Framework 4.7.1-MSP0.txt => moved successfully
C:\Windows\Temp\KB4096418_20180509_030717010.html => moved successfully
C:\Windows\Temp\KB4338420_20180711_030140503-Microsoft .NET Framework 4.7.1-MSP0.txt => moved successfully
C:\Windows\Temp\KB4338420_20180711_030140503.html => moved successfully
C:\Windows\Temp\KB4344146_20180815_030216294-Microsoft .NET Framework 4.7.2-MSP0.txt => moved successfully
C:\Windows\Temp\KB4344146_20180815_030216294.html => moved successfully
C:\Windows\Temp\KB4457016_20181010_030756119-Microsoft .NET Framework 4.7.2-MSP0.txt => moved successfully
C:\Windows\Temp\KB4457016_20181010_030756119.html => moved successfully
C:\Windows\Temp\KB4457035_20180913_082029760-Microsoft .NET Framework 4.7.2-MSP0.txt => moved successfully
C:\Windows\Temp\KB4457035_20180913_082029760.html => moved successfully
C:\Windows\Temp\Microsoft .NET Framework 4.7.2 Setup_20180722_013445866-MSI_netfx_Full_x86.msi.txt => moved successfully
C:\Windows\Temp\Microsoft .NET Framework 4.7.2 Setup_20180722_013445866.html => moved successfully
C:\Windows\Temp\MSI109ca.LOG => moved successfully
C:\Windows\Temp\MSI109cb.LOG => moved successfully
C:\Windows\Temp\MSI12dee.LOG => moved successfully
C:\Windows\Temp\MSI14be0.LOG => moved successfully
C:\Windows\Temp\MSI14be1.LOG => moved successfully
C:\Windows\Temp\MSI14bfd.LOG => moved successfully
C:\Windows\Temp\MSI174a9.LOG => moved successfully
C:\Windows\Temp\MSI174aa.LOG => moved successfully
C:\Windows\Temp\MSI17ace.LOG => moved successfully
C:\Windows\Temp\MSI17acf.LOG => moved successfully
C:\Windows\Temp\MSI1f37f.LOG => moved successfully
C:\Windows\Temp\MSI1f380.LOG => moved successfully
C:\Windows\Temp\MSI1f381.LOG => moved successfully
C:\Windows\Temp\MSI212a8.LOG => moved successfully
C:\Windows\Temp\MSI212a9.LOG => moved successfully
C:\Windows\Temp\MSI212aa.LOG => moved successfully
C:\Windows\Temp\MSI216a1.LOG => moved successfully
C:\Windows\Temp\MSI216a2.LOG => moved successfully
C:\Windows\Temp\MSI216a3.LOG => moved successfully
C:\Windows\Temp\MSI24c89.LOG => moved successfully
C:\Windows\Temp\MSI24c8a.LOG => moved successfully
C:\Windows\Temp\MSI24c8b.LOG => moved successfully
C:\Windows\Temp\MSI24c8c.LOG => moved successfully
C:\Windows\Temp\MSI24c8d.LOG => moved successfully
C:\Windows\Temp\MSI24ed2.LOG => moved successfully
C:\Windows\Temp\MSI24ed3.LOG => moved successfully
C:\Windows\Temp\MSI25255.LOG => moved successfully
C:\Windows\Temp\MSI25256.LOG => moved successfully
C:\Windows\Temp\MSI2a060.LOG => moved successfully
C:\Windows\Temp\MSI2a061.LOG => moved successfully
C:\Windows\Temp\MSI3249b.LOG => moved successfully
C:\Windows\Temp\MSI3249c.LOG => moved successfully
C:\Windows\Temp\MSI332e0.LOG => moved successfully
C:\Windows\Temp\MSI332e1.LOG => moved successfully
C:\Windows\Temp\MSI33503.LOG => moved successfully
C:\Windows\Temp\MSI33504.LOG => moved successfully
C:\Windows\Temp\MSI3377a.LOG => moved successfully
C:\Windows\Temp\MSI3377b.LOG => moved successfully
C:\Windows\Temp\MSI3377c.LOG => moved successfully
C:\Windows\Temp\MSI36d87.LOG => moved successfully
C:\Windows\Temp\MSI36d88.LOG => moved successfully
C:\Windows\Temp\MSI37c3.LOG => moved successfully
C:\Windows\Temp\MSI37c4.LOG => moved successfully
C:\Windows\Temp\MSI37c5.LOG => moved successfully
C:\Windows\Temp\MSI3de6e.LOG => moved successfully
C:\Windows\Temp\MSI3de6f.LOG => moved successfully
C:\Windows\Temp\MSI3e7d3.LOG => moved successfully
C:\Windows\Temp\MSI3e7d4.LOG => moved successfully
C:\Windows\Temp\MSI41240.LOG => moved successfully
C:\Windows\Temp\MSI41241.LOG => moved successfully
C:\Windows\Temp\MSI41242.LOG => moved successfully
C:\Windows\Temp\MSI41243.LOG => moved successfully
C:\Windows\Temp\MSI41244.LOG => moved successfully
C:\Windows\Temp\MSI435d9.LOG => moved successfully
C:\Windows\Temp\MSI435da.LOG => moved successfully
C:\Windows\Temp\MSI44a10.LOG => moved successfully
C:\Windows\Temp\MSI44a11.LOG => moved successfully
C:\Windows\Temp\MSI44fbc.LOG => moved successfully
C:\Windows\Temp\MSI44fbd.LOG => moved successfully
C:\Windows\Temp\MSI45e2b.LOG => moved successfully
C:\Windows\Temp\MSI4678d.LOG => moved successfully
C:\Windows\Temp\MSI4678e.LOG => moved successfully
C:\Windows\Temp\MSI4678f.LOG => moved successfully
C:\Windows\Temp\MSI4829b.LOG => moved successfully
C:\Windows\Temp\MSI4829c.LOG => moved successfully
C:\Windows\Temp\MSI497c6.LOG => moved successfully
C:\Windows\Temp\MSI497c7.LOG => moved successfully
C:\Windows\Temp\MSI497c8.LOG => moved successfully
C:\Windows\Temp\MSI4cb7f.LOG => moved successfully
C:\Windows\Temp\MSI4cb80.LOG => moved successfully
C:\Windows\Temp\MSI4de3e.LOG => moved successfully
C:\Windows\Temp\MSI4de3f.LOG => moved successfully
C:\Windows\Temp\MSI4f881.LOG => moved successfully
C:\Windows\Temp\MSI50a3a.LOG => moved successfully
C:\Windows\Temp\MSI50a3b.LOG => moved successfully
C:\Windows\Temp\MSI535ba.LOG => moved successfully
C:\Windows\Temp\MSI535bb.LOG => moved successfully
C:\Windows\Temp\MSI54981.LOG => moved successfully
C:\Windows\Temp\MSI54982.LOG => moved successfully
C:\Windows\Temp\MSI575b3.LOG => moved successfully
C:\Windows\Temp\MSI575b4.LOG => moved successfully
C:\Windows\Temp\MSI5d8a5.LOG => moved successfully
C:\Windows\Temp\MSI5d8a6.LOG => moved successfully
C:\Windows\Temp\MSI5d8ea.LOG => moved successfully
C:\Windows\Temp\MSI5d8eb.LOG => moved successfully
C:\Windows\Temp\MSI5ee00.LOG => moved successfully
C:\Windows\Temp\MSI5ee01.LOG => moved successfully
C:\Windows\Temp\MSI5fd49.LOG => moved successfully
C:\Windows\Temp\MSI5fd4a.LOG => moved successfully
C:\Windows\Temp\MSI60c6f.LOG => moved successfully
C:\Windows\Temp\MSI60c70.LOG => moved successfully
C:\Windows\Temp\MSI638c6.LOG => moved successfully
C:\Windows\Temp\MSI638c7.LOG => moved successfully
C:\Windows\Temp\MSI638c8.LOG => moved successfully
C:\Windows\Temp\MSI638c9.LOG => moved successfully
C:\Windows\Temp\MSI638ca.LOG => moved successfully
C:\Windows\Temp\MSI63b8.LOG => moved successfully
C:\Windows\Temp\MSI63b9.LOG => moved successfully
C:\Windows\Temp\MSI66583.LOG => moved successfully
C:\Windows\Temp\MSI67a55.LOG => moved successfully
C:\Windows\Temp\MSI67a56.LOG => moved successfully
C:\Windows\Temp\MSI67a57.LOG => moved successfully
C:\Windows\Temp\MSI683a0.LOG => moved successfully
C:\Windows\Temp\MSI683a1.LOG => moved successfully
C:\Windows\Temp\MSI6a42a.LOG => moved successfully
C:\Windows\Temp\MSI6a42b.LOG => moved successfully
C:\Windows\Temp\MSI6ce0a.LOG => moved successfully
C:\Windows\Temp\MSI6ce0b.LOG => moved successfully
C:\Windows\Temp\MSI6df89.LOG => moved successfully
C:\Windows\Temp\MSI6df8a.LOG => moved successfully
C:\Windows\Temp\MSI6df8b.LOG => moved successfully
C:\Windows\Temp\MSI71f.LOG => moved successfully
C:\Windows\Temp\MSI720.LOG => moved successfully
C:\Windows\Temp\MSI75c10.LOG => moved successfully
C:\Windows\Temp\MSI75c11.LOG => moved successfully
C:\Windows\Temp\MSI77342.LOG => moved successfully
C:\Windows\Temp\MSI7955b.LOG => moved successfully
C:\Windows\Temp\MSI7955c.LOG => moved successfully
C:\Windows\Temp\MSI79b2c.LOG => moved successfully
C:\Windows\Temp\MSI7af4f.LOG => moved successfully
C:\Windows\Temp\MSI7af50.LOG => moved successfully
C:\Windows\Temp\MSI7cf72.LOG => moved successfully
C:\Windows\Temp\MSI7cf73.LOG => moved successfully
C:\Windows\Temp\MSI7cf74.LOG => moved successfully
C:\Windows\Temp\MSI7d7b.LOG => moved successfully
C:\Windows\Temp\MSI7d7c.LOG => moved successfully
C:\Windows\Temp\MSI7f206.LOG => moved successfully
C:\Windows\Temp\MSI7f207.LOG => moved successfully
C:\Windows\Temp\MSI7f6ca.LOG => moved successfully
C:\Windows\Temp\MSI7f6cb.LOG => moved successfully
C:\Windows\Temp\MSI8081b.LOG => moved successfully
C:\Windows\Temp\MSI8081c.LOG => moved successfully
C:\Windows\Temp\MSI8343.LOG => moved successfully
C:\Windows\Temp\MSI8344.LOG => moved successfully
C:\Windows\Temp\MSI83707.LOG => moved successfully
C:\Windows\Temp\MSI89903.LOG => moved successfully
C:\Windows\Temp\MSI89904.LOG => moved successfully
C:\Windows\Temp\MSI8dda1.LOG => moved successfully
C:\Windows\Temp\MSI8dda2.LOG => moved successfully
C:\Windows\Temp\MSI8e1c5.LOG => moved successfully
C:\Windows\Temp\MSI8e1c6.LOG => moved successfully
C:\Windows\Temp\MSI8fdd2.LOG => moved successfully
C:\Windows\Temp\MSI8fdd3.LOG => moved successfully
C:\Windows\Temp\MSI90eb0.LOG => moved successfully
C:\Windows\Temp\MSI90eb1.LOG => moved successfully
C:\Windows\Temp\MSI90eb2.LOG => moved successfully
C:\Windows\Temp\MSI90eb3.LOG => moved successfully
C:\Windows\Temp\MSI90eb4.LOG => moved successfully
C:\Windows\Temp\MSI91fb5.LOG => moved successfully
C:\Windows\Temp\MSI91fb6.LOG => moved successfully
C:\Windows\Temp\MSI922db.LOG => moved successfully
C:\Windows\Temp\MSI922dc.LOG => moved successfully
C:\Windows\Temp\MSI922dd.LOG => moved successfully
C:\Windows\Temp\MSI9512b.LOG => moved successfully
C:\Windows\Temp\MSI9512c.LOG => moved successfully
C:\Windows\Temp\MSI959eb.LOG => moved successfully
C:\Windows\Temp\MSI959ec.LOG => moved successfully
C:\Windows\Temp\MSI95b63.LOG => moved successfully
C:\Windows\Temp\MSI95b64.LOG => moved successfully
C:\Windows\Temp\MSI9665f.LOG => moved successfully
C:\Windows\Temp\MSI96660.LOG => moved successfully
C:\Windows\Temp\MSI96661.LOG => moved successfully
C:\Windows\Temp\MSI972d5.LOG => moved successfully
C:\Windows\Temp\MSI972d6.LOG => moved successfully
C:\Windows\Temp\MSI97a6e.LOG => moved successfully
C:\Windows\Temp\MSI97a6f.LOG => moved successfully
C:\Windows\Temp\MSI98cfa.LOG => moved successfully
C:\Windows\Temp\MSI98cfb.LOG => moved successfully
C:\Windows\Temp\MSI98cfc.LOG => moved successfully
C:\Windows\Temp\MSI98fec.LOG => moved successfully
C:\Windows\Temp\MSI98fed.LOG => moved successfully
C:\Windows\Temp\MSI99f48.LOG => moved successfully
C:\Windows\Temp\MSI99f49.LOG => moved successfully
C:\Windows\Temp\MSI9a154.LOG => moved successfully
C:\Windows\Temp\MSI9a155.LOG => moved successfully
C:\Windows\Temp\MSI9dae4.LOG => moved successfully
C:\Windows\Temp\MSI9dae5.LOG => moved successfully
C:\Windows\Temp\MSI9f814.LOG => moved successfully
C:\Windows\Temp\MSI9f815.LOG => moved successfully
C:\Windows\Temp\MSIa098f.LOG => moved successfully
C:\Windows\Temp\MSIa0990.LOG => moved successfully
C:\Windows\Temp\MSIa2930.LOG => moved successfully
C:\Windows\Temp\MSIa2931.LOG => moved successfully
C:\Windows\Temp\MSIa78d.LOG => moved successfully
C:\Windows\Temp\MSIa78e.LOG => moved successfully
C:\Windows\Temp\MSIaace7.LOG => moved successfully
C:\Windows\Temp\MSIaace8.LOG => moved successfully
C:\Windows\Temp\MSIab7da.LOG => moved successfully
C:\Windows\Temp\MSIab7db.LOG => moved successfully
C:\Windows\Temp\MSIac00a.LOG => moved successfully
C:\Windows\Temp\MSIac00b.LOG => moved successfully
C:\Windows\Temp\MSIae6d2.LOG => moved successfully
C:\Windows\Temp\MSIae6d3.LOG => moved successfully
C:\Windows\Temp\MSIae6d4.LOG => moved successfully
C:\Windows\Temp\MSIaec12.LOG => moved successfully
C:\Windows\Temp\MSIaec13.LOG => moved successfully
C:\Windows\Temp\MSIaec14.LOG => moved successfully
C:\Windows\Temp\MSIaec15.LOG => moved successfully
C:\Windows\Temp\MSIaec16.LOG => moved successfully
C:\Windows\Temp\MSIafb7c.LOG => moved successfully
C:\Windows\Temp\MSIafb7d.LOG => moved successfully
C:\Windows\Temp\MSIb4407.LOG => moved successfully
C:\Windows\Temp\MSIb4408.LOG => moved successfully
C:\Windows\Temp\MSIb6875.LOG => moved successfully
C:\Windows\Temp\MSIb6876.LOG => moved successfully
C:\Windows\Temp\MSIb694f.LOG => moved successfully
C:\Windows\Temp\MSIb6950.LOG => moved successfully
C:\Windows\Temp\MSIb7942.LOG => moved successfully
C:\Windows\Temp\MSIb7943.LOG => moved successfully
C:\Windows\Temp\MSIb7944.LOG => moved successfully
C:\Windows\Temp\MSIbc32c.LOG => moved successfully
C:\Windows\Temp\MSIbc32d.LOG => moved successfully
C:\Windows\Temp\MSIbfc1f.LOG => moved successfully
C:\Windows\Temp\MSIbfc20.LOG => moved successfully
C:\Windows\Temp\MSIc14a6.LOG => moved successfully
C:\Windows\Temp\MSIc14a7.LOG => moved successfully
C:\Windows\Temp\MSIc1945.LOG => moved successfully
C:\Windows\Temp\MSIc1946.LOG => moved successfully
C:\Windows\Temp\MSIc1947.LOG => moved successfully
C:\Windows\Temp\MSIc1e5c.LOG => moved successfully
C:\Windows\Temp\MSIc1e5d.LOG => moved successfully
C:\Windows\Temp\MSIc52fa.LOG => moved successfully
C:\Windows\Temp\MSIc52fb.LOG => moved successfully
C:\Windows\Temp\MSIc5476.LOG => moved successfully
C:\Windows\Temp\MSIc5477.LOG => moved successfully
C:\Windows\Temp\MSIc7a10.LOG => moved successfully
C:\Windows\Temp\MSIc7a11.LOG => moved successfully
C:\Windows\Temp\MSIc7a39.LOG => moved successfully
C:\Windows\Temp\MSIc7a3a.LOG => moved successfully
C:\Windows\Temp\MSIc7a3b.LOG => moved successfully
C:\Windows\Temp\MSIc9c41.LOG => moved successfully
C:\Windows\Temp\MSIc9c42.LOG => moved successfully
C:\Windows\Temp\MSIcb630.LOG => moved successfully
C:\Windows\Temp\MSIcb631.LOG => moved successfully
C:\Windows\Temp\MSIcf0db.LOG => moved successfully
C:\Windows\Temp\MSIcf0dc.LOG => moved successfully
C:\Windows\Temp\MSIcf9c9.LOG => moved successfully
C:\Windows\Temp\MSIcf9ca.LOG => moved successfully
C:\Windows\Temp\MSId0fd4.LOG => moved successfully
C:\Windows\Temp\MSId0fd5.LOG => moved successfully
C:\Windows\Temp\MSId0fd6.LOG => moved successfully
C:\Windows\Temp\MSId0fd7.LOG => moved successfully
C:\Windows\Temp\MSId0fd8.LOG => moved successfully
C:\Windows\Temp\MSId8a7b.LOG => moved successfully
C:\Windows\Temp\MSId8a7c.LOG => moved successfully
C:\Windows\Temp\MSIda21d.LOG => moved successfully
C:\Windows\Temp\MSIda21e.LOG => moved successfully
C:\Windows\Temp\MSIda6d9.LOG => moved successfully
C:\Windows\Temp\MSIdc58b.LOG => moved successfully
C:\Windows\Temp\MSIdc58c.LOG => moved successfully
C:\Windows\Temp\MSIdf2f3.LOG => moved successfully
C:\Windows\Temp\MSIdf2f4.LOG => moved successfully
C:\Windows\Temp\MSIdf33d.LOG => moved successfully
C:\Windows\Temp\MSIdf33e.LOG => moved successfully
C:\Windows\Temp\MSIdf992.LOG => moved successfully
C:\Windows\Temp\MSIdf993.LOG => moved successfully
C:\Windows\Temp\MSIe1977.LOG => moved successfully
C:\Windows\Temp\MSIe1978.LOG => moved successfully
C:\Windows\Temp\MSIe3246.LOG => moved successfully
C:\Windows\Temp\MSIe3247.LOG => moved successfully
C:\Windows\Temp\MSIe384b.LOG => moved successfully
C:\Windows\Temp\MSIe384c.LOG => moved successfully
C:\Windows\Temp\MSIe3cf7.LOG => moved successfully
C:\Windows\Temp\MSIe3cf8.LOG => moved successfully
C:\Windows\Temp\MSIe5647.LOG => moved successfully
C:\Windows\Temp\MSIe5648.LOG => moved successfully
C:\Windows\Temp\MSIe5649.LOG => moved successfully
C:\Windows\Temp\MSIe564a.LOG => moved successfully
C:\Windows\Temp\MSIe564b.LOG => moved successfully
C:\Windows\Temp\MSIe5947.LOG => moved successfully
C:\Windows\Temp\MSIe5948.LOG => moved successfully
C:\Windows\Temp\MSIe6e4d.LOG => moved successfully
C:\Windows\Temp\MSIe6e4e.LOG => moved successfully
C:\Windows\Temp\MSIe7db6.LOG => moved successfully
C:\Windows\Temp\MSIe7db7.LOG => moved successfully
C:\Windows\Temp\MSIe7f1b.LOG => moved successfully
C:\Windows\Temp\MSIe7f1c.LOG => moved successfully
C:\Windows\Temp\MSIe9045.LOG => moved successfully
C:\Windows\Temp\MSIe9046.LOG => moved successfully
C:\Windows\Temp\MSIea00b.LOG => moved successfully
C:\Windows\Temp\MSIea00c.LOG => moved successfully
C:\Windows\Temp\MSIeaa39.LOG => moved successfully
C:\Windows\Temp\MSIeaa3a.LOG => moved successfully
C:\Windows\Temp\MSIeb0f5.LOG => moved successfully
C:\Windows\Temp\MSIeb0f6.LOG => moved successfully
C:\Windows\Temp\MSIebe65.LOG => moved successfully
C:\Windows\Temp\MSIebe66.LOG => moved successfully
C:\Windows\Temp\MSIed9dc.LOG => moved successfully
C:\Windows\Temp\MSIed9dd.LOG => moved successfully
C:\Windows\Temp\MSIee08d.LOG => moved successfully
C:\Windows\Temp\MSIee08e.LOG => moved successfully
C:\Windows\Temp\MSIef585.LOG => moved successfully
C:\Windows\Temp\MSIef586.LOG => moved successfully
C:\Windows\Temp\MSIef587.LOG => moved successfully
C:\Windows\Temp\MSIef588.LOG => moved successfully
C:\Windows\Temp\MSIef589.LOG => moved successfully
C:\Windows\Temp\MSIf07ae.LOG => moved successfully
C:\Windows\Temp\MSIf0bf3.LOG => moved successfully
C:\Windows\Temp\MSIf0bf4.LOG => moved successfully
C:\Windows\Temp\MSIf0bf5.LOG => moved successfully
C:\Windows\Temp\MSIf0f25.LOG => moved successfully
C:\Windows\Temp\MSIf0f26.LOG => moved successfully
C:\Windows\Temp\MSIf6fad.LOG => moved successfully
C:\Windows\Temp\MSIf6fae.LOG => moved successfully
C:\Windows\Temp\MSIf7ba9.LOG => moved successfully
C:\Windows\Temp\MSIf7baa.LOG => moved successfully
C:\Windows\Temp\MSIf8743.LOG => moved successfully
C:\Windows\Temp\MSIf8744.LOG => moved successfully
C:\Windows\Temp\MSIf8745.LOG => moved successfully
C:\Windows\Temp\MSIfa133.LOG => moved successfully
C:\Windows\Temp\MSIfa729.LOG => moved successfully
C:\Windows\Temp\MSIfa72a.LOG => moved successfully
C:\Windows\Temp\MSIfd4c3.LOG => moved successfully
C:\Windows\Temp\MSIfd4c4.LOG => moved successfully
C:\Windows\Temp\RGI3205.tmp => moved successfully
C:\Windows\Temp\RGI3205.tmp-tmp => moved successfully
C:\Windows\Temp\RGI77F9.tmp => moved successfully
C:\Windows\Temp\RGI77F9.tmp-tmp => moved successfully
C:\Windows\Temp\RGI98F3.tmp => moved successfully
C:\Windows\Temp\RGI98F3.tmp-tmp => moved successfully
C:\Windows\Temp\RGIC04A.tmp => moved successfully
C:\Windows\Temp\RGIC04A.tmp-tmp => moved successfully
C:\Windows\Temp\RGIDA63.tmp => moved successfully
C:\Windows\Temp\RGIDA63.tmp-tmp => moved successfully
C:\Windows\Temp\RGIFDE4.tmp => moved successfully
C:\Windows\Temp\RGIFDE4.tmp-tmp => moved successfully
C:\Windows\Temp\TFR3E58.tmp => moved successfully
C:\Windows\Temp\TFR3EA6.tmp => moved successfully
C:\Windows\Temp\TFR6439.tmp => moved successfully
C:\Windows\Temp\TFR6DBD.tmp => moved successfully
C:\Windows\Temp\TFR7F60.tmp => moved successfully
C:\Windows\Temp\TFRD2AD.tmp => moved successfully
C:\Windows\Temp\TFRE293.tmp => moved successfully
C:\Windows\Temp\VisioCA.log => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50315945 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 4025956 B
Edge => 0 B
Chrome => 8763140 B
Firefox => 582832870 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 4488 B
Ed => 408354351 B
RecycleBin => 0 B
EmptyTemp: => 1017.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:22:10 ====
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build: 08-30-2018
# Database: 2018-08-30.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-14-2018
# Duration: 00:00:15
# OS: Windows 7 Home Premium
# Cleaned: 174
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\END
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp2007.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp-hq.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp-download-now.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp2007.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp-hq.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp-download-now.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp2007.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp-hq.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\winamp-download-now.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted Ask
Deleted AOL
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [24745 octets] - [14/10/2018 12:47:43]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
RogueKiller V12.13.4.0 [Oct 8 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Ed [Administrator]
Started from : C:\Users\Ed\Desktop\RogueKiller_portable32.exe
Mode : Delete -- Date : 10/14/2018 13:03:55 (Duration : 00:52:05)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] 259s4omg.default-1479757157401-1521739273796 : user_pref("browser.startup.homepage", "www.toast.net/start"); -> Replaced (about:home)
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++
--- User ---
[MBR] 0ca11b9123e05cfef88bb9f1d87d8255
[BSP] 7aadc9b130d3831ed8795562e918dbf1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 3450 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 7067648 | Size: 301793 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SanDisk Ultra USB Device +++++
--- User ---
[MBR] b2a5207711aaeee8437ff9e9e721809e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 21952 | Size: 59285 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
OK, hope that helped.
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Read over this below article to see if it helps with the Firefox script
https://support.mozilla.org/en-US/kb/warning-unresponsive-script
Let me know how the computer is behaving now.
gin_jammer
2018-10-16, 22:43
Before I try #4, my internet start page has been changed and I may only navigate Internet, like getting to this forum, with bookmarks, if I can find them. Most often when I try to get to a site, Firefox says it can't find that site. Should I try to reinstall Firefox? Suggestions?
Before I try #4, my internet start page has been changed and I may only navigate Internet, like getting to this forum, with bookmarks, if I can find them. Most often when I try to get to a site, Firefox says it can't find that site. Should I try to reinstall Firefox? Suggestions?
Try going through some help tips with the below FireFox help article.
Websites don't load - troubleshoot and fix error messages
https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors
Have you tried using Internet Explorer?
https://support.mozilla.org/en-US/kb/how-to-set-the-home-page
The above link will show you how to reset your Firefox home page.
gin_jammer
2018-10-17, 03:16
The website in #6 was helpful. Thanks! I think I may have the laptop running as well as it was when we started this thread. If it's still behaving this well tomorrow, I'll go back to #4 and try to follow your instructions.
gin_jammer
2018-10-26, 14:52
I discovered that much of my problem was being caused by my ISP. They admitted that their network had been intermittent (in my neighborhood) and worked on it for days. They also admitted that my cable modem should have been upgraded when they bought out my former ISP, and they gave me a new supposedly faster one.
That behind me, yesterday I downloaded Emsisoft Emergency Kit, and as Administrator, ran emergency kit scanner. Emsisoft scanner found nothing, so there was nothing in the log. I downloaded and installed the Emsisoft Anti-malware, and this seemed to trigger a violent reaction. I was unable to control laptop from keyboard for so long (about an hour) that I did a restart. Once it had rebooted, which appeared to be normal, it ran so slow that I could not do anything.
I noticed the Hard Drive light ON continuously rather than blinking like normal, so I ran the Task Manager, which opened but extremely slowly.It showed only the Task Manager running, but CPU Usage was 45-70% and occasionally 100%. Physical memory usage was 1.47-1.57 GB. I attempted to get a screen shot of Task Manager, and the laptop was so slow that it proved impossible.
I let the system run undisturbed, and after about half an hour was able to open Mozilla Thunderbird and send/receive e-mail.
This morning when I ran my browser (Mozilla Firefox), it launched and connected to the Internet nearly normally, so I ran the Task Manager and made a screen shot of its Performance Screen, which is attached. While I was formatting and cropping the attached image, an Emsisoft popup suggested that Adobe Photoshop is malware.
Suggestions?
yesterday I downloaded Emsisoft Emergency Kit, and as Administrator, ran emergency kit scanner. Emsisoft scanner found nothing, so there was nothing in the log. I downloaded and installed the Emsisoft Anti-malware, and this seemed to trigger a violent reaction. I was unable to control laptop from keyboard for so long (about an hour) that I did a restart. Once it had rebooted, which appeared to be normal, it ran so slow that I could not do anything.
It's possible it's running into interference with already onboard AVG Antivirus and Malwarebytes version 3.5.1.2522, which is an onboard anti-malware app.
If you want to keep and use Emsisoft Anti-malware it is most likely you'll have to remove MalwareBytes.
As of right now I have no idea why Adobe is being picked up as infected.
gin_jammer
2018-10-27, 17:32
I uninstalled Emsisoft. My laptop is back to merely irritating performance. It seems to take longer than normal to Start, and to launch Firefox or Thunderbird. Once they're open, operation is nearly normal.
Ever check to see if your running low on space?, hard drive?
Let me look for remnants of apps earlier removed.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
~~~~~~~~~~~~~~~`
Let's see if there are any startup items we can disable to improve performance.
Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/
Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
~~~~~~~~~~~~~~
gin_jammer
2018-10-28, 13:24
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:19:34 AM, on 10/28/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
FIREFOX: 63.0 (x86 en-US)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVG\Antivirus\AVGUI.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\AVG\Secure VPN\Vpn.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ed\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AVG Secure VPN.lnk = C:\Program Files\AVG\Secure VPN\Vpn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9604640-2540-4F90-BBFC-7E5BF9549C72}: NameServer = 77.234.40.79
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\aswidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: AVG Secure VPN (SecureVpn) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Secure VPN\VpnSvc.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
--
End of file - 6217 bytes
***
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-10-25 00:13
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24.10.2018
Ran by Ed (28-10-2018 07:56:32)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.7.3069 - AVG Technologies)
AVG PC TuneUp (HKLM\...\{AE6EF87B-C5FF-4C07-AAB4-D8FA97AD1CAA}) (Version: 16.79.1 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.79.3.36215 - AVG Technologies)
AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.2.632 - AVG)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
FMW 1 (HKLM\...\{C22DCE85-A6B0-4D3D-81AC-460D7726CCA5}) (Version: 1.227.45 - AVG Technologies) Hidden
Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2017 (HKLM\...\{16CC23D8-0CC6-4934-AA1F-B79AE31C405F}) (Version: 17.04.7601 - HRB Technology, LLC.)
iCloud (HKLM\...\{41F9DCCB-2880-455B-BE44-616D221A0907}) (Version: 7.6.0.15 - Apple Inc.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
iTunes (HKLM\...\{F9FEA709-DE8A-4ECB-A57B-FB2604EF24FB}) (Version: 12.7.3.46 - Apple Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 63.0 (x86 en-US) (HKLM\...\Mozilla Firefox 63.0 (x86 en-US)) (Version: 63.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.0.6865 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.28 (HKLM\...\Skype_is1) (Version: 8.28 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-10-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-15] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-10-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00587C43-504F-45D2-BC47-1CB8C8368DD2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-16] (AVG Technologies CZ, s.r.o.)
Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {0AAAE6BF-B1B7-41A7-BB05-F2530F666178} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-10-22] (AVG Technologies CZ, s.r.o.)
Task: {2D8E2A7D-4CA7-49EC-8DAA-7959C38DD9E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-13] (Adobe Systems Incorporated)
Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {5791A7E9-AF24-49A0-9DD0-719571AC1CDE} - System32\Tasks\{416A5D32-82D3-40D7-9405-AFF201723BF7} => C:\Windows\system32\pcalua.exe -a C:\Users\Ed\Desktop\HijackThis.exe -d C:\Users\Ed\Desktop
Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {6BC8DC70-50EB-42F9-B736-2899ED27BD82} - System32\Tasks\AVG Secure VPN Update => C:\Program Files\AVG\Secure VPN\VpnUpdate.exe [2018-10-08] (AVG Technologies CZ, s.r.o.)
Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2018-06-26] (Apple Inc.)
Task: {EACC9B78-691D-4701-B1EF-EBB9D8B49235} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2018-10-10] (AVG Technologies CZ, s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-01-16 20:11 - 2013-01-15 00:47 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-10-22 16:26 - 2018-10-22 16:26 - 000919312 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-10-22 16:26 - 2018-10-22 16:27 - 000595728 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-10-22 16:26 - 2018-10-22 16:26 - 000496912 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-22 16:26 - 2018-10-22 16:26 - 001112336 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-10-27 08:31 - 2018-10-27 08:31 - 005693128 _____ () C:\Program Files\AVG\Antivirus\defs\18102702\algo.dll
2016-04-13 17:25 - 2016-04-13 17:25 - 000036864 _____ () C:\Windows\System32\pdf995mon.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 000326144 _____ () C:\Program Files\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 15:32 - 2017-03-28 15:32 - 000073216 _____ () C:\Program Files\Garmin\Device Interaction Service\FixBootSector.dll
2016-12-02 19:14 - 2016-12-02 19:14 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-12-03 12:28 - 2016-09-13 15:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-03-14 09:48 - 2018-03-14 09:48 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2017-12-03 12:28 - 2017-05-12 12:36 - 000507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2018-06-27 21:01 - 2018-06-27 21:00 - 067127976 _____ () C:\Program Files\AVG\Secure VPN\libcef.dll
2018-10-14 12:40 - 2018-10-25 22:05 - 002225368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-14 12:40 - 2018-10-25 22:05 - 002312648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7816 more sites.
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com
There are 7816 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2018-10-16 07:58 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 75.114.81.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80ECA08B-FB7B-4435-9E54-09F72EC1EA40}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3A56F231-0455-4CB6-ADF7-186661B5A4DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{29DCD986-D2D4-4E4C-A496-5A99584B85E3}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3748A6F8-53E4-46FB-BF30-9EEE858836E0}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{48AB0D36-565C-4831-B4A9-63A9BC02600D}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{0C9B3188-57EB-46B1-AEA3-60B91FCB4DB0}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{7FC8477C-1D84-4186-914B-95E7F0843C57}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{545A9E27-61A8-4D5E-8E75-B8CE4461D653}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
22-10-2018 00:00:13 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: AVG TAP Adapter v3
Description: AVG TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: avgTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/28/2018 04:20:04 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (10/28/2018 04:19:59 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (10/28/2018 03:11:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x4bc
Faulting application start time: 0x01d46e8d5f72846e
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: a440b888-da80-11e8-9b66-00226817a818
Error: (10/28/2018 03:11:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
Error: (10/27/2018 04:27:38 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (10/27/2018 04:27:34 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (10/27/2018 03:43:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x2dc4
Faulting application start time: 0x01d46dc8c6fe91c3
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 0aa312ca-d9bc-11e8-9bda-00226817a818
Error: (10/27/2018 03:43:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
System errors:
=============
Error: (10/27/2018 08:29:58 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
Error: (10/27/2018 08:27:51 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
Error: (10/25/2018 05:22:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (10/25/2018 05:21:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (10/25/2018 05:19:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (10/25/2018 05:18:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (10/25/2018 05:17:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (10/25/2018 05:16:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
CodeIntegrity:
===================================
Date: 2018-10-27 07:49:14.955
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-27 07:20:43.387
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 13:50:05.760
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 13:05:44.012
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 12:52:31.103
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 12:41:56.706
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 12:22:16.510
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 11:22:36.604
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 77%
Total physical RAM: 1944.03 MB
Available physical RAM: 429.57 MB
Total Virtual: 3888.06 MB
Available Virtual: 1299.19 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:232.83 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.18 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32
\\?\Volume{0c055244-2ff0-11e5-bcc9-806e6f6e6963}\ (System) (Fixed) (Total:3.37 GB) (Free:0.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 57.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)
==================== End of Addition.txt ============================
Do you use AVG Secure VPN for your work? Do you need this application?
*******************************************************
Typically, these entries are infrequently used tasks that can be started manually, if necessary.
Removing/disabling these items from statup will help with system resources.
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Reboot the computer to set the registry.
*********************************************
In part of the log you provided I can see a few files left over by Emsisoft.
In the rare case of an incomplete uninstall, you can use the Emsisoft Uninstall Tool (emsiclean.exe) to remove any remaining traces of the program as long as the installation was performed using the default path of Program Files or Program Files (x86). Be sure to run the tool with Administrative rights.
Emsisoft Uninstall Tool (emsiclean.exe) (http://tmp.emsisoft.com/fw/emsiclean.exe)
Emsisoft Emsiclean alternate download link (http://www.majorgeeks.com/files/details/emsisoft_emsiclean.html)
****************************
Take care of the above first then, please post the FRST.txt log again, Most of the log was missing.
The additions log was good no need to post it again.
gin_jammer
2018-11-02, 20:55
After running HijackThis with the six lines checked, did system re-boot. Then, downloaded emsiclean.exe, however I dont see how to use it to remove traces of Emsisoft.
Upon completion of the scan, if any products have been found, Emsiclean will save a log to your desktop when it closes for further review
Did you see this?
No problem really. We can use another tool to find left overs.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
How is the computer now?
gin_jammer
2018-11-03, 13:42
I did not see anything after Emsiclean scan.
**
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.10.2018
Ran by Ed (administrator) on ED-PC (03-11-2018 08:28:25)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(ReimageŽ) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(ReimageŽ) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\Vpn.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\VpnSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219888 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [290064 2018-10-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2018-02-22]
ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies CZ, s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 75.114.81.1
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 209.18.47.62 75.114.81.1
Tcpip\..\Interfaces\{C9604640-2540-4F90-BBFC-7E5BF9549C72}: [NameServer] 77.234.40.79
Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
FireFox:
========
FF DefaultProfile: x7m2e23j.default-1479757157401-1540563027929
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\x7m2e23j.default-1479757157401-1540563027929 [2018-11-03]
FF Homepage: Mozilla\Firefox\Profiles\x7m2e23j.default-1479757157401-1540563027929 -> www.toast.net/start
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default [2018-11-02]
CHR Extension: (Slides) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-15]
CHR Extension: (Docs) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-15]
CHR Extension: (Google Drive) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-15]
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-15]
CHR Extension: (Sheets) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Skype) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-26]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-11]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [325072 2018-10-22] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6848528 2018-10-22] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189832 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7027568 2018-02-08] (ReimageŽ)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SecureVpn; C:\Program Files\AVG\Secure VPN\VpnSvc.exe [6997632 2018-10-08] (AVG Technologies CZ, s.r.o.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [5229408 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [38752 2018-10-10] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [167504 2018-10-22] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [189320 2018-10-22] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [165920 2018-10-22] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [284272 2018-10-22] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [57920 2018-10-22] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [42760 2018-10-22] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [40712 2018-10-22] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [135216 2018-10-22] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [101008 2018-10-22] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [72816 2018-10-22] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [784576 2018-10-22] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [396984 2018-10-22] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [156960 2018-10-22] (AVG Technologies CZ, s.r.o.)
S3 avgTap; C:\Windows\System32\DRIVERS\avgTap.sys [49136 2017-12-05] (The OpenVPN Project)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [310736 2018-10-22] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-11-03] (Malwarebytes)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-03 08:25 - 2018-11-03 08:25 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-02 15:34 - 2018-11-02 15:34 - 000000000 ____D C:\ProgramData\Reimage Protector
2018-11-02 15:33 - 2018-11-02 15:35 - 000000000 ____D C:\rei
2018-11-02 15:33 - 2018-11-02 15:34 - 000000000 ____D C:\Program Files\Reimage
2018-11-02 15:33 - 2018-11-02 15:33 - 000001961 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2018-11-02 15:33 - 2018-11-02 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2018-11-02 15:32 - 2018-11-02 15:35 - 000000150 _____ C:\Windows\Reimage.ini
2018-11-02 15:29 - 2018-11-02 15:29 - 000605424 _____ (Reimage) C:\Users\Ed\Downloads\ReimageRepair.exe
2018-11-02 15:06 - 2018-11-02 15:06 - 000000000 ____D C:\Users\Ed\Desktop\backups
2018-10-28 08:15 - 2018-10-28 08:16 - 000388608 _____ (Trend Micro Inc.) C:\Users\Ed\Desktop\HijackThis.exe
2018-10-28 07:56 - 2018-10-28 07:58 - 000036493 _____ C:\Users\Ed\Desktop\Addition.txt
2018-10-28 07:53 - 2018-10-28 07:53 - 000000000 ____D C:\Users\Ed\Desktop\FRST-OlderVersion
2018-10-26 10:12 - 2018-10-27 07:20 - 000007599 _____ C:\Users\Ed\AppData\Local\Resmon.ResmonCfg
2018-10-25 16:54 - 2018-10-25 16:59 - 000175876 _____ C:\Windows\ntbtlog.txt
2018-10-25 14:56 - 2018-10-25 14:56 - 000002252 _____ C:\Users\Ed\Desktop\Forensics_181025-145513.txt
2018-10-25 14:23 - 2018-10-25 14:51 - 000000000 ____D C:\EEK
2018-10-25 09:25 - 2018-10-25 09:27 - 351717776 _____ C:\Users\Ed\Downloads\EmsisoftEmergencyKit.exe
2018-10-22 16:28 - 2018-10-22 16:27 - 000040712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2018-10-22 16:27 - 2018-10-22 16:27 - 000323344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-10-14 12:59 - 2018-10-14 13:00 - 022795832 _____ (Adlice Software) C:\Users\Ed\Desktop\RogueKiller_portable32.exe
2018-10-14 12:42 - 2018-10-14 12:42 - 007567568 _____ (Malwarebytes) C:\Users\Ed\Desktop\AdwCleaner.exe
2018-10-14 12:41 - 2018-10-14 12:41 - 000000000 ____D C:\Users\Ed\AppData\Local\mbam
2018-10-14 12:40 - 2018-10-25 22:05 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-10-14 12:40 - 2018-10-14 12:40 - 000001987 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-14 12:40 - 2018-10-14 12:40 - 000000000 ____D C:\Users\Ed\AppData\Local\mbamtray
2018-10-14 12:40 - 2018-10-14 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-14 12:18 - 2018-10-14 12:22 - 000023740 _____ C:\Users\Ed\Desktop\Fixlog.txt
2018-10-09 22:41 - 2018-09-19 04:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2018-10-09 22:41 - 2018-09-11 14:23 - 002404864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-09 22:41 - 2018-09-11 14:20 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-09 22:41 - 2018-09-11 14:20 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-09 22:41 - 2018-09-08 20:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-10-09 22:41 - 2018-09-08 20:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-09 22:41 - 2018-09-08 20:46 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-09 22:41 - 2018-09-08 20:46 - 001214152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-09 22:41 - 2018-09-08 20:46 - 000730824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-09 22:41 - 2018-09-08 20:46 - 000219336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-09 22:41 - 2018-09-08 20:46 - 000189640 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-10-09 22:41 - 2018-09-08 20:46 - 000189640 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-09 22:41 - 2018-09-08 20:46 - 000137928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-09 22:41 - 2018-09-08 20:46 - 000136392 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-10-09 22:41 - 2018-09-08 20:46 - 000067272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-09 22:41 - 2018-09-08 20:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-09 22:41 - 2018-09-08 20:44 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-09 22:41 - 2018-09-08 20:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-09 22:41 - 2018-09-08 20:44 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-09 22:41 - 2018-09-08 20:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-09 22:41 - 2018-09-08 20:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-09 22:41 - 2018-09-08 20:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-09 22:41 - 2018-09-08 20:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-09 22:41 - 2018-09-08 20:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-09 22:41 - 2018-09-08 20:42 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-09 22:41 - 2018-09-08 20:42 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-09 22:41 - 2018-09-08 20:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-09 22:41 - 2018-09-08 20:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-09 22:41 - 2018-09-08 20:18 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-09 22:41 - 2018-09-08 20:18 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-09 22:41 - 2018-09-08 20:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-09 22:41 - 2018-09-08 20:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-09 22:41 - 2018-09-08 20:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-09 22:41 - 2018-09-08 20:16 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-09 22:41 - 2018-09-08 20:15 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-09 22:41 - 2018-09-08 20:13 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-09 22:41 - 2018-09-08 20:12 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-09 22:41 - 2018-09-08 20:12 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-09 22:41 - 2018-09-08 20:12 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-09 22:41 - 2018-09-08 20:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-10-09 22:41 - 2018-09-08 20:12 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-09 22:41 - 2018-09-08 20:12 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-09 22:41 - 2018-09-08 20:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-09 22:41 - 2018-09-08 20:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-09 22:41 - 2018-09-08 20:12 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-09 22:41 - 2018-08-28 02:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-09 22:41 - 2018-08-28 02:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-09 22:41 - 2018-08-28 01:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-09 22:41 - 2018-08-28 01:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-09 22:41 - 2018-08-28 01:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-09 22:41 - 2018-08-15 22:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-09 22:41 - 2018-08-13 17:48 - 000940784 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-09 22:41 - 2018-08-13 11:41 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-09 22:41 - 2018-08-12 16:17 - 000122536 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-09 22:41 - 2018-08-12 16:13 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-09 22:41 - 2018-08-08 11:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-09 22:41 - 2018-08-08 11:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-10-07 11:11 - 2018-10-07 11:12 - 005198336 _____ (AVAST Software) C:\Users\Ed\Desktop\aswMBR.exe
2018-10-07 10:49 - 2018-11-03 08:31 - 000011557 _____ C:\Users\Ed\Desktop\FRST.txt
2018-10-07 10:09 - 2018-10-28 07:53 - 001774592 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2018-10-07 10:01 - 2018-10-07 10:01 - 000066883 _____ C:\Users\Ed\Desktop\fGdFB7Zt.htm
2018-10-07 09:58 - 2018-10-07 09:58 - 000000000 ____D C:\RegBackup
2018-10-07 09:57 - 2018-10-07 09:57 - 000002148 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-10-07 09:55 - 2018-10-09 09:00 - 000001653 _____ C:\Users\Ed\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
2018-10-07 09:52 - 2018-10-07 09:53 - 005766144 _____ (Tweaking.com) C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
2018-10-07 09:47 - 2018-10-07 09:47 - 000005757 _____ C:\Users\Ed\Desktop\Tashi posting instructions.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-03 08:28 - 2018-03-25 08:44 - 000000000 ____D C:\FRST
2018-11-03 08:24 - 2016-11-19 16:24 - 000000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
2018-11-03 08:24 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-03 07:25 - 2009-07-14 00:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-03 07:25 - 2009-07-14 00:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-02 15:13 - 2017-05-19 16:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-02 15:13 - 2015-08-10 16:54 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-10-31 08:53 - 2017-12-25 11:33 - 000000000 ____D C:\Users\Ed\AppData\Local\CrashDumps
2018-10-28 07:56 - 2015-07-21 16:26 - 000000000 ____D C:\Users\Ed\Desktop\Unused Icons
2018-10-27 08:24 - 2017-12-21 14:27 - 000000000 ____D C:\ProgramData\Emsisoft
2018-10-26 10:10 - 2016-11-21 15:39 - 000000000 ____D C:\Users\Ed\Desktop\Old Firefox Data
2018-10-25 17:23 - 2017-05-29 15:13 - 000000000 _____ C:\Windows\system32\last.dump
2018-10-23 13:19 - 2015-07-22 09:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-22 16:27 - 2017-11-27 09:45 - 000167504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-10-22 16:27 - 2017-05-23 09:02 - 000396984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-10-22 16:27 - 2017-05-23 09:02 - 000310736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-10-22 16:27 - 2017-05-23 09:02 - 000156960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-10-22 16:27 - 2017-05-23 09:02 - 000135216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-10-22 16:27 - 2017-05-23 09:02 - 000101008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-10-22 16:27 - 2017-05-23 09:02 - 000072816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-10-22 16:27 - 2017-05-23 09:02 - 000042760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-10-22 16:26 - 2017-05-23 09:02 - 000784576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-10-22 16:26 - 2017-05-23 09:02 - 000284272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2018-10-22 16:26 - 2017-05-23 09:02 - 000189320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2018-10-22 16:26 - 2017-05-23 09:02 - 000165920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2018-10-22 16:26 - 2017-05-23 09:02 - 000057920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2018-10-17 12:04 - 2010-11-20 17:01 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-17 12:04 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-10-14 13:04 - 2017-12-08 12:32 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-10-14 12:47 - 2018-04-10 09:53 - 000000000 ____D C:\AdwCleaner
2018-10-10 08:57 - 2016-05-09 06:30 - 000039776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2018-10-10 08:53 - 2018-01-31 04:59 - 000038752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2018-10-10 08:53 - 2018-01-31 04:59 - 000032096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2018-10-10 04:20 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
2018-10-10 03:30 - 2009-07-14 00:33 - 000310016 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 03:05 - 2015-07-21 15:43 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 03:01 - 2015-07-21 15:43 - 133674168 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-07 09:58 - 2015-10-09 17:43 - 000066737 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2018-10-07 09:20 - 2015-07-22 09:55 - 000000000 ____D C:\Users\Ed\AppData\LocalLow\Adobe
==================== Files in the root of some directories =======
2015-12-29 22:38 - 2015-12-29 22:39 - 054113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe
2018-10-26 10:12 - 2018-10-27 07:20 - 000007599 _____ () C:\Users\Ed\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2018-10-14 13:03 - 2018-09-08 20:46 - 001310488 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll
2018-11-02 15:33 - 2018-11-02 15:33 - 013604352 _____ (Reimage) C:\Users\Ed\AppData\Local\Temp\ReimagePackage.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-10-25 00:13
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24.10.2018
Ran by Ed (03-11-2018 08:32:36)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.7.3069 - AVG Technologies)
AVG PC TuneUp (HKLM\...\{AE6EF87B-C5FF-4C07-AAB4-D8FA97AD1CAA}) (Version: 16.79.1 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.79.3.36215 - AVG Technologies)
AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.2.632 - AVG)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
FMW 1 (HKLM\...\{C22DCE85-A6B0-4D3D-81AC-460D7726CCA5}) (Version: 1.227.45 - AVG Technologies) Hidden
Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2017 (HKLM\...\{16CC23D8-0CC6-4934-AA1F-B79AE31C405F}) (Version: 17.04.7601 - HRB Technology, LLC.)
iCloud (HKLM\...\{41F9DCCB-2880-455B-BE44-616D221A0907}) (Version: 7.6.0.15 - Apple Inc.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
iTunes (HKLM\...\{F9FEA709-DE8A-4ECB-A57B-FB2604EF24FB}) (Version: 12.7.3.46 - Apple Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 63.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 63.0.1 (x86 en-US)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.8.0 - Reimage) <==== ATTENTION
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.28 (HKLM\...\Skype_is1) (Version: 8.28 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-10-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-15] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-10-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00587C43-504F-45D2-BC47-1CB8C8368DD2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-11-01] (AVG Technologies CZ, s.r.o.)
Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {0AAAE6BF-B1B7-41A7-BB05-F2530F666178} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-10-22] (AVG Technologies CZ, s.r.o.)
Task: {2D8E2A7D-4CA7-49EC-8DAA-7959C38DD9E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-13] (Adobe Systems Incorporated)
Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {5791A7E9-AF24-49A0-9DD0-719571AC1CDE} - System32\Tasks\{416A5D32-82D3-40D7-9405-AFF201723BF7} => C:\Windows\system32\pcalua.exe -a C:\Users\Ed\Desktop\HijackThis.exe -d C:\Users\Ed\Desktop
Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {6BC8DC70-50EB-42F9-B736-2899ED27BD82} - System32\Tasks\AVG Secure VPN Update => C:\Program Files\AVG\Secure VPN\VpnUpdate.exe [2018-10-08] (AVG Technologies CZ, s.r.o.)
Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {B3918475-5592-4C26-A145-75ECC97DCC74} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2018-02-08] (ReimageŽ) <==== ATTENTION
Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2018-06-26] (Apple Inc.)
Task: {EACC9B78-691D-4701-B1EF-EBB9D8B49235} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2018-10-10] (AVG Technologies CZ, s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-01-16 20:11 - 2013-01-15 00:47 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-10-22 16:26 - 2018-10-22 16:26 - 000919312 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-10-22 16:26 - 2018-10-22 16:27 - 000595728 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-11-03 03:17 - 2018-11-03 03:17 - 005713096 _____ () C:\Program Files\AVG\Antivirus\defs\18110300\algo.dll
2018-10-22 16:26 - 2018-10-22 16:26 - 000496912 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-22 16:26 - 2018-10-22 16:26 - 001112336 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-11-03 08:26 - 2018-11-03 08:26 - 005713096 _____ () C:\Program Files\AVG\Antivirus\defs\18110302\algo.dll
2016-04-13 17:25 - 2016-04-13 17:25 - 000036864 _____ () C:\Windows\System32\pdf995mon.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 000326144 _____ () C:\Program Files\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 15:32 - 2017-03-28 15:32 - 000073216 _____ () C:\Program Files\Garmin\Device Interaction Service\FixBootSector.dll
2017-12-03 12:28 - 2016-09-13 15:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-03 12:28 - 2017-05-12 12:36 - 000507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-02 19:14 - 2016-12-02 19:14 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-06-27 21:01 - 2018-06-27 21:00 - 067127976 _____ () C:\Program Files\AVG\Secure VPN\libcef.dll
2018-10-14 12:40 - 2018-10-25 22:05 - 002225368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7816 more sites.
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com
There are 7816 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2018-10-16 07:58 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 75.114.81.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80ECA08B-FB7B-4435-9E54-09F72EC1EA40}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3A56F231-0455-4CB6-ADF7-186661B5A4DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{29DCD986-D2D4-4E4C-A496-5A99584B85E3}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3748A6F8-53E4-46FB-BF30-9EEE858836E0}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{48AB0D36-565C-4831-B4A9-63A9BC02600D}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{0C9B3188-57EB-46B1-AEA3-60B91FCB4DB0}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{7FC8477C-1D84-4186-914B-95E7F0843C57}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{545A9E27-61A8-4D5E-8E75-B8CE4461D653}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
30-10-2018 00:00:06 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: AVG TAP Adapter v3
Description: AVG TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: avgTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/03/2018 04:54:10 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (11/03/2018 04:53:57 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.
Error: (11/03/2018 02:43:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x1024
Faulting application start time: 0x01d4734085a2253a
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: c953188c-df33-11e8-af7b-00226817a818
Error: (11/03/2018 02:43:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
Error: (11/02/2018 04:54:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x4550
Faulting application start time: 0x01d472898d475e7e
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: d8bf1693-de7c-11e8-9b66-00226817a818
Error: (11/02/2018 04:54:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
Error: (11/01/2018 04:04:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x2460
Faulting application start time: 0x01d471b976f3b5c1
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: bd0a702c-ddac-11e8-9b66-00226817a818
Error: (11/01/2018 04:04:19 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
System errors:
=============
Error: (10/29/2018 06:00:42 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
Error: (10/29/2018 05:56:20 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
Error: (10/29/2018 05:56:16 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
Error: (10/29/2018 05:55:58 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
Error: (10/29/2018 05:55:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
Error: (10/29/2018 05:52:21 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
Error: (10/29/2018 05:52:20 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
Error: (10/29/2018 05:52:20 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
CodeIntegrity:
===================================
Date: 2018-10-27 07:49:14.955
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-27 07:20:43.387
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 13:50:05.760
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 13:05:44.012
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 12:52:31.103
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 12:41:56.706
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 12:22:16.510
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-10-26 11:22:36.604
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 81%
Total physical RAM: 1944.03 MB
Available physical RAM: 353.19 MB
Total Virtual: 3888.06 MB
Available Virtual: 2126.15 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:231.89 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.18 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32
\\?\Volume{0c055244-2ff0-11e5-bcc9-806e6f6e6963}\ (System) (Fixed) (Total:3.37 GB) (Free:0.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 57.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)
==================== End of Addition.txt ============================
Reimage Protector, is a "system optimizer". These so-called "system optimizers" sometimes use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
https://forums.malwarebytes.com/topic/194200-removal-instructions-for-reimage-repair/
Also, ReimagePackage.exe was scanned at virus total
https://www.virustotal.com/en/file/954a9ec15788557dc5b50874c912d93f619743489f5f544ebc86ed67f9f924d7/analysis/1528134989/
This is listed in your add/remove programs list. You should consider uninstalling the below
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.8.0 - Reimage) <==== ATTENTION
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
Start::
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\Users\Ed\Downloads\EmsisoftEmergencyKit.exe
C:\ProgramData\Emsisoft
2018-10-14 13:03 - 2018-09-08 20:46 - 001310488 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll
2018-11-02 15:33 - 2018-11-02 15:33 - 013604352 _____ (Reimage) C:\Users\Ed\AppData\Local\Temp\ReimagePackage.exe
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {B3918475-5592-4C26-A145-75ECC97DCC74} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2018-02-08] (ReimageŽ) <==== ATTENTION
C:\Windows\Temp\*.*
Emptytemp:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
gin_jammer
2018-11-09, 15:36
I had not noticed that Reimage Repair had been installed (on 02 Nov), but had frequently seen some popups about it (for example see Attachment). I have now uninstalled it.
I ran FRST again, and fixlog.txt follows:
Fix result of Farbar Recovery Scan Tool (x86) Version: 08.11.2018
Ran by Ed (09-11-2018 09:02:13) Run:2
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\Users\Ed\Downloads\EmsisoftEmergencyKit.exe
C:\ProgramData\Emsisoft
2018-10-14 13:03 - 2018-09-08 20:46 - 001310488 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll
2018-11-02 15:33 - 2018-11-02 15:33 - 013604352 _____ (Reimage) C:\Users\Ed\AppData\Local\Temp\ReimagePackage.exe
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {B3918475-5592-4C26-A145-75ECC97DCC74} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2018-02-08] (ReimageŽ) <==== ATTENTION
C:\Windows\Temp\*.*
Emptytemp:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
C:\Users\Ed\Downloads\EmsisoftEmergencyKit.exe => moved successfully
C:\ProgramData\Emsisoft => moved successfully
C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Ed\AppData\Local\Temp\ReimagePackage.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3918475-5592-4C26-A145-75ECC97DCC74}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3918475-5592-4C26-A145-75ECC97DCC74}" => removed successfully.
C:\Windows\System32\Tasks\ReimageUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => removed successfully.
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\AdobeARM_NotLocked.log => moved successfully
C:\Windows\Temp\ArmUI.ini => moved successfully
C:\Windows\Temp\BitDefender Threat Scanner.dmp => moved successfully
C:\Windows\Temp\BITDF53.tmp => moved successfully
C:\Windows\Temp\BITE4A5.tmp => moved successfully
C:\Windows\Temp\MSI26fd8.LOG => moved successfully
C:\Windows\Temp\MSI26fd9.LOG => moved successfully
C:\Windows\Temp\MSI3d98d.LOG => moved successfully
C:\Windows\Temp\MSI3d98e.LOG => moved successfully
C:\Windows\Temp\MSI4b21b.LOG => moved successfully
C:\Windows\Temp\MSI4b21c.LOG => moved successfully
C:\Windows\Temp\MSI8f724.LOG => moved successfully
C:\Windows\Temp\MSI8f725.LOG => moved successfully
C:\Windows\Temp\MSI8f726.LOG => moved successfully
C:\Windows\Temp\MSI8f727.LOG => moved successfully
C:\Windows\Temp\MSI8f728.LOG => moved successfully
C:\Windows\Temp\MSIb4935.LOG => moved successfully
C:\Windows\Temp\MSIb4936.LOG => moved successfully
C:\Windows\Temp\MSIbedf2.LOG => moved successfully
C:\Windows\Temp\MSIbedf3.LOG => moved successfully
C:\Windows\Temp\MSIbf2de.LOG => moved successfully
C:\Windows\Temp\MSIbf2df.LOG => moved successfully
C:\Windows\Temp\MSIde43d.LOG => moved successfully
C:\Windows\Temp\MSIde43e.LOG => moved successfully
C:\Windows\Temp\MSIe02ef.LOG => moved successfully
C:\Windows\Temp\MSIe02f0.LOG => moved successfully
C:\Windows\Temp\MSIecbe.LOG => moved successfully
C:\Windows\Temp\MSIecbf.LOG => moved successfully
C:\Windows\Temp\MSIecc0.LOG => moved successfully
C:\Windows\Temp\MSIecc1.LOG => moved successfully
C:\Windows\Temp\MSIecc2.LOG => moved successfully
C:\Windows\Temp\MSIf6616.LOG => moved successfully
C:\Windows\Temp\MSIf7128.LOG => moved successfully
C:\Windows\Temp\MSIf7129.LOG => moved successfully
C:\Windows\Temp\reimage.log => moved successfully
C:\Windows\Temp\ReimageDefinitionUpdate2018.exe => moved successfully
C:\Windows\Temp\result.txt => moved successfully
C:\Windows\Temp\WER2FCA.tmp.appcompat.txt => moved successfully
C:\Windows\Temp\WER34F2.tmp.WERInternalMetadata.xml => moved successfully
C:\Windows\Temp\WER3512.tmp.hdmp => moved successfully
C:\Windows\Temp\WER52E2.tmp.appcompat.txt => moved successfully
C:\Windows\Temp\WERA8D2.tmp.appcompat.txt => moved successfully
C:\Windows\Temp\WERC51.tmp.appcompat.txt => moved successfully
C:\Windows\Temp\WERFC16.tmp.appcompat.txt => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
There's no user specified settings to be reset.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9605315 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2768572 B
Edge => 0 B
Chrome => 0 B
Firefox => 1086647441 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 4464 B
Ed => 64068952 B
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:04:28 ====
Is it just my imagination, or is this laptop suddenly running faster? Still not sure...
Is it just my imagination, or is this laptop suddenly running faster? Still not sure.
Ain't that what we were working for?....lol
OK, what issues are remaining?
gin_jammer
2018-11-10, 19:31
This laptop does now seem much, much better. Thanks!!!
Back up the line, you asked: "Do you use AVG Secure VPN for your work? Do you need this application?"
I looked and found it's been installed since February, but I don't recall installing it and don't even know what it is. May/should I just uninstall it?
Along the same line, I'd like to ask you about AVG. The first time I ever heard of AVG was at the conclusion of my first troubleshooting session with a helper on this forum. The helper (don't remember who it was) noted an antivirus software I was then using (I think it was Norton) and said that most of the times when a computer showed the problems we had just cleaned up, it had been due to that particular antivirus package. The helper said there was free stuff available that was more effective and suggested AVG Free, which I switched to immediately, and which I've been running ever since. Only lately have I started seeing what I will call "sales pitches" from AVG. Are these legitimate? Are they offering stuff that's really necessary? Did the "sales pitches" start showing up because of an AVG update, or is something else pretending to be AVG?
This laptop does now seem much, much better. Thanks!!!
Back up the line, you asked: "Do you use AVG Secure VPN for your work? Do you need this application?"
I looked and found it's been installed since February, but I don't recall installing it and don't even know what it is. May/should I just uninstall it?
Along the same line, I'd like to ask you about AVG. The first time I ever heard of AVG was at the conclusion of my first troubleshooting session with a helper on this forum. The helper (don't remember who it was) noted an antivirus software I was then using (I think it was Norton) and said that most of the times when a computer showed the problems we had just cleaned up, it had been due to that particular antivirus package. The helper said there was free stuff available that was more effective and suggested AVG Free, which I switched to immediately, and which I've been running ever since. Only lately have I started seeing what I will call "sales pitches" from AVG. Are these legitimate? Are they offering stuff that's really necessary? Did the "sales pitches" start showing up because of an AVG update, or is something else pretending to be AVG?
Glad to hear the laptop is better.
=>VPN<=
If you didn't install it or use it for 'work from home', I would uninstall it. It can be used as an avenue to interact with your computer.
AVG free antivirus is used by many, It's not unusual for them to ask you to upgrade to the paid for security suite. Some people do, as many don't.
Without seeing the pop up for AVG, I'm going to say it's probably legit. Just X out the little window and continue on with whatever your doing.
Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).
Anti-Virus
https://i.imgur.com/sZQBUGE.pngSophos Home (https://home.sophos.com/reg)
https://i.imgur.com/GCZb0TR.pngBitdefender Free Antivirus (http://www.bitdefender.com/solutions/free.html)
https://i.imgur.com/1lXc99W.pngEmsisoft Anti-Malware (https://www.emsisoft.com/en/software/antimalware/) - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection
https://i.imgur.com/szLrBjg.pngAvira Free Antivirus (https://www.avira.com/en/avira-free-antivirus)
https://i.imgur.com/90ChiEw.pngavast! Free Antivirus (https://www.avast.com/index)
~~~~
Let's remove tools and quarantine folders.
DelFix
Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
************************************
gin_jammer
2018-11-14, 14:18
Downloaded and ran DelFix. Afterward, I was unable to remove all of the Desktop leftovers, few of them won't delete.
Here's what DelFix reported:
# DelFix v1.010 - Logfile created 14/11/2018 at 08:11:53
# Updated 26/04/2015 by Xplode
# Username : Ed - ED-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Ed\Desktop\FRST-OlderVersion
Deleted : C:\Users\Ed\Desktop\Addition.txt
Deleted : C:\Users\Ed\Desktop\AdwCleaner.exe
Deleted : C:\Users\Ed\Desktop\aswMBR.exe
Deleted : C:\Users\Ed\Desktop\Fixlog.txt
Deleted : C:\Users\Ed\Desktop\FRST.exe
Deleted : C:\Users\Ed\Desktop\FRST.txt
Deleted : C:\Users\Ed\Desktop\HijackThis.exe
Deleted : C:\Users\Ed\Desktop\hijackthis.log
Deleted : C:\Users\Ed\Desktop\RogueKiller_portable32.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
########## - EOF - ##########
I was unable to remove all of the Desktop leftovers, few of them won't delete
Can you tell me the names of the tools that wont delete?
gin_jammer
2018-11-14, 19:15
I did a restart after which those tools no longer show on Desktop.
After I uninstalled AVG Secure VPN, I got a popup saying (more or less): "Couldn't remove all elements. These can be removed manually." Can you tell me how to find those "elements," and whether they need to be removed?
After I uninstalled AVG Secure VPN, I got a popup saying (more or less): "Couldn't remove all elements. These can be removed manually." Can you tell me how to find those "elements," and whether they need to be removed? When you downloaded AVG this package was in the bundle.
If you uninstalled AVG VPN, thats probably all you have to do cause it wont work without the whole deal.
All I can find is associated files/folders.
C:\Program Files\AVG\Secure VPN\Vpn.exe
C:\Program Files\AVG\Secure VPN\VpnSvc.exe
C:\Program Files\AVG\Secure VPN\VpnUpdate.exe
C:\Program Files\AVG\Secure VPN\libcef.dll
C:\Windows\System32\DRIVERS\avgTap.sys
Those would be the files to look for and delete because I have no way of knowing what is left.
gin_jammer
2018-11-15, 15:33
Uh oh! Maybe I screwed the pooch...removed everything in Secure VPN folder and afterward my browser (Firefox) was slower (MUCH slower) than Christmas to launch. I restored the Secure VPN stuff, one item at a time, but now Firefox won't launch at all. Task Monitor says it's running, but it is NOT.
I was able to launch MSN, which I don't ever use, and used it to search for this forum to post this message.
Unsure how you can communicate with me unless I can get back to this Forum again. While I wait, I'll try to get Firefox working. Would you recommend System Restore?
gin_jammer
2018-11-15, 15:45
Okay, Firefox launched. It struggled and was minimized once it opened, but it did launch. Once open, operation seemed almost normal.
gin_jammer
2018-11-15, 16:25
Maybe I just irritated Firefox removing the Secure VPN stuff (none of which, by the way, was the stuff you named), and then it got over it. It's now opening, running, and closing normally.
phew!
Let's dont poke the bear.
Give it a day or two and let me know if things have returned back to normal. :)
gin_jammer
2018-11-18, 16:31
Laptop is operating near normally, running all apps, etc. but from time to time it seems to pause and take a while before it resumes. Each time I think "here we go again," but suddenly the screen shows what I was expecting. No error messages have displayed. Although I have no way to prove it, I suspect there is some background activity. I've looked at Task Manager, but I don't know how to spot activity related to scripts, etc. Attached is a screenshot of typical Task Manager status.
At that point, I left my browser running and minimized it. I opened Photoshop and cropped the Task Manager image.
When I attempted to return to browser and this Forum, laptop did a restart on its own. However it didn't restart in the usual way, rather it stopped on a screen that said Start Normally (I think). I pressed Enter and Windows appeared to restart. Soon after I entered my logon code, the screen went black and everything appeared to stop. I let the laptop run untouched for a while.
Eventually, I typed Ctrl-Alt-Del to start Task Manager. I selected "Log off" and when I saw the Start button and the Task Bar appear, I moved the cursor to Start and clicked it. I wound up with screen displaying another instance of the Task Manager on a black screen. I made a second screenshot.
Then, I restarted laptop. It opened with this Forum, me already logged on, and the beginning of this message displayed (I never saw THAT before).
Before I log out, I am going to attempt to submit this reply attaching both screenshots, which are very similar except the Memory Usage History on Task Manager 2 is considerably lower. I did not crop the Task Manager 2 image so you could see the black screen.
Needless to say, I think my laptop is operating strangely.
I'm not so good nor trained on the tech end of a computer system but, what you described kinda sounds like something updated?
Firefox, Google Chrome, Windows, Antivirus?
Screen shots show very low CPU usage, when you see or notice such a slow down again, with task manager open, click on the
Applications or processes tab and monitor from there exe = cpu
from that I hope to see what is pulling and slowing the computer down.
gin_jammer
2018-11-19, 15:18
The image attached is to ask: is this the Task Manager info you want to see in the case of another slowdown?
I opened Task Manager, clicked on Processes tab, then clicked on CPU. "CPU" was replaced by a "down arrow"
I don't understand: "...and monitor from there exe = cpu" Please explain...
with the window you had open click on 'show proccesses from all users'
No need to click on a CPU button I don't think any of the information I was looking for would be there.
~~~
gin_jammer
2018-11-20, 01:35
Understood.
I'll be traveling from now until early next week and will have laptop with me, so I'll be looking for it to act up and will report what I see.
Hope you have a nice Thanksgiving!
gin_jammer
2018-11-28, 14:27
Laptop performed well. No problem caused by using another WIFI.
I am back at home and still seeing some occasional sluggish response. Often after I log off from Facebook I notice the laptop is very slow to respond. Not always but sometimes it displays a banner at the top of the screen saying there is a script running that I'm not quick enough to stop before the STOP button disappears from the screen. Even when I am able to click on the STOP SCRIPT button, the slowness doesn't disappear immediately. And then, for no apparent reason, the laptop will run great for a few days...
https://support.mozilla.org/en-US/kb/warning-unresponsive-script#w_error-happens-when-accessing-certain-websites
scroll down and click on Error happens when accessing certain websites
try what they suggest and see if that helps.
gin_jammer
2018-12-17, 13:43
I typed in: "htpps://www.facebook.com" and immediately wondered...do I need to include the "/shopify..." business, too? How much of what shows up when Facebook is opened counts as its URL?
I don't use Facebook so this will probably look like a stupid answer but, if your going to your Facebook page why would you want to add anything in?
Wouldn't that add more into just your space?
People should be very careful what they post and share on Facebook like any other social media outlet. It's in the news very often that personal accounts have been hacked or changed, passwords changed so, theres warning #1
Does Facebook have a question and answers page?
gin_jammer
2018-12-18, 15:49
You don't use Facebook?!!! I thought it was REQUIRED! Kidding, I often wish I'd never started...
When I log onto Facebook, it opens displaying a page virtually filled with advertisements, and the "site information" that appears in the "address" space at the top pf the page reads: https://www.facebook.com/shopify
I usually navigate away from there immediately by clicking on an icon that takes me to Notifications, which is where Facebookers go to "talk' to each other (and maybe when they die). As soon as one does that, the "/shopify" part disappears...unless unless you click on your own name.
If you click on your own name, you're taken to your own "Timeline" (sometimes referred to as your "wall"), and in the address space appears a "/" followed by your full Facebook name.
In short, I'm not sure which of these versions constitutes the URL of the site where I suspect the pesky script starts running in the background and slowing everything else to a crawl. Sorry to get so long-winded, but since you don't use FB I assumed that might make my question clearer.
I'll look for a Q&A page.
gin_jammer
2018-12-18, 16:01
I looked for a Q&A page but only found FAQ and none of them seemed related to URLs.
I did come across a warning not to post email addresses, etc, so I went back and noticed that the URL I had posted as an example is highlighted, so I clicked on it. Lo and behold...it took me into my FB account with no logon required. How do I get THAT removed?
gin_jammer
2018-12-18, 16:04
Maybe a false alarm. I closed Facebook and tried clicking on the example URL again. This time it did take me into Facebook and Shopify, but not into my personal FB account.
Google this ==> Delete Facebook's Shopify Store App
I did come across a warning not to post email addresses, etc, so I went back and noticed that the URL I had posted as an example is highlighted, so I clicked on it. Lo and behold...it took me into my FB account with no logon required. How do I get THAT removed?
I don't use Facebook and got no clue!
Can you ask users on Facebook or Facebook support?
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.