Lately during sluggish laptop performance, I've seen a yellow banner at the top of my screen saying a script MAY be running, and there's a button to Stop it, but I can't always get to it before it disappears, and when I can and click it, I do NOT notice any performance change right away.

Last evening (10/6), my laptop became so unresponsive that I powered it OFF. This morning when I turned it ON, it ran CHKDSK on its own. After that, it had an epileptic seizure during which it momentarily displayed (flashed onto the screen) a series of "stuff" I can't even describe. Finally, it settled down and allowed keyboard control.

I did Registry backup, and then ran FRST and aswMBR.

FRST generated Addition and FRST text files, which both follow, but aswMBR generated nothing.

***

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06.10.2018
Ran by Ed (07-10-2018 10:49:51)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD40DFE8-9908-43A8-93C0-67608DD3D400}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.6.3066 - AVG Technologies)
AVG PC TuneUp (HKLM\...\{1EC0253F-2E87-44B9-9EBA-9A102B9FA5EC}) (Version: 16.78.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.78.3.33194 - AVG Technologies)
AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.2.632 - AVG)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
FMW 1 (HKLM\...\{C22DCE85-A6B0-4D3D-81AC-460D7726CCA5}) (Version: 1.227.45 - AVG Technologies) Hidden
Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
H&R Block Basic + Efile 2015 (HKLM\...\{7BDAAEFD-7F67-4484-BED2-BEB6FE7FB216}) (Version: 15.02.8101 - HRB Technology, LLC.)
H&R Block Basic + Efile 2016 (HKLM\...\{4B215EF6-EB8B-4F37-B097-CC2A9271730F}) (Version: 16.02.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2017 (HKLM\...\{16CC23D8-0CC6-4934-AA1F-B79AE31C405F}) (Version: 17.04.7601 - HRB Technology, LLC.)
iCloud (HKLM\...\{41F9DCCB-2880-455B-BE44-616D221A0907}) (Version: 7.6.0.15 - Apple Inc.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
iTunes (HKLM\...\{F9FEA709-DE8A-4ECB-A57B-FB2604EF24FB}) (Version: 12.7.3.46 - Apple Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x86 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3.6848 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.28 (HKLM\...\Skype_is1) (Version: 8.28 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Launcher (HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-08-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-15] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-08-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00587C43-504F-45D2-BC47-1CB8C8368DD2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-16] (AVG Technologies CZ, s.r.o.)
Task: {0455F47A-10A2-4FB1-AC5F-FB097F3DFC59} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {2D8E2A7D-4CA7-49EC-8DAA-7959C38DD9E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-13] (Adobe Systems Incorporated)
Task: {3407B30F-4F10-4BC4-BF32-348CCC05BE8C} - System32\Tasks\{AF763B4A-2B87-4800-8AFA-678098615577} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {51F4EE08-2A0A-47BE-B982-32F5AC8C540F} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {5791A7E9-AF24-49A0-9DD0-719571AC1CDE} - System32\Tasks\{416A5D32-82D3-40D7-9405-AFF201723BF7} => C:\Windows\system32\pcalua.exe -a C:\Users\Ed\Desktop\HijackThis.exe -d C:\Users\Ed\Desktop
Task: {5D0AAED1-F817-40C8-A6AC-887D419D14AA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3659970256-991337627-2867597209-1001 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {6BC8DC70-50EB-42F9-B736-2899ED27BD82} - System32\Tasks\AVG Secure VPN Update => C:\Program Files\AVG\Secure VPN\VpnUpdate.exe [2018-07-30] (AVG Technologies CZ, s.r.o.)
Task: {9413DBD0-2DAC-429F-82BF-7483B33D3F59} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-08-26] (AVG Technologies CZ, s.r.o.)
Task: {95570954-4BD3-4CDE-8D51-DFF7C8625D5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E827873C-7FA0-466B-9F3A-738833CBAA57} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2018-06-26] (Apple Inc.)
Task: {EACC9B78-691D-4701-B1EF-EBB9D8B49235} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {F90EB98B-581C-4671-A17C-1919D1F3EC47} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2018-07-26] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-08-26 11:49 - 2018-08-26 11:49 - 000574192 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-08-26 11:49 - 2018-08-26 11:49 - 000897264 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-08-26 11:49 - 2018-08-26 11:49 - 000987888 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-08-26 11:49 - 2018-08-26 11:49 - 000542448 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-07 08:26 - 2018-10-07 08:26 - 005708488 _____ () C:\Program Files\AVG\Antivirus\defs\18100702\algo.dll
2014-01-16 20:11 - 2013-01-15 00:47 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-04-13 17:25 - 2016-04-13 17:25 - 000036864 _____ () C:\Windows\System32\pdf995mon.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-12-02 19:14 - 2016-12-02 19:14 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-12-03 12:28 - 2016-09-13 15:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-03 12:28 - 2016-09-13 15:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-06-23 06:56 - 2018-06-23 06:56 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2018-06-27 21:01 - 2018-06-27 21:00 - 067127976 _____ () C:\Program Files\AVG\Secure VPN\libcef.dll
2018-03-14 09:48 - 2018-03-14 09:48 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 000326144 _____ () C:\Program Files\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 15:32 - 2017-03-28 15:32 - 000073216 _____ () C:\Program Files\Garmin\Device Interaction Service\FixBootSector.dll
2018-04-10 10:13 - 2018-08-30 14:20 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.

IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-10-03 06:02 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{75AB4C22-396C-48B6-9E03-62CB7EFEF20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DE198AF-45A7-447C-B8E0-188779B7B7E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F781254-2F92-4DD5-8A8F-124AC410C699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8781FF3F-C183-4B63-A1C1-2C2A83757D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80ECA08B-FB7B-4435-9E54-09F72EC1EA40}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3A56F231-0455-4CB6-ADF7-186661B5A4DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{29DCD986-D2D4-4E4C-A496-5A99584B85E3}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3748A6F8-53E4-46FB-BF30-9EEE858836E0}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{48AB0D36-565C-4831-B4A9-63A9BC02600D}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{0C9B3188-57EB-46B1-AEA3-60B91FCB4DB0}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

21-09-2018 02:35:23 Scheduled Checkpoint
29-09-2018 00:00:05 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: AVG TAP Adapter v3
Description: AVG TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: avgTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2018 09:20:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Ed\Desktop\BIN64\a2cmd.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/07/2018 08:40:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x183c
Faulting application start time: 0x01d45e3a94132c7c
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 1e20068a-ca2e-11e8-9b20-00226817a818

Error: (10/07/2018 08:40:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (10/07/2018 08:39:43 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (10/07/2018 08:39:40 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (10/06/2018 04:11:19 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (10/06/2018 04:11:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (10/06/2018 04:07:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x2f9c
Faulting application start time: 0x01d45d4b87de9b15
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: cdc8697c-c93e-11e8-a19a-00226817a818


System errors:
=============
Error: (10/07/2018 08:34:57 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a45\??\C:\System Volume Information\Syscache.hve

Error: (10/07/2018 08:13:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (10/07/2018 08:10:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (10/07/2018 08:08:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/07/2018 08:08:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/07/2018 08:08:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/07/2018 08:08:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/07/2018 08:06:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:58:51 PM on ‎10/‎6/‎2018 was unexpected.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 48%
Total physical RAM: 1944.03 MB
Available physical RAM: 992.74 MB
Total Virtual: 6911.13 MB
Available Virtual: 5339.34 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:228.4 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.18 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:2.54 GB) FAT32

\\?\Volume{0c055244-2ff0-11e5-bcc9-806e6f6e6963}\ (System) (Fixed) (Total:3.37 GB) (Free:0.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

***

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.10.2018
Ran by Ed (administrator) on ED-PC (07-10-2018 10:49:02)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\Vpn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\VpnSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Foundation) C:\Program Files\Mozilla Firefox\pingsender.exe
(Mozilla Foundation) C:\Program Files\Mozilla Firefox\crashreporter.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219888 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291056 2018-08-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2018-02-22]
ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2018-08-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 75.114.81.1 209.18.47.62
Tcpip\..\Interfaces\{C9604640-2540-4F90-BBFC-7E5BF9549C72}: [NameServer] 77.234.40.79

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

FireFox:
========
FF DefaultProfile: 259s4omg.default-1479757157401-1521739273796
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796 [2018-10-07]
FF Homepage: Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796 -> www.toast.net/start
FF Extension: (Firefox Monitor) - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796\features\{59a768a4-6bff-47d9-8d60-054b42e15660}\fxmonitor@mozilla.org.xpi [2018-10-04]
FF Extension: (Telemetry coverage) - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\259s4omg.default-1479757157401-1521739273796\features\{59a768a4-6bff-47d9-8d60-054b42e15660}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-04] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3659970256-991337627-2867597209-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default [2018-09-11]
CHR Extension: (Slides) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-15]
CHR Extension: (Docs) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-15]
CHR Extension: (Google Drive) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-15]
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-15]
CHR Extension: (Sheets) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Skype) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-26]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-11]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-08-26] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6537768 2018-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189832 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SecureVpn; C:\Program Files\AVG\Secure VPN\VpnSvc.exe [5514360 2018-07-30] (AVG Technologies CZ, s.r.o.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [5226496 2018-07-26] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [41472 2018-07-26] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [159936 2018-08-26] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [181240 2018-08-26] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [157840 2018-08-26] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [276712 2018-08-26] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [50360 2018-08-26] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35192 2018-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [127656 2018-09-11] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [93440 2018-08-26] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [64232 2018-08-28] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [776504 2018-08-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [388848 2018-09-04] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [158224 2018-09-12] (AVG Technologies CZ, s.r.o.)
S3 avgTap; C:\Windows\System32\DRIVERS\avgTap.sys [49136 2017-12-05] (The OpenVPN Project)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [303680 2018-08-26] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-10-07] (Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-01-27] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
U3 aswMBR; \??\C:\Users\Ed\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Ed\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-07 10:49 - 2018-10-07 10:49 - 000012741 _____ C:\Users\Ed\Desktop\FRST.txt
2018-10-07 10:43 - 2018-10-07 10:43 - 000000510 _____ C:\Users\Ed\Desktop\aswMBR.txt
2018-10-07 10:37 - 2018-10-07 10:37 - 005198336 _____ (AVAST Software) C:\Users\Ed\Downloads\aswMBR.exe
2018-10-07 10:09 - 2018-10-07 10:09 - 001774592 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2018-10-07 10:01 - 2018-10-07 10:01 - 000066883 _____ C:\Users\Ed\Desktop\fGdFB7Zt.htm
2018-10-07 09:58 - 2018-10-07 09:58 - 000000000 ____D C:\RegBackup
2018-10-07 09:57 - 2018-10-07 09:57 - 000002148 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-10-07 09:55 - 2018-10-07 09:55 - 000001653 _____ C:\Users\Ed\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
2018-10-07 09:52 - 2018-10-07 09:53 - 005766144 _____ (Tweaking.com) C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
2018-10-07 09:47 - 2018-10-07 09:47 - 000005757 _____ C:\Users\Ed\Desktop\Tashi posting instructions.txt
2018-10-07 08:08 - 2018-10-07 08:08 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-07 08:06 - 2018-10-07 08:06 - 000003472 ____N C:\bootsqm.dat
2018-09-11 21:44 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 21:44 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 21:44 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 21:44 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 21:44 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 21:44 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 21:44 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 21:44 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 21:44 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 21:44 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 21:44 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 21:44 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 21:44 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 21:44 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 21:44 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 21:44 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 21:44 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 21:44 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 21:44 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 21:44 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 21:44 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 21:44 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 21:44 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 21:43 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 21:43 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 21:43 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 21:43 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 21:43 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 21:43 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 21:43 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 21:43 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 21:43 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 21:43 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 21:43 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 21:43 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 21:43 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 21:43 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 21:43 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 21:43 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 21:43 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 21:43 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 21:43 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 21:43 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 21:43 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 21:43 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 21:43 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 21:43 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 21:43 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 21:43 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 21:43 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 21:43 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-11 19:58 - 2018-09-11 19:58 - 000000035 _____ C:\END
2018-09-11 16:42 - 2018-08-26 11:49 - 000324336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-09-11 14:43 - 2018-09-11 14:43 - 000000000 ____D C:\ProgramData\UpdShl
2018-09-11 14:42 - 2018-09-11 14:42 - 000000000 _RSHD C:\ProgramData\Key-Base
2018-09-11 14:42 - 2018-09-11 14:42 - 000000000 ____D C:\ProgramData\{B0BE0BAA-6184-5036-9887-FB6FB3FDB9E0}
2018-09-11 14:41 - 2018-09-11 19:58 - 000000000 ____D C:\Program Files\AVG Software
2018-09-11 14:41 - 2018-09-11 14:41 - 000000000 ____D C:\Users\Ed\AppData\Local\AVGAntiTrack
2018-09-11 14:41 - 2018-09-11 14:41 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-07 10:49 - 2018-03-25 08:44 - 000000000 ____D C:\FRST
2018-10-07 10:47 - 2016-11-19 16:24 - 000000000 ____D C:\Users\Ed\AppData\LocalLow\Mozilla
2018-10-07 10:16 - 2009-07-14 00:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-07 10:16 - 2009-07-14 00:34 - 000021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-07 09:58 - 2015-10-09 17:43 - 000066737 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2018-10-07 09:42 - 2015-07-21 16:26 - 000000000 ____D C:\Users\Ed\Desktop\Unused Icons
2018-10-07 09:20 - 2015-07-22 09:55 - 000000000 ____D C:\Users\Ed\AppData\LocalLow\Adobe
2018-10-07 08:07 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-07 08:06 - 2017-05-19 16:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-07 08:06 - 2015-08-10 16:54 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-10-02 13:03 - 2015-07-22 09:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-13 21:02 - 2010-11-20 17:01 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-13 21:02 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-13 11:49 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
2018-09-13 08:43 - 2009-07-14 00:33 - 000310016 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-13 08:17 - 2015-07-21 15:43 - 000000000 ____D C:\Windows\system32\MRT
2018-09-13 08:12 - 2015-07-21 15:43 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-12 16:43 - 2017-05-23 09:02 - 000158224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-09-11 17:26 - 2018-03-15 10:59 - 000000000 ____D C:\Program Files\Google
2018-09-11 16:45 - 2017-11-27 09:46 - 000001953 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-09-11 11:50 - 2017-05-23 09:02 - 000127656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys

==================== Files in the root of some directories =======

2015-12-29 22:38 - 2015-12-29 22:39 - 054113464 _____ (HRB Technology, LLC.) C:\Program Files\HRBlock2015.exe

Some files in TEMP:
====================
2018-10-07 09:17 - 2018-10-07 09:17 - 083792120 _____ (Garmin Ltd or its subsidiaries) C:\Users\Ed\AppData\Local\Temp\GarminExpressInstaller.exe
2018-08-27 19:43 - 2018-08-27 19:43 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Ed\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-05 00:52

==================== End of FRST.txt ============================