Page 5 of 11 FirstFirst 123456789 ... LastLast
Results 41 to 50 of 105

Thread: Persistent Warning

  1. #41
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    I clicked OK on the HijackThis Beta message, and then the following logfile appeared:

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 7:47:17 AM, on 1/28/2018
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17840)

    FIREFOX: 58.0 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    C:\Program Files\AVG\Framework\Common\avguix.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\AVG\Antivirus\AVGUI.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\secd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Ed\Desktop\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
    O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
    O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe
    O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\aswidsagent.exe
    O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

    --
    End of file - 6995 bytes

    I also got a long list of HilackThis results showing a couple of items checked, but there doesn't appear to be a way to Save it, so I've just left it open.

    Suggestion?

  2. #42
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Close HJT, exit out the tool.

    The error you saw previously will not effect what we do.

    wuauclt.exe <-- was running when you took the scan
    wuauclt.exe process is part of Windows Update AutoUpdate Client of Microsoft. Something from Microsoft was trying or searching ffor updates or had finished updating I can't tell

    How to manually check for windows updates
    https://support.microsoft.com/en-us/...pdate-manually
    scroll to Windows 7

    ~~~~~~
    Typically, these entries are infrequently used tasks that can be started manually, if necessary.
    Removing/disabling these items from statup will help with system resources.

    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
    O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
    O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
    O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe



    Reboot the computer to set the registry.


    ~~~~~~~~~~~~~~~~~~~~~~

    whats happening now with the computer.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #43
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    After reboot, system started normally. Task Monitor shows considerable CPU Usage (greater than 40%) persisting. I haven't tried opening any apps.

  4. #44
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    To run HijackThis, I had to use "Run as administrator" because whenever I clicked on "Open," I got the "Beta" message.

  5. #45
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    I just got the popup/audio message again. See attachment.
    Attached Images Attached Images

  6. #46
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    That message is a fake scam page.

    When that pops up use Task manager to locate yor browser and then right click and end task.

    ~~~
    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.


    Proceed with the reset once done.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #47
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Also, did you check manually for Microsoft updates?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #48
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    Whenever the popup/audio warning starts, it freezes my browser, but so far I've been able to turn it OFF using the Task Manager. Of course, whatever I'm then doing gets lost because computer has to restart.

    I have Windows Updates set to Automatic. I navigated to Windows Updates from Control Panel. Under the "Status" heading, all updates show "Successful" except Windows 10, which evidently has tried and failed more than once. I don't think I need or want Windows 10.

    Right now, the computer is behaving normally except for the popup/audio warning I showed you, and while it occurs unpredictably and is a nuisance, it only occurs once or twice a day depending on how much time I spend on the Internet. I've read that it is Adware and can be removed with HijackThis, so I wonder why that didn't get it..?

  9. #49
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    The tool HJT only goes after items it's been instructed to, which as of this time we only use it to disable startup options. It's a very out of date tool to use for malware.

    I had hoped when you added the AdBlocker this would had remedied the situation and when you reset the browsers.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Can you run a new FRST scan and post the logs please.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #50
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27.01.2018
    Ran by Ed (administrator) on ED-PC (30-01-2018 04:26:31)
    Running from C:\Users\Ed\Desktop
    Loaded Profiles: Ed (Available Profiles: Ed)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Lenovo) C:\Windows\System32\ibmpmsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [295512 2018-01-01] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [261944 2018-01-22] (Apple Inc.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-01-10] (Apple Inc.)
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
    Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: vduktc57.default-1479757157401-1516982433966
    FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966 [2018-01-30]
    FF Homepage: Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966 -> hxxps://www.toast.net/start/
    FF Extension: (Pioneer Enrollment) - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\Extensions\pioneer-enrollment-study@mozilla.org.xpi [2018-01-27] [Legacy]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [301720 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5957472 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
    S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4448016 2017-11-15] (AVG Technologies CZ, s.r.o.)
    R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48912 2017-11-15] (AVG Technologies CZ, s.r.o.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [150672 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135872 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [249232 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [151024 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270344 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43992 2018-01-01] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35264 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [116344 2018-01-10] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [91976 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63280 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775552 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [382720 2018-01-10] (AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [143776 2018-01-01] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [287128 2018-01-01] (AVG Technologies CZ, s.r.o.)
    S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-29] ()
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [168376 2018-01-26] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2018-01-29] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2018-01-29] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-01-29] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2018-01-30] (Malwarebytes)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-01-26] ()
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-30 04:26 - 2018-01-30 04:28 - 000011102 _____ C:\Users\Ed\Desktop\FRST.txt
    2018-01-30 04:25 - 2018-01-30 04:26 - 000000000 ____D C:\FRST
    2018-01-30 04:22 - 2018-01-30 04:22 - 001754112 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
    2018-01-30 04:20 - 2018-01-30 04:20 - 000056121 _____ C:\Users\Ed\Desktop\ccVcSjKu.htm
    2018-01-29 08:51 - 2018-01-30 00:51 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2018-01-29 06:36 - 2018-01-29 06:36 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-01-29 06:26 - 2018-01-29 06:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2018-01-29 06:24 - 2018-01-29 06:24 - 000001754 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-01-29 06:24 - 2018-01-29 06:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-01-29 06:23 - 2018-01-29 06:23 - 000000000 ____D C:\Program Files\iPod
    2018-01-29 06:21 - 2018-01-29 06:23 - 000000000 ____D C:\Program Files\iTunes
    2018-01-29 06:14 - 2018-01-29 06:14 - 000000000 ____D C:\Program Files\Apple Software Update
    2018-01-28 13:15 - 2018-01-29 06:37 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2018-01-28 13:07 - 2018-01-28 13:07 - 000000000 ____D C:\Users\Ed\Desktop\backups
    2018-01-27 16:43 - 2018-01-27 16:44 - 000388608 _____ (Trend Micro Inc.) C:\Users\Ed\Desktop\HijackThis.exe
    2018-01-27 00:15 - 2018-01-27 00:15 - 000004092 _____ C:\Users\Ed\Desktop\rk_51F7.tmp.txt
    2018-01-26 23:18 - 2018-01-26 23:19 - 022536776 _____ (Adlice Software) C:\Users\Ed\Desktop\RogueKiller_portable32.exe
    2018-01-26 23:11 - 2018-01-26 23:11 - 000000952 _____ C:\Users\Ed\Desktop\AdwCleaner[S0].txt
    2018-01-26 23:04 - 2018-01-29 06:37 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2018-01-26 23:04 - 2018-01-26 23:04 - 000168376 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2018-01-26 23:04 - 2018-01-26 23:04 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-01-26 23:04 - 2018-01-26 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-01-26 23:03 - 2018-01-26 23:03 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-01-26 23:03 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
    2018-01-26 22:57 - 2018-01-26 22:57 - 082377272 _____ (Malwarebytes ) C:\Users\Ed\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3791.exe
    2018-01-26 22:55 - 2018-01-26 22:55 - 000001018 _____ C:\Users\Ed\Desktop\AdwCleaner[S1].txt
    2018-01-26 22:45 - 2018-01-26 22:54 - 000000000 ____D C:\AdwCleaner
    2018-01-26 22:42 - 2018-01-26 22:42 - 008206624 _____ (Malwarebytes) C:\Users\Ed\Desktop\AdwCleaner.exe
    2018-01-24 19:47 - 2018-01-01 07:37 - 000306960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2018-01-21 09:40 - 2018-01-21 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2017
    2018-01-21 09:40 - 2018-01-21 09:40 - 000001994 _____ C:\Users\Public\Desktop\H&R Block 2017.lnk
    2018-01-21 09:38 - 2018-01-21 09:40 - 000000000 ____D C:\Program Files\HRBlock2017
    2018-01-21 08:01 - 2018-01-21 08:01 - 000131034 _____ C:\Users\Ed\Desktop\2017 YearEndSummary.pdf
    2018-01-12 09:19 - 2018-01-12 09:19 - 000148433 _____ C:\Users\Ed\Downloads\EasyPayTermsAgreement(1).pdf
    2018-01-04 23:31 - 2017-12-31 21:02 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
    2018-01-04 23:31 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2018-01-04 23:31 - 2017-12-31 20:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-01-04 23:31 - 2017-12-31 20:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2018-01-04 23:31 - 2017-12-31 20:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2018-01-04 23:31 - 2017-12-31 20:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
    2018-01-04 23:31 - 2017-12-31 20:54 - 000198888 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
    2018-01-04 23:31 - 2017-12-31 20:54 - 000198888 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-01-04 23:31 - 2017-12-31 20:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
    2018-01-04 23:31 - 2017-12-31 20:54 - 000139496 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
    2018-01-04 23:31 - 2017-12-31 20:54 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-01-04 23:31 - 2017-12-31 20:54 - 000105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2018-01-04 23:31 - 2017-12-31 20:54 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-01-04 23:31 - 2017-12-31 20:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2018-01-04 23:31 - 2017-12-31 20:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
    2018-01-04 23:31 - 2017-12-31 20:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
    2018-01-04 23:31 - 2017-12-31 20:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
    2018-01-04 23:31 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
    2018-01-04 23:31 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
    2018-01-04 23:31 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2018-01-04 23:31 - 2017-12-31 20:40 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-01-04 23:31 - 2017-12-31 20:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-01-04 23:31 - 2017-12-31 20:40 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-01-04 23:31 - 2017-12-31 20:40 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-01-04 23:31 - 2017-12-31 20:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-01-04 23:31 - 2017-12-31 20:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2018-01-04 23:31 - 2017-12-31 20:37 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-01-04 23:31 - 2017-12-31 20:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2018-01-04 23:31 - 2017-12-31 20:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2018-01-04 23:31 - 2017-12-31 20:36 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-01-04 23:31 - 2017-12-31 20:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2018-01-04 23:31 - 2017-12-31 20:35 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-01-04 23:31 - 2017-12-31 20:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2018-01-04 23:31 - 2017-12-31 20:35 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-01-04 23:31 - 2017-12-31 20:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2018-01-04 23:31 - 2017-12-31 20:35 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-01-04 23:31 - 2017-12-31 20:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-01-04 23:31 - 2017-12-31 20:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-01-04 23:31 - 2017-12-31 20:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-01-04 23:31 - 2017-12-31 20:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-31 20:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2018-01-04 23:31 - 2017-12-21 01:27 - 000535656 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-01-04 23:31 - 2017-12-13 11:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2018-01-04 23:31 - 2017-12-13 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2018-01-04 23:31 - 2017-12-13 11:11 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2018-01-04 23:31 - 2017-12-13 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2018-01-04 23:31 - 2017-12-13 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2018-01-04 23:31 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
    2018-01-04 23:31 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
    2018-01-04 23:31 - 2017-12-05 10:50 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-01-04 23:31 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
    2018-01-01 07:38 - 2018-01-01 07:37 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-30 04:09 - 2016-11-19 15:24 - 000000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
    2018-01-29 21:27 - 2009-07-13 23:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-01-29 21:27 - 2009-07-13 23:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-01-29 16:06 - 2017-05-19 15:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-01-29 16:06 - 2015-08-10 15:54 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
    2018-01-29 06:34 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-01-29 06:14 - 2017-11-05 09:08 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2018-01-29 06:09 - 2017-11-05 09:11 - 000000000 ____D C:\Users\Ed\AppData\Roaming\Apple Computer
    2018-01-28 21:53 - 2017-12-26 19:54 - 000033280 _____ C:\Users\Ed\Desktop\Alert 24 25 Dec 2017.xls
    2018-01-28 14:17 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
    2018-01-28 14:10 - 2015-07-25 09:29 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2018-01-28 14:10 - 2015-07-25 09:29 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2018-01-28 14:10 - 2015-07-25 09:29 - 000000000 ____D C:\Windows\system32\Macromed
    2018-01-27 15:28 - 2016-01-18 20:00 - 000000000 ____D C:\Users\Ed\AppData\Roaming\Skype
    2018-01-27 15:27 - 2017-11-07 07:43 - 000000000 ___RD C:\Users\Ed\iCloudDrive
    2018-01-27 08:08 - 2017-12-25 10:33 - 000000000 ____D C:\Users\Ed\AppData\Local\CrashDumps
    2018-01-27 03:04 - 2010-11-20 16:01 - 000774404 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-01-27 01:27 - 2015-07-21 15:26 - 000000000 ____D C:\Users\Ed\Desktop\Unused Icons
    2018-01-26 23:27 - 2017-12-08 11:32 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2018-01-26 23:03 - 2015-10-12 15:11 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-01-26 11:00 - 2016-11-21 14:39 - 000000000 ____D C:\Users\Ed\Desktop\Old Firefox Data
    2018-01-24 19:49 - 2017-11-27 08:46 - 000001921 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
    2018-01-21 09:55 - 2015-11-12 13:46 - 000000000 ____D C:\Users\Ed\Documents\HRBlock
    2018-01-21 09:48 - 2015-11-12 13:48 - 000000000 ____D C:\Users\Ed\AppData\Roaming\TaxCut
    2018-01-21 09:31 - 2015-11-12 13:45 - 000000000 ____D C:\ProgramData\TaxCut
    2018-01-17 03:16 - 2017-05-29 14:13 - 000000000 _____ C:\Windows\system32\last.dump
    2018-01-10 19:38 - 2017-05-23 08:02 - 000382720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2018-01-10 19:38 - 2017-05-23 08:02 - 000116344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2018-01-10 03:11 - 2015-07-21 14:43 - 000000000 ____D C:\Windows\system32\MRT
    2018-01-10 03:08 - 2017-10-11 02:01 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-01-10 03:07 - 2015-07-21 14:43 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-01-06 14:46 - 2015-09-01 13:00 - 000000000 ____D C:\TEMP
    2018-01-05 04:22 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\rescache
    2018-01-05 03:21 - 2009-07-13 23:33 - 000310016 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-01-02 07:18 - 2017-05-29 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2018-01-01 07:41 - 2016-11-21 16:33 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
    2018-01-01 07:37 - 2017-11-27 08:45 - 000150672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000287128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000143776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
    2018-01-01 07:37 - 2017-05-23 08:02 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys

    ==================== Files in the root of some directories =======

    2015-12-29 21:38 - 2015-12-29 21:39 - 054113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe

    Some files in TEMP:
    ====================
    2018-01-26 23:26 - 2017-12-31 21:02 - 001310528 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-01-28 00:45

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
    Ran by Ed (30-01-2018 04:28:42)
    Running from C:\Users\Ed\Desktop
    Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
    Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
    Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
    Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
    ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
    Apple Software Update (HKLM\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
    AVG (HKLM\...\{E139344F-BAD1-4394-BEBC-9A215F146A37}) (Version: 1.231.3 - AVG Technologies) Hidden
    AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies)
    AVG PC TuneUp (HKLM\...\{DD702788-AF7F-44FB-8423-5D1824F937EA}) (Version: 16.76.2 - AVG Technologies) Hidden
    AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
    Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
    Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    FMW 1 (HKLM\...\{B9B474D5-8B52-4A05-8DA0-CFECB057E523}) (Version: 1.226.3 - AVG Technologies) Hidden
    Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
    H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
    H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
    H&R Block Deluxe + Efile 2017 (HKLM\...\{16CC23D8-0CC6-4934-AA1F-B79AE31C405F}) (Version: 17.04.6301 - HRB Technology, LLC.)
    iCloud (HKLM\...\{625E52CB-61F3-4FC0-916A-4E144948A023}) (Version: 7.3.0.20 - Apple Inc.)
    Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
    iTunes (HKLM\...\{F9FEA709-DE8A-4ECB-A57B-FB2604EF24FB}) (Version: 12.7.3.46 - Apple Inc.)
    Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
    Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 58.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x86 en-US)) (Version: 58.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla)
    Mozilla Thunderbird 52.5.2 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.5.2 (x86 en-US)) (Version: 52.5.2 - Mozilla)
    OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
    PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
    Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
    RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-01-01] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-01-10] (Apple Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-14] (NVIDIA Corporation)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-01-01] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00587C43-504F-45D2-BC47-1CB8C8368DD2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-01-06] (AVG Technologies CZ, s.r.o.)
    Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
    Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-28] (Adobe Systems Incorporated)
    Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
    Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
    Task: {5791A7E9-AF24-49A0-9DD0-719571AC1CDE} - System32\Tasks\{416A5D32-82D3-40D7-9405-AFF201723BF7} => C:\Windows\system32\pcalua.exe -a C:\Users\Ed\Desktop\HijackThis.exe -d C:\Users\Ed\Desktop
    Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {67E7081C-B0E8-43CD-8057-AC36A75146E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
    Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {D52D8282-BBB0-4BA0-8F97-8C4AC21F8F38} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-01-01] (AVG Technologies CZ, s.r.o.)
    Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2018-01-10] (Apple Inc.)
    Task: {F7C8A13B-225A-4748-8F83-A40314F093E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2014-01-16 19:11 - 2013-01-14 23:47 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2018-01-01 07:37 - 2018-01-01 07:37 - 000059136 _____ () C:\Program Files\AVG\Antivirus\module_lifetime.dll
    2018-01-01 07:37 - 2018-01-01 07:37 - 000058624 _____ () C:\Program Files\AVG\Antivirus\dll_loader.dll
    2018-01-01 07:37 - 2018-01-01 07:37 - 000207272 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
    2018-01-01 07:37 - 2018-01-01 07:37 - 000290392 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
    2018-01-01 07:37 - 2018-01-01 07:37 - 000197368 _____ () C:\Program Files\AVG\Antivirus\network_notifications.dll
    2018-01-29 05:19 - 2018-01-29 05:19 - 005775088 _____ () C:\Program Files\AVG\Antivirus\defs\18012902\algo.dll
    2018-01-01 07:37 - 2018-01-01 07:37 - 000746528 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
    2018-01-01 07:37 - 2018-01-01 07:37 - 000295064 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
    2016-04-13 16:25 - 2016-04-13 16:25 - 000036864 _____ () C:\Windows\System32\pdf995mon.dll
    2018-01-05 00:14 - 2018-01-05 00:14 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-02-14 08:42 - 2017-02-14 08:42 - 000326144 _____ () C:\Program Files\Garmin\Device Interaction Service\GpsImgWrapper.dll
    2017-03-28 14:32 - 2017-03-28 14:32 - 000073216 _____ () C:\Program Files\Garmin\Device Interaction Service\FixBootSector.dll
    2016-12-02 18:14 - 2016-12-02 18:14 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
    2017-12-03 11:28 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-12-03 11:28 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2017-12-03 11:28 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-07-05 16:51 - 2017-07-05 16:51 - 067109376 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
    2018-01-22 03:21 - 2018-01-22 03:21 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
    2018-01-22 03:21 - 2018-01-22 03:21 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-01-05 00:14 - 2018-01-05 00:14 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2018-01-26 23:03 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-01-26 23:03 - 2017-11-29 09:11 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-12-03 11:28 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2018-01-01 07:37 - 2018-01-01 07:37 - 000197936 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7873 more sites.

    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

    There are 7873 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2017-12-07 13:50 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: 75.114.81.1 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{BBAE6A51-936A-4002-B8B4-0F02AABB30B2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{80ECA08B-FB7B-4435-9E54-09F72EC1EA40}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{3A56F231-0455-4CB6-ADF7-186661B5A4DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    27-01-2018 02:57:19 Scheduled Checkpoint
    27-01-2018 03:00:12 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/30/2018 01:56:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0x134c
    Faulting application start time: 0x01d3999761092932
    Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
    Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report Id: a3fe20a7-058a-11e8-a25e-00226817a818

    Error: (01/30/2018 01:56:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

    Error: (01/29/2018 03:46:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0xb48
    Faulting application start time: 0x01d398dda8ce67a6
    Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
    Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report Id: eb5c5886-04d0-11e8-a2da-00226817a818

    Error: (01/29/2018 03:46:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

    Error: (01/28/2018 02:27:43 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996cd
    Exception code: 0xe0434352
    Fault offset: 0x0000845d
    Faulting process id: 0x1944
    Faulting application start time: 0x01d39809778c27b4
    Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
    Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report Id: ba5607eb-03fc-11e8-9450-00226817a818

    Error: (01/28/2018 02:27:41 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: esu.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
    at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
    at Garmin.Omt.Service.Shared.Overrides..cctor()

    Exception Info: System.TypeInitializationException
    at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
    at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
    at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

    Error: (01/27/2018 08:13:15 AM) (Source: MsiInstaller) (EventID: 11706) (User: Ed-PC)
    Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.

    Error: (01/27/2018 08:08:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: EXCEL.EXE, version: 9.0.0.2719, time stamp: 0x36f43422
    Faulting module name: BLNMGRPS.DLL, version: 10.0.2607.0, time stamp: 0x3a83c213
    Exception code: 0xc0000005
    Fault offset: 0x00002b85
    Faulting process id: 0x1da0
    Faulting application start time: 0x01d3976cdd63e85e
    Faulting application path: C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    Faulting module path: C:\PROGRA~1\MICROS~2\Office10\BLNMGRPS.DLL
    Report Id: 20371577-0363-11e8-a1a3-00226817a818

    Error: (01/27/2018 08:08:11 AM) (Source: MsiInstaller) (EventID: 11706) (User: Ed-PC)
    Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.

    Error: (01/27/2018 08:08:02 AM) (Source: MsiInstaller) (EventID: 11706) (User: Ed-PC)
    Description: Product: Microsoft Visio Professional 2002 [English] -- Error 1706. An installation package for the product Microsoft Visio Professional 2002 [English] cannot be found. Try the installation again using a valid copy of the installation package 'Visio.msi'.


    System errors:
    =============
    Error: (01/29/2018 03:56:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (01/29/2018 07:31:17 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer LAPTOP-TKL884U4
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0.
    The master browser is stopping or an election is being forced.

    Error: (01/29/2018 06:46:11 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer LAPTOP-TKL884U4
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0.
    The master browser is stopping or an election is being forced.

    Error: (01/29/2018 06:37:49 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (01/29/2018 06:37:32 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (01/29/2018 06:36:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Garmin Device Interaction Service service hung on starting.

    Error: (01/29/2018 06:35:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (01/29/2018 06:35:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (01/29/2018 06:35:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (01/29/2018 06:26:37 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
    Percentage of memory in use: 74%
    Total physical RAM: 1944.03 MB
    Available physical RAM: 503.15 MB
    Total Virtual: 4222.06 MB
    Available Virtual: 2204.68 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:244.08 GB) NTFS
    Drive e: () (Removable) (Total:57.87 GB) (Free:41.3 GB) FAT32
    Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
    Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

    ==================== End of Addition.txt ============================

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •