Page 9 of 11 FirstFirst ... 567891011 LastLast
Results 81 to 90 of 105

Thread: Persistent Warning

  1. #81
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,672

    Default

    Quote Originally Posted by gin_jammer View Post
    Can I keep my browser open while running these so I may refer to your step-by-step instructions?
    you can print out instructions or save them to notepad to follow.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  2. #82
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    178

    Default

    When I tried to install Zemana AntiMalware, I got a popup, see Attached image: "Zemana popup.jpg"

    I ran HitmanPro, which generated the following file:

    Code:
    HitmanPro 3.8.0.292
    www.hitmanpro.com
    
       Computer name . . . . : ED-PC
       Windows . . . . . . . : 6.1.1.7601.X86/2
       User name . . . . . . : Ed-PC\Ed
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2018-03-08 13:52:11
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 7m 5s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 77
    
       Objects scanned . . . : 1,527,876
       Files scanned . . . . : 37,086
       Remnants scanned  . . : 268,536 files / 1,222,254 keys
    
    Suspicious files ____________________________________________________________
    
       C:\Users\Ed\Desktop\Unused Icons\FRST.exe
          Size . . . . . . . : 1,725,440 bytes
          Age  . . . . . . . : 714.8 days (2016-03-23 19:18:28)
          Entropy  . . . . . : 7.5
          SHA-256  . . . . . : EDB662EF9C4A97718C0389AB1745337E8FAD0E627E2E7F3AFA81E680A12D815B
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 22.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    
    
    Potential Unwanted Programs _________________________________________________
    
       HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
    
    Cookies _____________________________________________________________________
    
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:254a.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:acuityplatform.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ad.360yield.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adaptv.advertising.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adbrn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:addthis.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adform.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adgrx.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adhigh.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adnxs.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.nexage.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.pubmatic.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.stickyadstv.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsrvr.org
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsymptotic.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adtechus.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:advertising.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:agkn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:atdmt.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:att.demdex.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidr.io
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidswitch.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bluekai.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bs.serving-sys.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:casalemedia.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:connexity.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:contextweb.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:creative-serving.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:crwdcntrl.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ctnsnet.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:demdex.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dh.serving-sys.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dlx.addthis.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dotomi.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:doubleclick.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dpm.demdex.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:everesttech.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:eyereturn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:eyeviewads.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:go.sonobi.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:gwallet.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ib.mookie1.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ipredictive.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:korrelate.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:krxd.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:lijit.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:match.rundsp.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mathtag.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:media6degrees.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mediaplex.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ml314.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mookie1.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mxptint.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:openx.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:owneriq.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pixel.rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pool.admedo.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:postrelease.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pubmatic.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rfihub.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rlcdn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:scorecardresearch.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:secure-assets.rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:serving-sys.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:simpli.fi
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:sitescout.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:skimresources.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:smartadserver.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tap-secure.rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tapad.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tidaltv.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tribalfusion.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:turn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:w55c.net
    Attached Images Attached Images

  3. #83
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,672

    Default

    The error from Zemana shows you have used the tool before .

    Hows the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  4. #84
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    178

    Default

    I haven't seen the fake warning popup for a couple of days, but the last time I saw it was while browsing news articles.

    I ran Excel this morning and discovered that keyboard arrow keys would not move the cursor from cell to cell rather would scroll the entire worksheet. I don't have a Scroll Lock key on my keyboard, but was able to turn scrolling OFF using the onscreen keyboard. Things like that make me think someone is messing with me.

    The only way I can judge the state of my laptop is to use my browser normally for a few days. I'll let you know what happens.

  5. #85
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,672

    Default

    I can't help with Excel, I don't use any office products on my computer.
    I tried to find support links you can follow.
    https://support.microsoft.com/en-us/...-stops-working
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  6. #86
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    178

    Default

    I only mentioned the Excel glitch in case you thought it was related to this malware we're chasing. I restored arrow keys by using the on screen keyboard to turn "Scroll Lock" to OFF (since my keyboard doesn't have a Scroll Lock key).

    The fake popup still appears, seemingly at random intervals. I have noticed that sometimes I can now turn it off (WITHOUT using the Task Manager) and then continue with whatever I was doing. On one occasion, the fake popup reappeared almost immediately, but that was the only time it's done that.

    When the fake popup appears, it's listed on the Task Manager under the Applications tab. Could the App name it's listed by possibly be used to search for and delete it? I'll have to wait for another occurrence to write down the App name.

  7. #87
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    178

    Default

    I'm also noticing that my laptop often becomes non-responsive after the browser (Firefox) has been running awhile. If I persistently click on something, I eventually see a banner across the top of my screen indicating a script is running and asking what I wish to do. The banner presents a couple of buttons, one of which is "Stop it," but clicking that button does not produce an immediate result. Can I stop or block scripts another way?

  8. #88
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,672

    Default

    A good while back, I recommended you reset Firefox, was this done?

    ~~

    When the fake popup appears, it's listed on the Task Manager under the Applications tab. Could the App name it's listed by possibly be used to search for and delete it? I'll have to wait for another occurrence to write down the App name.
    Yes, the app name will help

    ~~

    turn off all computers, iphones, ...
    then unplug the power cable from the router,
    then unplug the power cable from the (Cable) modem

    ....let it OFF for about 5 minutes.

    Then with the computers still off,
    plug back in the Cable modem power cable.

    ...when all the lights come on:
    then plug in the router,

    when all the lights come back on:
    then start all computers:

    Now check if your problem still exists.

    ~~

    please read over the below link

    https://support.mozilla.org/en-US/kb...ponsive-script

    ~~~~~~~~~~~~

    I would like to see a new FRST log
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  9. #89
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    178

    Default

    I couldn't remember whether I had reset Firefox earlier, so I did it.

    I have NOT yet done the modem/router power OFF steps.

    Following are the new FRST logs:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
    Ran by Ed (2018-03-25 08:47:08)
    Running from C:\Users\Ed\Desktop\Unused Icons
    Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
    Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
    Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
    Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
    Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
    ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
    Apple Software Update (HKLM\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
    AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.2.3046 - AVG Technologies)
    AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies)
    AVG PC TuneUp (Version: 16.77.3 - AVG Technologies) Hidden
    AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.2.632 - AVG)
    Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
    Elevated Installer (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    FMW 1 (Version: 1.227.9 - AVG Technologies) Hidden
    Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
    Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.33.7 - Google Inc.) Hidden
    H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
    H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
    H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
    H&R Block Deluxe + Efile 2017 (HKLM\...\{16CC23D8-0CC6-4934-AA1F-B79AE31C405F}) (Version: 17.04.6301 - HRB Technology, LLC.)
    iCloud (HKLM\...\{625E52CB-61F3-4FC0-916A-4E144948A023}) (Version: 7.3.0.20 - Apple Inc.)
    Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
    iTunes (HKLM\...\{F9FEA709-DE8A-4ECB-A57B-FB2604EF24FB}) (Version: 12.7.3.46 - Apple Inc.)
    Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
    Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
    Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 59.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x86 en-US)) (Version: 59.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1.6648 - Mozilla)
    Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
    OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
    PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
    Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
    RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00587C43-504F-45D2-BC47-1CB8C8368DD2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-08] (AVG Technologies CZ, s.r.o.)
    Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
    Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-13] (Adobe Systems Incorporated)
    Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
    Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
    Task: {5791A7E9-AF24-49A0-9DD0-719571AC1CDE} - System32\Tasks\{416A5D32-82D3-40D7-9405-AFF201723BF7} => pcalua.exe -a C:\Users\Ed\Desktop\HijackThis.exe -d C:\Users\Ed\Desktop
    Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {66A7DC2E-3B8E-4781-A414-E0976D20FCD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-03-15] (Google Inc.)
    Task: {67E7081C-B0E8-43CD-8057-AC36A75146E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
    Task: {708BB84B-BC5F-4BBF-90C8-0CF407213F72} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-03-14] (AVG Technologies CZ, s.r.o.)
    Task: {8A2122A1-72DF-44DD-BE31-58EC98A353E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-03-15] (Google Inc.)
    Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {B31C2D05-2D45-4008-BAE2-9461602D42B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {B80053F6-2E6D-40C0-9141-C57BA20E1A70} - System32\Tasks\AVG Secure VPN Update => C:\Program Files\AVG\Secure VPN\VpnUpdate.exe [2018-03-14] (AVG Technologies CZ, s.r.o.)
    Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2018-01-10] (Apple Inc.)
    Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2018-01-22] (AVG Technologies CZ, s.r.o.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2018-03-14 09:48 - 2018-03-14 09:48 - 00289008 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
    2018-03-14 09:48 - 2018-03-14 09:48 - 00281328 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
    2018-03-14 13:52 - 2018-03-14 13:52 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031402\algo.dll
    2018-03-14 09:48 - 2018-03-14 09:48 - 00758000 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
    2018-03-14 09:48 - 2018-03-14 09:48 - 00965872 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
    2018-03-14 09:48 - 2018-03-14 09:48 - 00476400 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
    2018-03-15 07:26 - 2018-03-15 07:26 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031500\algo.dll
    2018-03-15 15:48 - 2018-03-15 15:48 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031508\algo.dll
    2018-03-16 07:51 - 2018-03-16 07:51 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031602\algo.dll
    2018-03-16 15:56 - 2018-03-16 15:56 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031604\algo.dll
    2018-03-17 07:58 - 2018-03-17 07:58 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031700\algo.dll
    2018-03-18 08:01 - 2018-03-18 08:01 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031800\algo.dll
    2018-03-19 08:04 - 2018-03-19 08:04 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031900\algo.dll
    2018-03-19 12:05 - 2018-03-19 12:05 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18031902\algo.dll
    2018-03-20 12:08 - 2018-03-20 12:08 - 05796080 _____ () C:\Program Files\AVG\Antivirus\defs\18032002\algo.dll
    2016-04-13 17:25 - 2016-04-13 17:25 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 01042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-11-30 19:55 - 2017-11-30 19:55 - 00076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-02-14 09:42 - 2017-02-14 09:42 - 00326144 _____ () C:\Program Files\Garmin\Device Interaction Service\GpsImgWrapper.dll
    2017-03-28 15:32 - 2017-03-28 15:32 - 00073216 _____ () C:\Program Files\Garmin\Device Interaction Service\FixBootSector.dll
    2017-12-03 12:28 - 2016-09-13 15:00 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-12-03 12:28 - 2016-09-13 15:00 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2017-12-03 12:28 - 2016-09-13 15:00 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2018-03-14 20:59 - 2018-03-14 20:59 - 00281840 _____ () C:\Program Files\AVG\Secure VPN\tasks_core.dll
    2018-03-14 09:48 - 2018-03-14 09:48 - 00619248 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
    2018-03-14 09:48 - 2018-03-14 09:48 - 00289008 _____ () c:\Program Files\AVG\Antivirus\StreamBack.dll
    2017-12-03 12:28 - 2017-05-12 12:36 - 00507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2014-01-16 20:11 - 2013-01-15 00:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2016-12-02 19:14 - 2016-12-02 19:14 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
    2018-03-14 09:48 - 2018-03-14 09:48 - 67127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 00189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2018-02-22 08:59 - 2018-02-22 08:59 - 48936448 _____ () C:\Program Files\AVG\Secure VPN\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7873 more sites.

    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

    There are 7873 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:04 - 2018-01-31 16:56 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.114.81.1 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{BBAE6A51-936A-4002-B8B4-0F02AABB30B2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{80ECA08B-FB7B-4435-9E54-09F72EC1EA40}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{3A56F231-0455-4CB6-ADF7-186661B5A4DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{383EF5B3-1057-404C-BC05-9F1BDD82073C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    10-03-2018 01:00:04 Scheduled Checkpoint
    15-03-2018 03:00:14 Windows Update
    23-03-2018 00:00:07 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: ZAM Helper Driver
    Description: ZAM Helper Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ZAM
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: ZAM Guard Driver
    Description: ZAM Guard Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ZAM_Guard
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: AVG TAP Adapter v3
    Description: AVG TAP Adapter v3
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: avgTap
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/25/2018 03:30:03 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
    Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

    Error: (03/25/2018 03:30:00 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
    Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

    Error: (03/25/2018 03:29:53 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
    Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.

    Error: (03/25/2018 03:16:48 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0x2f40
    Faulting application start time: 0xesu.exe0
    Faulting application path: esu.exe1
    Faulting module path: esu.exe2
    Report Id: esu.exe3

    Error: (03/25/2018 03:16:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

    Error: (03/24/2018 04:34:27 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
    Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

    Error: (03/24/2018 04:34:24 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
    Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

    Error: (03/24/2018 04:34:19 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
    Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.

    Error: (03/24/2018 02:38:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0x2d58
    Faulting application start time: 0xesu.exe0
    Faulting application path: esu.exe1
    Faulting module path: esu.exe2
    Report Id: esu.exe3

    Error: (03/24/2018 02:38:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])


    System errors:
    =============
    Error: (03/15/2018 10:22:25 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (03/15/2018 03:27:15 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Garmin Device Interaction Service service hung on starting.

    Error: (03/15/2018 03:25:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053

    Error: (03/15/2018 03:25:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (03/13/2018 09:41:31 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (03/13/2018 06:47:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Garmin Device Interaction Service service failed to start due to the following error:
    %%1053

    Error: (03/13/2018 06:47:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

    Error: (03/12/2018 05:32:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/01/2018 01:34:20 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (02/28/2018 03:05:42 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer LAPTOP-TKL884U4
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0.
    The master browser is stopping or an election is being forced.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
    Percentage of memory in use: 45%
    Total physical RAM: 1944.03 MB
    Available physical RAM: 1052.13 MB
    Total Virtual: 6422.79 MB
    Available Virtual: 4692.72 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:229.92 GB) NTFS
    Drive d: (DVD_VIDEO_RECORDER) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    Drive e: () (Removable) (Total:57.87 GB) (Free:41.22 GB) FAT32
    Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
    Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

    ==================== End of Addition.txt ============================

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
    Ran by Ed (administrator) on ED-PC (25-03-2018 08:46:07)
    Running from C:\Users\Ed\Desktop\Unused Icons
    Loaded Profiles: Ed (Available Profiles: Ed)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Lenovo) C:\Windows\System32\ibmpmsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\VpnSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\Vpn.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219888 2018-01-25] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [294928 2018-03-14] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-01-10] (Apple Inc.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2018-02-22]
    ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies CZ, s.r.o.)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
    Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
    Tcpip\..\Interfaces\{C9604640-2540-4F90-BBFC-7E5BF9549C72}: [NameServer] 77.234.40.79

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796
    FF Homepage: www.toast.net/start
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-15] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-15] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2018-03-17] [not signed]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Slides) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-15]
    CHR Extension: (Docs) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-15]
    CHR Extension: (Google Drive) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-15]
    CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-15]
    CHR Extension: (Sheets) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-15]
    CHR Extension: (Google Docs Offline) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-15]
    CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-15]
    CHR Extension: (Chrome Media Router) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-15]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [304776 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5960472 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189320 2018-01-25] (AVG Technologies CZ, s.r.o.)
    S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    R2 SecureVpn; C:\Program Files\AVG\Secure VPN\VpnSvc.exe [5517040 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4443136 2018-01-22] (AVG Technologies CZ, s.r.o.)
    R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [41472 2018-01-22] (AVG Technologies CZ, s.r.o.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [159424 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135808 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [179024 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [150952 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270272 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43920 2018-03-14] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35192 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [116784 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [92416 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63208 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775992 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [384240 2018-03-14] (AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [144728 2018-03-14] (AVG Technologies CZ, s.r.o.)
    S3 avgTap; C:\Windows\System32\DRIVERS\avgTap.sys [49136 2017-12-05] (The OpenVPN Project)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [303168 2018-03-14] (AVG Technologies CZ, s.r.o.)
    S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-01-27] ()
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)
    S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-03-25 08:44 - 2018-03-25 08:46 - 00000000 ____D C:\FRST
    2018-03-23 12:34 - 2018-03-14 09:48 - 00320440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2018-03-22 10:22 - 2018-03-22 10:22 - 00621873 _____ C:\Users\Ed\Downloads\Designing with Compression Springs.pdf
    2018-03-15 11:01 - 2018-03-20 19:11 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-03-15 11:01 - 2018-03-20 19:11 - 00002136 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-03-15 10:59 - 2018-03-15 11:08 - 00000000 ____D C:\Users\Ed\AppData\Local\Google
    2018-03-15 10:59 - 2018-03-15 11:00 - 00000000 ____D C:\Program Files\Google
    2018-03-14 04:37 - 2018-03-08 23:14 - 04044992 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2018-03-14 04:37 - 2018-03-08 23:14 - 04025536 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-03-14 04:37 - 2018-03-08 23:14 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
    2018-03-14 04:37 - 2018-03-08 23:14 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-03-14 04:37 - 2018-03-08 23:14 - 00137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
    2018-03-14 04:37 - 2018-03-08 23:14 - 00137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-03-14 04:37 - 2018-03-08 23:14 - 00067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-03-14 04:37 - 2018-03-08 22:47 - 01310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 00554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-03-14 04:37 - 2018-03-08 22:43 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-03-14 04:37 - 2018-03-08 22:26 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-03-14 04:37 - 2018-03-08 22:24 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-03-14 04:37 - 2018-03-08 22:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2018-03-14 04:37 - 2018-03-08 22:22 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-03-14 04:37 - 2018-03-08 22:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-03-14 04:37 - 2018-03-08 22:22 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-03-14 04:37 - 2018-03-01 04:25 - 02404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-03-14 04:37 - 2018-02-21 23:06 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
    2018-03-14 04:37 - 2018-02-18 17:34 - 00535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-03-14 04:37 - 2018-02-13 14:31 - 00117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2018-03-14 04:37 - 2018-02-13 14:24 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2018-03-14 04:37 - 2018-02-13 10:04 - 01893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2018-03-14 04:37 - 2018-02-13 10:04 - 01319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2018-03-14 04:37 - 2018-02-13 10:04 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2018-03-14 04:37 - 2018-02-13 10:04 - 00508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2018-03-14 04:37 - 2018-02-13 10:04 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2018-03-14 04:37 - 2018-02-13 10:04 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2018-03-14 04:37 - 2018-02-13 10:04 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2018-03-14 04:37 - 2018-02-13 10:04 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2018-03-14 04:37 - 2018-02-10 14:49 - 00162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
    2018-03-14 04:37 - 2018-02-10 14:49 - 00154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
    2018-03-14 04:37 - 2018-02-10 14:49 - 00104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
    2018-03-14 04:37 - 2018-02-10 14:49 - 00057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
    2018-03-14 04:37 - 2018-02-10 14:49 - 00053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
    2018-03-14 04:37 - 2018-02-10 14:49 - 00052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
    2018-03-14 04:37 - 2018-02-10 14:49 - 00052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
    2018-03-14 04:37 - 2018-02-10 14:49 - 00051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
    2018-03-14 04:37 - 2018-02-10 14:49 - 00046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
    2018-03-14 04:37 - 2018-02-10 14:49 - 00032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
    2018-03-14 04:37 - 2018-02-10 14:49 - 00027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
    2018-03-14 04:37 - 2018-02-10 14:49 - 00021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
    2018-03-14 04:37 - 2018-02-10 14:49 - 00013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
    2018-03-14 04:37 - 2018-02-10 14:49 - 00011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
    2018-03-14 04:37 - 2018-02-10 14:48 - 00274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
    2018-03-14 04:37 - 2018-02-10 14:48 - 00052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
    2018-03-14 04:37 - 2018-02-10 14:48 - 00052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
    2018-03-14 04:37 - 2018-02-10 14:23 - 02292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2018-03-14 04:37 - 2018-02-10 14:23 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
    2018-03-14 04:37 - 2018-02-10 14:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
    2018-03-14 04:37 - 2018-02-10 14:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
    2018-03-14 04:37 - 2018-02-10 13:36 - 00537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
    2018-03-14 04:37 - 2018-02-10 13:36 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
    2018-03-14 04:37 - 2018-02-10 13:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
    2018-03-14 04:37 - 2018-02-10 13:36 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
    2018-03-14 04:37 - 2018-02-02 14:54 - 00105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2018-03-14 04:37 - 2018-02-02 14:29 - 02365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2018-03-14 04:37 - 2018-02-02 14:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2018-03-14 04:37 - 2018-01-12 12:26 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-03-14 04:36 - 2018-03-08 22:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-03-14 04:36 - 2018-03-08 22:26 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-03-14 04:36 - 2018-03-08 22:26 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-03-14 04:36 - 2018-03-08 22:26 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-03-14 04:36 - 2018-03-08 22:26 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-03-14 04:36 - 2018-03-08 22:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-03-14 04:36 - 2018-03-08 22:22 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-03-14 04:36 - 2018-03-08 22:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-03-14 04:36 - 2018-03-08 22:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-03-14 04:36 - 2018-02-10 13:36 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
    2018-03-14 04:36 - 2018-02-02 14:29 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2018-03-14 04:36 - 2018-02-02 14:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2018-03-14 04:36 - 2018-02-02 14:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2018-03-14 04:36 - 2018-02-02 13:46 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2018-03-14 04:36 - 2018-01-15 15:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-03-08 14:49 - 2018-03-08 14:49 - 10993872 _____ (SurfRight B.V.) C:\Users\Ed\Downloads\HitmanPro.exe
    2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
    2018-03-07 20:59 - 2018-03-07 20:59 - 00001785 _____ C:\Users\Ed\Desktop\Forum Instructions.txt
    2018-03-04 19:33 - 2018-03-04 19:33 - 00569290 _____ C:\Users\Ed\Downloads\Statement_Mar 2018.pdf
    2018-02-25 16:09 - 2018-02-25 16:38 - 00015872 _____ C:\Users\Ed\Desktop\Product Engineering Section 4140.xls

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-03-25 08:46 - 2016-11-19 16:24 - 00000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
    2018-03-25 03:36 - 2009-07-14 00:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-03-25 03:36 - 2009-07-14 00:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-03-23 12:34 - 2017-11-27 09:46 - 00001921 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
    2018-03-23 09:42 - 2017-12-26 20:54 - 00046592 _____ C:\Users\Ed\Desktop\Alert VISA.xls
    2018-03-22 13:21 - 2016-11-21 15:39 - 00000000 ____D C:\Users\Ed\Desktop\Old Firefox Data
    2018-03-19 17:14 - 2010-11-20 17:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-03-19 17:14 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
    2018-03-18 12:19 - 2017-12-25 11:33 - 00000000 ____D C:\Users\Ed\AppData\Local\CrashDumps
    2018-03-17 07:46 - 2017-05-19 16:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2018-03-17 07:46 - 2015-08-10 16:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2018-03-15 04:02 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
    2018-03-15 03:25 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2018-03-15 03:24 - 2009-07-14 00:33 - 00310016 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-03-15 03:22 - 2015-07-21 15:47 - 00000000 ____D C:\Windows\system32\appraiser
    2018-03-15 03:05 - 2015-07-21 15:43 - 00000000 ____D C:\Windows\system32\MRT
    2018-03-15 03:01 - 2017-10-11 03:01 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-03-15 03:01 - 2015-07-21 15:43 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswfff991195401cb3d.tmp
    2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf11e4b7f329d5e92.tmp
    2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd959b35494881878.tmp
    2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd33f11c9d0e49319.tmp
    2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw663a794241db315e.tmp
    2018-03-14 09:48 - 2017-11-27 09:45 - 00159424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw63a2c1ee2b7f6581.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe91d7cc0ce733145.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe5a0fef4827d6e31.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe47deb1bf6142293.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd8158c3b1d3d6821.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw776596a18c114177.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw39786af245ed0109.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf96ec2e66b52ced3.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asweac384d127347138.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb35683c2a039993c.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswa94130442dce11b8.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw6514ed46332a6f29.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00384240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw21a2daa47b175755.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf0a98d9cb70597b9.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asweeed440bd7f11749.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe71201abb49e7dac.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9a9a6c1944728a2d.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw8b8a58a2456acfc8.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw7de5ca48ed01e3ca.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf4fd7ac9c582a945.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd53a77b6236426c3.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswbc6f69ded7989a0d.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb12a8568651395bd.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw45a233ec723f1748.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw11b549b5b079c3d9.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswc69995a4891a3c50.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw73b2325e6fab2e62.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw61f351c642a73cc8.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw5a00b69d78395910.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw2e4839572d7b5211.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00179024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw dd05306b537ef0d.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe449228688d8e3d7.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswce9350919473cfef.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswab6ef4e60e462a2a.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9363d22f75635337.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw3c1e35049745f8ef.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw 51cdb0af6406b40.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswfc14ab855651fcf2.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdfc749ce49e69378.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswce7cb34c7c14d710.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswa99939d200630628.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw92e3c89f11066f25.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00144728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw3c0a370316b12cf5.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe1e22071d2f2b3e2.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdc55feafcacf73a6.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb1c1d88709718712.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw6dc5a76f5c807e04.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw269e0d7fc19832d6.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw195b35324e12d54c.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe648ffba10ddf7d7.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd10fb472153bdd42.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswaa6b4bb281ddfba8.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw99a150d99ad8f2a5.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw6b11afa2f712616e.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw57cf3a91e85bc3e2.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdfa9f2ccf0272f00.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdc438833292f5f97.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswbcbe7adccbdf8553.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw8e4101390aa72cba.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw81b3b5d940b8c41a.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00092416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw3e80a46da44cca5b.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf730e6541723a2cd.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw8ef29db4e5a079c9.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw74cc1371f680cfbd.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw131ceb79636e48f7.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw12cf2ebec1334209.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw 835fc390c86d1ed.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswfb822209accdb787.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf61704f2837b1dac.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb85ea0519309ddd5.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswa7d5d2952f582d87.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9523cb61b3e4db9c.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw1df0969a0ca7551f.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
    2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd64f0761e12b3169.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswd5c0e3146c0740fe.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw8ef1b74897e24cb9.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw7a832f31c03783ea.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw5178cc98dd889790.tmp
    2018-03-14 09:48 - 2017-05-23 09:02 - 00035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw34ef025570d17ce3.tmp
    2018-03-13 06:46 - 2018-02-02 08:26 - 00000000 ____D C:\Program Files\Zemana AntiMalware
    2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
    2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
    2018-02-23 14:07 - 2015-07-22 09:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== Files in the root of some directories =======

    2015-12-29 22:38 - 2015-12-29 22:39 - 54113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe
    2016-05-16 16:30 - 2016-05-16 16:30 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2018-03-19 00:54

    ==================== End of FRST.txt ============================

  10. #90
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,672

    Default

    I have NOT yet done the modem/router power OFF steps.
    Please do attempt to do this.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::


    Start::
    CloseProcesses:
    CreateRestorePoint:
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
    2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
    2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
    2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
    Hosts:
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    I found a few left over Zemana files we can delete (in the above FRST fix) and attempt to download and install again.

    Zemana AntiMalware - Fix
    • Download and install Zemana AntiMalware
    • Open Zemana AntiMalware, and click on the Scan button
    • Wait for the scan to complete
    • Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
    • If it asks you to reboot your computer to finish the clean-up, do so
    • After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
    • A log will open in Notepad
    • Copy/paste the content of that log in your next reply


    Please post these 2 logs when finished along with an update with how the computer is at the moment.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •