Page 1 of 11 12345 ... LastLast
Results 1 to 10 of 105

Thread: Persistent Warning

  1. #1
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default Persistent Warning

    My online sessions have recently been interrupted repeatedly by a popup plus an audio warning to the effect that my computer "may" be infected. I can turn them off only with the Task Manager. I have done a Registry backup. FRST.txt and aswMBR follow.

    Please help.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
    Ran by Ed (administrator) on ED-PC (03-12-2017 09:19:38)
    Running from C:\Users\Ed\Desktop\Unused Icons
    Loaded Profiles: Ed (Available Profiles: Ed)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Lenovo) C:\Windows\System32\ibmpmsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (Apple, Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\secd.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-27] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [BingSvc] => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudPhotos] => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-08-07]
    ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
    Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toast.net/start
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\c1chj0up.default-1479757157401
    FF Homepage: hxxp://toast.net/start/
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
    S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4448016 2017-11-15] (AVG Technologies CZ, s.r.o.)
    R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48912 2017-11-15] (AVG Technologies CZ, s.r.o.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [149592 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135872 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [249232 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [151024 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270344 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43992 2017-11-27] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35264 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [117368 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [91976 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63280 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775552 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [381184 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [143264 2017-11-27] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [290776 2017-11-27] (AVG Technologies CZ, s.r.o.)
    S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-03 09:17 - 2017-12-03 09:17 - 00001032 _____ C:\Users\Ed\Desktop\FRST - Shortcut.lnk
    2017-12-03 09:09 - 2017-12-03 09:09 - 01752064 _____ (Farbar) C:\Users\Ed\Downloads\FRST.exe
    2017-12-03 09:04 - 2017-12-03 09:04 - 00000000 ____D C:\RegBackup
    2017-12-03 08:59 - 2017-12-03 08:59 - 00002188 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2017-12-03 08:54 - 2017-12-03 08:54 - 05766144 _____ (Tweaking.com) C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
    2017-11-27 08:46 - 2017-11-27 08:46 - 00001921 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
    2017-11-27 08:45 - 2017-11-27 08:44 - 00306448 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2017-11-27 08:45 - 2017-11-27 08:44 - 00149592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2017-11-14 18:57 - 2017-10-17 20:55 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2017-11-14 18:57 - 2017-10-17 20:55 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2017-11-14 18:57 - 2017-10-17 20:55 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2017-11-14 18:57 - 2017-10-17 20:55 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2017-11-14 18:57 - 2017-10-17 20:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2017-11-14 18:57 - 2017-10-17 20:55 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2017-11-14 18:57 - 2017-10-17 20:55 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2017-11-14 18:57 - 2017-10-16 17:49 - 01213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2017-11-14 18:57 - 2017-10-16 17:25 - 02402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-11-14 18:57 - 2017-10-16 16:55 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
    2017-11-14 18:57 - 2017-10-11 19:40 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2017-11-14 18:57 - 2017-10-11 19:37 - 11410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-11-14 18:57 - 2017-10-11 19:37 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-11-14 18:57 - 2017-10-11 19:26 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2017-11-14 18:57 - 2017-10-11 19:26 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2017-11-14 18:57 - 2017-10-11 19:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2017-11-14 18:57 - 2017-10-11 19:25 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2017-11-14 18:57 - 2017-10-11 19:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2017-11-14 18:57 - 2017-10-11 19:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2017-11-14 18:57 - 2017-10-11 19:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2017-11-14 18:57 - 2017-10-11 19:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-11-14 18:57 - 2017-10-11 19:14 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
    2017-11-14 18:57 - 2017-09-07 08:05 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-11-14 18:57 - 2017-09-07 08:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-11-14 18:56 - 2017-10-17 21:16 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-11-14 18:56 - 2017-10-17 21:11 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-11-14 18:56 - 2017-10-15 17:04 - 00313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-11-14 18:56 - 2017-10-04 08:04 - 01918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2017-11-14 18:56 - 2017-10-04 08:04 - 01321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-11-14 18:56 - 2017-10-04 08:04 - 00541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-11-14 18:56 - 2017-10-04 08:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-11-14 18:56 - 2017-10-04 08:04 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-11-14 18:56 - 2017-10-04 08:04 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-11-14 18:56 - 2017-10-04 08:04 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-11-08 16:09 - 2017-11-08 16:09 - 00154442 _____ C:\Users\Ed\Downloads\EasyPayTermsAgreement.pdf
    2017-11-07 07:43 - 2017-11-30 15:23 - 00000000 ___RD C:\Users\Ed\iCloudDrive
    2017-11-07 07:43 - 2017-11-07 07:43 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-11-07 07:43 - 2017-11-07 07:43 - 00000000 ____D C:\Users\Ed\AppData\Local\Apple Inc
    2017-11-07 07:36 - 2017-11-07 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-11-05 11:02 - 2017-11-05 11:02 - 00630811 _____ C:\Users\Ed\Downloads\Statement_Nov 2017.pdf
    2017-11-05 09:11 - 2017-11-07 08:09 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Apple Computer
    2017-11-05 09:11 - 2017-11-07 07:42 - 00000000 ____D C:\Users\Ed\AppData\Local\Apple Computer
    2017-11-05 09:10 - 2017-11-05 09:10 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-11-05 09:10 - 2017-11-05 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-11-05 09:10 - 2017-11-05 09:10 - 00000000 ____D C:\Program Files\iPod
    2017-11-05 09:09 - 2017-11-05 09:10 - 00000000 ____D C:\Program Files\iTunes
    2017-11-05 09:09 - 2017-11-05 09:09 - 00000000 ____D C:\ProgramData\Apple Computer
    2017-11-05 09:08 - 2017-11-05 09:08 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-11-05 09:08 - 2017-11-05 09:08 - 00000000 ____D C:\Users\Ed\AppData\Local\Apple
    2017-11-05 09:08 - 2017-11-05 09:08 - 00000000 ____D C:\Program Files\Apple Software Update
    2017-11-05 09:07 - 2017-11-07 07:36 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-11-05 09:07 - 2017-11-05 09:08 - 00000000 ____D C:\ProgramData\Apple
    2017-11-05 09:07 - 2017-11-05 09:07 - 00000000 ____D C:\Program Files\Bonjour
    2017-11-05 09:04 - 2017-11-05 09:05 - 200617288 _____ (Apple Inc.) C:\Users\Ed\Downloads\iTunesSetup.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-03 09:19 - 2016-03-23 19:19 - 00000000 ____D C:\FRST
    2017-12-03 09:19 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Ed\Desktop\Unused Icons
    2017-12-03 09:00 - 2015-10-09 16:43 - 00049465 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2017-12-03 08:47 - 2016-11-19 15:24 - 00000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
    2017-12-03 04:18 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-12-03 04:18 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-11-30 16:36 - 2016-01-18 20:00 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Skype
    2017-11-30 15:22 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-11-30 10:35 - 2015-07-22 08:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-11-30 10:20 - 2017-05-19 15:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2017-11-30 10:20 - 2015-08-10 15:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2017-11-29 03:06 - 2015-07-21 14:43 - 00000000 ____D C:\Windows\system32\MRT
    2017-11-29 03:01 - 2017-10-11 02:01 - 124282896 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2017-11-29 03:01 - 2015-07-21 14:43 - 124282896 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-11-27 10:44 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
    2017-11-27 08:46 - 2017-05-29 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2017-11-27 08:46 - 2017-05-23 08:02 - 00381184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2017-11-27 08:44 - 2017-05-23 08:02 - 00775552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2017-11-27 08:44 - 2017-05-23 08:02 - 00290776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2017-11-27 08:44 - 2017-05-23 08:02 - 00143264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2017-11-27 08:44 - 2017-05-23 08:02 - 00117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2017-11-27 08:44 - 2017-05-23 08:02 - 00091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2017-11-27 08:44 - 2017-05-23 08:02 - 00063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2017-11-27 08:44 - 2017-05-23 08:02 - 00035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
    2017-11-27 08:43 - 2017-05-23 08:02 - 00270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
    2017-11-27 08:43 - 2017-05-23 08:02 - 00249232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
    2017-11-27 08:43 - 2017-05-23 08:02 - 00151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
    2017-11-27 08:43 - 2017-05-23 08:02 - 00135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
    2017-11-27 08:43 - 2017-05-23 08:02 - 00043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
    2017-11-24 15:50 - 2016-11-21 16:33 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
    2017-11-15 16:08 - 2015-08-10 15:55 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Mozilla
    2017-11-15 09:03 - 2010-11-20 16:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-11-15 08:59 - 2016-05-09 05:30 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
    2017-11-15 08:56 - 2017-09-04 12:34 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
    2017-11-15 08:56 - 2017-01-10 09:02 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
    2017-11-15 06:56 - 2016-01-18 19:59 - 00000000 ____D C:\ProgramData\Skype
    2017-11-15 04:01 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
    2017-11-15 03:24 - 2009-07-13 23:33 - 00310016 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-11-15 03:21 - 2015-07-21 14:47 - 00000000 ____D C:\Windows\system32\appraiser
    2017-11-07 07:43 - 2015-07-21 13:41 - 00000000 ____D C:\Users\Ed
    2017-11-06 12:53 - 2017-09-04 12:34 - 00000978 _____ C:\Users\Public\Desktop\AVG.lnk

    ==================== Files in the root of some directories =======

    2015-12-29 21:38 - 2015-12-29 21:39 - 54113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe
    2016-05-16 15:30 - 2016-05-16 15:30 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2017-11-29 00:36

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
    Ran by Ed (2017-12-03 09:20:28)
    Running from C:\Users\Ed\Desktop\Unused Icons
    Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
    Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
    Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
    Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
    ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2218B6FE-7215-4EC9-B0E7-F47674AFA2F5}) (Version: 11.0.1.2 - Apple Inc.)
    Apple Software Update (HKLM\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    AVG (Version: 1.211.3 - AVG Technologies) Hidden
    AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
    AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
    AVG PC TuneUp (Version: 16.76.2 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
    Elevated Installer (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    FMW 1 (Version: 1.226.3 - AVG Technologies) Hidden
    Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
    H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
    H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
    iCloud (HKLM\...\{8C0BFEB8-6679-4A88-B4EC-2DF8BEC18CE0}) (Version: 7.1.0.34 - Apple Inc.)
    Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
    iTunes (HKLM\...\{ABDCBAEB-4276-4409-9145-E1E410377A9B}) (Version: 12.7.1.14 - Apple Inc.)
    Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
    Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 57.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x86 en-US)) (Version: 57.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1.6541 - Mozilla)
    Mozilla Thunderbird 52.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.5.0 (x86 en-US)) (Version: 52.5.0 - Mozilla)
    OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
    PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
    Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
    RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
    Task: {1F4C501C-34A1-4D9E-B7C6-840AE68FE10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated)
    Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
    Task: {4EEBD237-DBCF-4B4A-A40E-F6ACB68CF00A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
    Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {865B7FA1-7AF1-4AE3-9506-F23373B0C070} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2017-11-27] (AVG Technologies CZ, s.r.o.)
    Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {DCDA5300-1724-4338-B20E-88517EF64AD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
    Task: {F7C8A13B-225A-4748-8F83-A40314F093E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\0316avUpdateInfo.job => C:\ProgramData\Avg_Update_0316av\0316av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\0615piUpdateInfo.job => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-01-16 19:11 - 2013-01-14 23:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00060160 _____ () C:\Program Files\AVG\Antivirus\module_lifetime.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00168216 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00238928 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00245704 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00152224 _____ () C:\Program Files\AVG\Antivirus\network_notifications.dll
    2017-11-30 09:05 - 2017-11-30 09:05 - 05877992 _____ () C:\Program Files\AVG\Antivirus\defs\17113000\algo.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00711176 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00246728 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
    2017-11-30 15:25 - 2017-11-30 15:25 - 05877992 _____ () C:\Program Files\AVG\Antivirus\defs\17113006\algo.dll
    2017-12-01 07:29 - 2017-12-01 07:29 - 05888920 _____ () C:\Program Files\AVG\Antivirus\defs\17120100\algo.dll
    2017-12-01 15:31 - 2017-12-01 15:31 - 05888920 _____ () C:\Program Files\AVG\Antivirus\defs\17120110\algo.dll
    2017-12-02 07:33 - 2017-12-02 07:33 - 05888920 _____ () C:\Program Files\AVG\Antivirus\defs\17120202\algo.dll
    2017-12-03 07:35 - 2017-12-03 07:35 - 05888920 _____ () C:\Program Files\AVG\Antivirus\defs\17120300\algo.dll
    2016-04-13 16:25 - 2016-04-13 16:25 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
    2017-10-18 23:52 - 2017-10-18 23:52 - 01042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-10-18 23:52 - 2017-10-18 23:52 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-07-25 12:53 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-07-25 12:53 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2017-10-18 23:51 - 2017-10-18 23:51 - 00189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2017-07-05 16:51 - 2017-07-05 16:51 - 67109376 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
    2016-12-02 18:14 - 2016-12-02 18:14 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
    2015-07-25 12:53 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-07-25 12:53 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-07-25 12:53 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00143912 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
    2017-11-27 08:44 - 2017-11-27 08:44 - 00246728 _____ () c:\Program Files\AVG\Antivirus\StreamBack.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7873 more sites.

    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

    There are 7873 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2015-11-17 14:44 - 00000734 ____N C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: 75.114.81.1 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{BBAE6A51-936A-4002-B8B4-0F02AABB30B2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B2128B1E-F10A-497D-9B81-0746EB32B04E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    02-12-2017 00:00:03 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/03/2017 03:20:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0xdb8
    Faulting application start time: 0xesu.exe0
    Faulting application path: esu.exe1
    Faulting module path: esu.exe2
    Report Id: esu.exe3

    Error: (12/03/2017 03:20:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

    Error: (12/02/2017 01:30:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0x1890
    Faulting application start time: 0xesu.exe0
    Faulting application path: esu.exe1
    Faulting module path: esu.exe2
    Report Id: esu.exe3

    Error: (12/02/2017 01:30:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

    Error: (12/01/2017 01:41:18 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0x146c
    Faulting application start time: 0xesu.exe0
    Faulting application path: esu.exe1
    Faulting module path: esu.exe2
    Report Id: esu.exe3

    Error: (12/01/2017 01:41:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

    Error: (11/30/2017 02:34:06 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0x10c8
    Faulting application start time: 0xesu.exe0
    Faulting application path: esu.exe1
    Faulting module path: esu.exe2
    Report Id: esu.exe3

    Error: (11/30/2017 02:34:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

    Error: (11/29/2017 01:30:47 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0x12e8
    Faulting application start time: 0xesu.exe0
    Faulting application path: esu.exe1
    Faulting module path: esu.exe2
    Report Id: esu.exe3

    Error: (11/29/2017 01:30:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])


    System errors:
    =============
    Error: (12/01/2017 03:31:15 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (11/30/2017 03:24:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053

    Error: (11/30/2017 03:24:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (11/30/2017 03:23:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Garmin Device Interaction Service service failed to start due to the following error:
    %%1053

    Error: (11/30/2017 03:23:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

    Error: (11/30/2017 10:23:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053

    Error: (11/30/2017 10:23:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (11/30/2017 10:22:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053

    Error: (11/30/2017 10:22:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (11/30/2017 10:21:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Garmin Device Interaction Service service failed to start due to the following error:
    %%1053


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
    Percentage of memory in use: 80%
    Total physical RAM: 1944.03 MB
    Available physical RAM: 374.78 MB
    Total Virtual: 3888.06 MB
    Available Virtual: 1715.27 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:249.07 GB) NTFS
    Drive e: () (Removable) (Total:57.87 GB) (Free:41.36 GB) FAT32
    Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
    Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

    ==================== End of Addition.txt ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-12-03 09:26:52
    -----------------------------
    09:26:52.117 OS Version: Windows 6.1.7601 Service Pack 1
    09:26:52.117 Number of processors: 2 586 0x170A
    09:26:52.119 ComputerName: ED-PC UserName: Ed
    09:27:24.804 Initialize success
    09:27:24.911 VM: initialized successfully
    09:27:24.913 VM: Intel CPU BiosDisabled
    09:29:30.334 AVAST engine defs: 17030301
    09:37:09.963 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"

    ***

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Start Farbar Recovery Scan Tool with Administrator privileges

    or Right click on the FRST icon and select Run as administrator

    Right click/highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [BingSvc] => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]
    Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    Hosts:
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

    created by Aura

    ~~~~~~~~~~~~~~~~~~

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply



    Please post these logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    How do I use the text you instructed me to copy?

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I want you to use your mouse or what ever way you highlight and copy

    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [BingSvc] => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]
    Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    Hosts:
    Emptytemp:
    End::

    Then look for your Farbar Recovery Scan Tool Icon
    Double click on it to open, then look for the Fix button and click on that and it will run.

    the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    FRST gives me only a popup that says: "No fixlist.txt found"

    Should I be saving the copied text as "fixlist.txt" ?

  6. #6
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    The copied text remains on my clipboard unless I Save it somewhere...I assume.

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's try it a different way, there is something not working as intended here.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [BingSvc] => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]
    Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    Hosts:
    Emptytemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    Fix result of Farbar Recovery Scan Tool (x86) Version: 06-12-2017
    Ran by Ed (07-12-2017 13:49:29) Run:1
    Running from E:\Computer
    Loaded Profiles: Ed (Available Profiles: Ed)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [BingSvc] => C:\Users\Ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (� 2015 Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-30] [not signed]
    Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    Hosts:
    Emptytemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => removed successfully.
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
    C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => moved successfully
    C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => path could not remove
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B184694-64C3-4633-94C5-945B3FA561D6}" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B184694-64C3-4633-94C5-945B3FA561D6}" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D21F6024-191F-4454-BBBC-09A650DA2549}" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D21F6024-191F-4454-BBBC-09A650DA2549}" => removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset all =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 12582912 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3212008 B
    Java, Flash, Steam htmlcache => 523 B
    Windows/system/drivers => 6680235 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 50640262 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 21563 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 0 B
    LocalService => 0 B
    NetworkService => 260 B
    Ed => 464902670 B

    RecycleBin => 3504192 B
    EmptyTemp: => 516.5 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 13:50:51 ====

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Can I see

    AdwCleaner log
    RogueKiller log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    # AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 08 16:15:12 2017
    # Updated on 2017/29/11 by Malwarebytes
    # Running on Windows 7 Home Premium (X86)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\ProgramData\Avg_Update_0316av


    ***** [ Files ] *****

    No malicious files deleted.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    Deleted: 0316avUpdateInfo
    Deleted: 0615piUpdateInfo


    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [1355 B] - [2017/12/8 16:7:2]
    C:/AdwCleaner/AdwCleaner[S1].txt - [1421 B] - [2017/12/8 16:10:53]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

    # AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 08 16:07:02 2017
    # Updated on 2017/29/11 by Malwarebytes
    # Database: 12-08-2017.1
    # Running on Windows 7 Home Premium (X86)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_0316av


    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    PUP.Adware.Heuristic, 0316avUpdateInfo
    PUP.Adware.Heuristic, 0615piUpdateInfo


    ***** [ Registry ] *****

    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************



    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

    RogueKiller V12.11.27.0 [Dec 4 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Ed [Administrator]
    Started from : C:\Users\Ed\Downloads\RogueKiller_portable32.exe
    Mode : Scan -- Date : 12/08/2017 11:32:08 (Duration : 00:38:48)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 2 ¤¤¤
    [PUM.HomePage] HKEY_USERS\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://toast.net/start -> Found
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][Firefox:Config] c1chj0up.default-1479757157401 : user_pref("browser.startup.homepage", "http://toast.net/start/"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST320LT007-9ZV142 +++++
    --- User ---
    [MBR] 0ca11b9123e05cfef88bb9f1d87d8255
    [BSP] 7aadc9b130d3831ed8795562e918dbf1 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 3450 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 7067648 | Size: 301793 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SanDisk Ultra USB Device +++++
    --- User ---
    [MBR] b2a5207711aaeee8437ff9e9e721809e
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 21952 | Size: 59285 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: TOSHIBA TransMemory USB Device +++++
    --- User ---
    [MBR] fef81fdee75be3af8bc5addbeae9d54b
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7624 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    ***

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •