Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus in AppData/ Local/ctftvqe


  • Please log in to reply

#1
amyrobinson28

amyrobinson28

    New Member

  • Member
  • Pip
  • 7 posts

Hello,

 

I wonder if anybody is able to help, my AVG keeps alerting me that I have a virus in Appdata/Local/ctftvqe, each time it pops up i select 'move to quarantine' but it keeps reappearing. Alos I have been getting the BSOD a lot lately the stop code is 'System Service Exception' and what failed says 'NETIO.SYS'. I didn't know if these two things could be related?

 

If anybody has any advice on how to fix either of these problems it would be greatly appreciated.

 

Many thanks! :)


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


  • 0

#3
amyrobinson28

amyrobinson28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, thank you for your help :) please find these results below...
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Amy (administrator) on AMYSCOMPUTER (01-12-2017 01:49:24)
Running from C:\Users\Amy\Downloads
Loaded Profiles: Amy (Available Profiles: Amy)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(TOSHIBA CORPORATION) C:\Windows\Temp\mshmezwsrv.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\setup\instup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(© 2015 Microsoft Corporation) C:\Users\Amy\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctftvqe.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(SlimWare Utilities Holdings, Inc.) C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(SlimWare Utilities Holdings, Inc.) C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
(Slimware Utilities Holdings, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
(Farbar) C:\Users\Amy\Downloads\FRST64 (1).exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7659224 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-10-23] ()
HKLM-x32\...\Run: [ctftvqe.exe] => "C:\Users\Amy\AppData\Local\ntuserlitelist\ctftvqe.exe\ctftvqe.exe.exe" -starup <==== ATTENTION
HKLM-x32\...\RunOnce: [SlimCleaner Plus] => cmd /c "start "" "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe"  /delay=5 /mode=toaster "
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [BingSvc] => C:\Users\Amy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-16] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [DriverUpdate] => C:\Program Files\DriverUpdate\DriverUpdate.exe [34041264 2017-11-13] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26221248 2016-10-25] (Slimware Utilities Holdings, Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series"
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-23]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{644493fe-8afc-4fbd-ac67-559ff095afbb}: [NameServer] 38.132.106.139,194.187.251.67
Tcpip\..\Interfaces\{644493fe-8afc-4fbd-ac67-559ff095afbb}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{cdc5db53-419d-4b0d-b77a-604e62923a56}: [DhcpNameServer] 10.71.0.1
Tcpip\..\Interfaces\{db169bb5-3309-4f2c-a8ae-9c0525edd6da}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-gb
SearchScopes: HKLM-x32 -> {57C42B49-3746-4632-BA19-45EB10F3435E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> {57C42B49-3746-4632-BA19-45EB10F3435E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> {7C5F16EE-512E-4D7D-912C-5CB94C7ED997} URL = hxxp://www.search.ask.com/web?tpid=SPC-SP&o=APN10951&pf=V7&p2=^B20^YYYYYY^YY^GB&gct=&itbv=12.28.1.1260&apn_uid=D9C8812B-0A4A-4F93-973D-0373254E36D0&apn_ptnrs=^B20&apn_dtid=^YYYYYY^YY^GB&apn_dbr=cr_42.0.2311.135&doi=2015-05-02&trgb=CR&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={841102A6-E992-4F1D-AB48-516FECD28DCF}&mid=8492f597c18a47cca1651171d0d37f37-134df7e34ef966163e213f8c407d10a8bbbed8f1&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2016-02-09 22:24:07&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> {E047F502-F9FF-4F1C-8A5A-136AF797F57F} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-23] (AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-23] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Crazy Score -> {f439aa7e-a2a0-4635-99a2-164180e848ca} -> No File
Toolbar: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> No Name - {5350432D-5350-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch","hxxps://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default [2017-11-25]
CHR Extension: (Skype Calling) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-07]
CHR Extension: (AVG Secure Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-06-03]
CHR Extension: (Bing) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-05]
CHR Extension: (HP SimplePass) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-06-05]
CHR Extension: (Crazy Score) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmefmclajgpfbinkkojcomjjbhcapmd [2015-05-03] [UpdateUrl: hxxp://cdn.crazyscore.net/update] <==== ATTENTION
CHR Extension: (Qmee) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-01-20]
CHR Extension: (AVG SafePrice) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-22]
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old [2017-10-28] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-23]
CHR Extension: (Google Sheets) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Quick Searcher) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-08-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR HKU\S-1-5-21-1400221839-1314888541-504861578-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1400221839-1314888541-504861578-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1400221839-1314888541-504861578-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Quick Searcher) - C:\Users\Amy\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-08-22]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-11-25] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-11-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 BTDEVMANAGER; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2017-07-06] () [File not signed]
S2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-11] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-23] (Realtek Semiconductor)
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-10-25] (SlimWare Utilities, Inc.)
R2 SlimWareServices; C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe [184232 2017-11-13] (SlimWare Utilities Holdings, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5618960 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1365064 2017-10-23] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-10-23] ()
S2 CG6Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 HmaOpenVpnService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-11] (HP)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-11-25] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-11-25] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-11-25] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2016-11-02] (The OpenVPN Project)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-11] (HP)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [68704 2016-12-27] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45048 2017-07-06] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31656 2016-04-13] (HP)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-13] (HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 01:49 - 2017-12-01 01:50 - 000027083 _____ C:\Users\Amy\Downloads\FRST.txt
2017-12-01 01:48 - 2017-12-01 01:49 - 000000000 ____D C:\FRST
2017-12-01 01:48 - 2017-12-01 01:48 - 002391552 _____ (Farbar) C:\Users\Amy\Downloads\FRST64 (1).exe
2017-12-01 01:46 - 2017-12-01 01:46 - 000003110 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Amy)
2017-12-01 01:46 - 2017-12-01 01:46 - 000000362 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Amy).job
2017-12-01 01:41 - 2017-12-01 01:41 - 000002481 _____ C:\Users\Public\Desktop\SlimCleaner Plus.lnk
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\Users\Amy\AppData\Local\Downloaded Installers
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\ProgramData\SlimWare Utilities Inc
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\Program Files\SlimService
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\Program Files\SlimCleaner Plus
2017-12-01 01:38 - 2017-12-01 01:38 - 000003244 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Scan
2017-12-01 01:38 - 2017-12-01 01:38 - 000000470 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
2017-12-01 01:37 - 2017-12-01 01:45 - 000000000 ____D C:\Users\Amy\AppData\Local\SlimWare Utilities Inc
2017-12-01 01:37 - 2017-12-01 01:37 - 000002489 _____ C:\Users\Public\Desktop\DriverUpdate.lnk
2017-12-01 01:37 - 2017-12-01 01:37 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2017-12-01 01:37 - 2017-12-01 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2017-12-01 01:37 - 2017-12-01 01:37 - 000000000 ____D C:\Program Files\SlimWare Utilities
2017-12-01 01:37 - 2017-12-01 01:37 - 000000000 ____D C:\Program Files\DriverUpdate
2017-12-01 01:35 - 2017-12-01 01:35 - 002391552 _____ (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2017-12-01 01:35 - 2017-12-01 01:35 - 001015616 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Amy\Downloads\DriverUpdate-setup.exe
2017-12-01 01:28 - 2017-12-01 01:32 - 000651020 _____ C:\WINDOWS\Minidump\120117-49828-01.dmp
2017-12-01 01:17 - 2017-12-01 01:18 - 000650844 _____ C:\WINDOWS\Minidump\120117-47484-01.dmp
2017-11-29 03:20 - 2017-11-29 03:20 - 000156818 _____ C:\Users\Amy\Downloads\282AR9RV_licence_summary_2017-11-29.pdf
2017-11-29 01:14 - 2017-11-29 01:14 - 000000000 ____D C:\Users\Amy\Desktop\Visa stuff
2017-11-28 00:14 - 2017-12-01 01:44 - 000000000 ____D C:\Users\Amy\AppData\Local\ctftvqe
2017-11-27 23:56 - 2017-11-27 23:56 - 000650988 _____ C:\WINDOWS\Minidump\112717-39453-01.dmp
2017-11-25 19:12 - 2017-11-25 19:12 - 000002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2017-11-25 19:12 - 2017-11-25 19:12 - 000002048 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-11-25 19:11 - 2017-11-25 19:10 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-11-25 19:11 - 2017-11-25 19:10 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2017-11-25 18:27 - 2017-11-25 01:35 - 000326281 _____ C:\Users\Amy\Downloads\b628_ab_16D_e9i1_web047320_lo (2).pdf
2017-11-25 18:10 - 2017-11-25 18:15 - 000650820 _____ C:\WINDOWS\Minidump\112517-62921-01.dmp
2017-11-25 04:25 - 2017-11-25 04:29 - 000650724 _____ C:\WINDOWS\Minidump\112517-52421-01.dmp
2017-11-25 03:59 - 2017-11-25 04:02 - 000650868 _____ C:\WINDOWS\Minidump\112517-43171-01.dmp
2017-11-20 23:51 - 2017-11-20 23:50 - 000326281 _____ C:\Users\Amy\Downloads\b628_ab_16D_e9i1_web047320_lo (1).pdf
2017-11-20 23:50 - 2017-11-05 21:31 - 000326281 _____ C:\Users\Amy\Downloads\b628_ab_16D_e9i1_web047320_lo.pdf
2017-11-08 23:24 - 2017-11-08 23:24 - 000000000 ____D C:\Windows.old
2017-11-01 22:14 - 2017-12-01 01:27 - 836660498 _____ C:\WINDOWS\MEMORY.DMP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 01:46 - 2017-04-12 03:57 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-01 01:39 - 2015-05-06 21:04 - 000000000 ____D C:\Users\Amy\Documents\Youcam
2017-12-01 01:35 - 2016-10-19 21:57 - 001585610 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-01 01:30 - 2016-10-19 22:31 - 000003658 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-01 01:28 - 2017-08-25 23:43 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-01 01:28 - 2016-10-19 22:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-01 01:28 - 2016-10-19 21:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-01 01:27 - 2017-08-22 01:26 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2017-12-01 01:16 - 2016-07-16 06:04 - 018350080 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-01 01:13 - 2016-07-16 11:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-01 00:57 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-29 00:12 - 2016-07-16 11:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-28 01:15 - 2016-07-16 11:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-27 23:58 - 2016-10-19 21:58 - 000000000 ____D C:\Users\Amy
2017-11-27 21:23 - 2017-08-22 01:51 - 000000000 ____D C:\Users\Amy\AppData\Roaming\tixati
2017-11-26 19:53 - 2017-10-06 02:10 - 000000000 ____D C:\Users\Amy\Desktop\Open University
2017-11-26 04:17 - 2014-12-23 00:11 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-26 04:15 - 2016-01-09 01:45 - 000000000 ____D C:\Users\Amy\Desktop\Docs
2017-11-26 04:12 - 2016-07-16 06:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-26 04:12 - 2014-10-28 12:52 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-11-25 19:45 - 2014-12-22 18:35 - 000000000 ____D C:\Users\Amy\AppData\Local\Packages
2017-11-25 19:12 - 2017-04-12 03:57 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys.151163713884302
2017-11-25 19:10 - 2017-04-12 03:57 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-11-25 04:49 - 2017-09-03 01:30 - 000000000 ____D C:\ProgramData\Chief Architect Interiors X9
2017-11-25 04:48 - 2017-09-03 01:10 - 000000000 ____D C:\Program Files (x86)\Nanosoft
2017-11-25 04:43 - 2017-08-22 01:00 - 000000000 ____D C:\Program Files\Opera
2017-11-25 04:06 - 2016-07-16 11:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-25 04:02 - 2015-01-05 10:48 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-11-25 01:33 - 2017-07-11 17:52 - 000000000 ____D C:\$WINDOWS.~BT
2017-11-25 01:33 - 2017-05-08 21:09 - 000000000 ____D C:\WINDOWS\Panther
2017-11-21 01:44 - 2017-10-11 04:07 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-21 01:44 - 2014-12-24 22:19 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-21 01:44 - 2014-12-24 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-21 00:21 - 2017-09-29 05:21 - 000000000 ____D C:\Program Files\rempl
2017-11-15 08:59 - 2016-02-11 00:06 - 000053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2017-11-09 00:32 - 2017-04-25 02:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-09 00:32 - 2016-02-09 21:57 - 000000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-11-05 02:01 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-05 02:00 - 2014-12-24 21:58 - 000000000 ____D C:\Users\Amy\AppData\Local\ElevatedDiagnostics
2017-11-01 23:32 - 2014-12-22 18:34 - 000000000 ___HD C:\Users\Amy\Documents\hp.applications.package.appdata
2017-11-01 04:08 - 2017-03-19 01:30 - 000000000 ____D C:\Users\Amy\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2017-08-22 03:43 - 2017-08-22 03:43 - 000000218 _____ () C:\Users\Amy\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
2017-12-01 01:37 - 2017-12-01 01:37 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Amy\AppData\Local\Temp\scp34A1.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\winfinsv.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
LastRegBack: 2017-11-27 00:05
==================== End of FRST.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Amy (administrator) on AMYSCOMPUTER (01-12-2017 01:49:24)
Running from C:\Users\Amy\Downloads
Loaded Profiles: Amy (Available Profiles: Amy)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(TOSHIBA CORPORATION) C:\Windows\Temp\mshmezwsrv.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\setup\instup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(© 2015 Microsoft Corporation) C:\Users\Amy\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctftvqe.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(SlimWare Utilities Holdings, Inc.) C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(SlimWare Utilities Holdings, Inc.) C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
(Slimware Utilities Holdings, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
(Farbar) C:\Users\Amy\Downloads\FRST64 (1).exe
() C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7659224 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-10-23] ()
HKLM-x32\...\Run: [ctftvqe.exe] => "C:\Users\Amy\AppData\Local\ntuserlitelist\ctftvqe.exe\ctftvqe.exe.exe" -starup <==== ATTENTION
HKLM-x32\...\RunOnce: [SlimCleaner Plus] => cmd /c "start "" "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe"  /delay=5 /mode=toaster "
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [BingSvc] => C:\Users\Amy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-16] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [DriverUpdate] => C:\Program Files\DriverUpdate\DriverUpdate.exe [34041264 2017-11-13] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26221248 2016-10-25] (Slimware Utilities Holdings, Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series"
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-23]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{644493fe-8afc-4fbd-ac67-559ff095afbb}: [NameServer] 38.132.106.139,194.187.251.67
Tcpip\..\Interfaces\{644493fe-8afc-4fbd-ac67-559ff095afbb}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{cdc5db53-419d-4b0d-b77a-604e62923a56}: [DhcpNameServer] 10.71.0.1
Tcpip\..\Interfaces\{db169bb5-3309-4f2c-a8ae-9c0525edd6da}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-gb
SearchScopes: HKLM-x32 -> {57C42B49-3746-4632-BA19-45EB10F3435E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> {57C42B49-3746-4632-BA19-45EB10F3435E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> {7C5F16EE-512E-4D7D-912C-5CB94C7ED997} URL = hxxp://www.search.ask.com/web?tpid=SPC-SP&o=APN10951&pf=V7&p2=^B20^YYYYYY^YY^GB&gct=&itbv=12.28.1.1260&apn_uid=D9C8812B-0A4A-4F93-973D-0373254E36D0&apn_ptnrs=^B20&apn_dtid=^YYYYYY^YY^GB&apn_dbr=cr_42.0.2311.135&doi=2015-05-02&trgb=CR&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={841102A6-E992-4F1D-AB48-516FECD28DCF}&mid=8492f597c18a47cca1651171d0d37f37-134df7e34ef966163e213f8c407d10a8bbbed8f1&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2016-02-09 22:24:07&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> {E047F502-F9FF-4F1C-8A5A-136AF797F57F} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-23] (AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-23] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Crazy Score -> {f439aa7e-a2a0-4635-99a2-164180e848ca} -> No File
Toolbar: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> No Name - {5350432D-5350-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch","hxxps://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default [2017-11-25]
CHR Extension: (Skype Calling) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-07]
CHR Extension: (AVG Secure Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-06-03]
CHR Extension: (Bing) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-05]
CHR Extension: (HP SimplePass) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-06-05]
CHR Extension: (Crazy Score) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmefmclajgpfbinkkojcomjjbhcapmd [2015-05-03] [UpdateUrl: hxxp://cdn.crazyscore.net/update] <==== ATTENTION
CHR Extension: (Qmee) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-01-20]
CHR Extension: (AVG SafePrice) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-22]
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old [2017-10-28] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-23]
CHR Extension: (Google Sheets) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Quick Searcher) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-08-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR HKU\S-1-5-21-1400221839-1314888541-504861578-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1400221839-1314888541-504861578-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1400221839-1314888541-504861578-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Quick Searcher) - C:\Users\Amy\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-08-22]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-11-25] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-11-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 BTDEVMANAGER; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2017-07-06] () [File not signed]
S2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-11] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-23] (Realtek Semiconductor)
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-10-25] (SlimWare Utilities, Inc.)
R2 SlimWareServices; C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe [184232 2017-11-13] (SlimWare Utilities Holdings, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5618960 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1365064 2017-10-23] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-10-23] ()
S2 CG6Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 HmaOpenVpnService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-11] (HP)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-11-25] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-11-25] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-11-25] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-11-25] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-11-25] (AVG Technologies CZ, s.r.o.)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2016-11-02] (The OpenVPN Project)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-11] (HP)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [68704 2016-12-27] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45048 2017-07-06] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31656 2016-04-13] (HP)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-13] (HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 01:49 - 2017-12-01 01:50 - 000027083 _____ C:\Users\Amy\Downloads\FRST.txt
2017-12-01 01:48 - 2017-12-01 01:49 - 000000000 ____D C:\FRST
2017-12-01 01:48 - 2017-12-01 01:48 - 002391552 _____ (Farbar) C:\Users\Amy\Downloads\FRST64 (1).exe
2017-12-01 01:46 - 2017-12-01 01:46 - 000003110 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Amy)
2017-12-01 01:46 - 2017-12-01 01:46 - 000000362 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Amy).job
2017-12-01 01:41 - 2017-12-01 01:41 - 000002481 _____ C:\Users\Public\Desktop\SlimCleaner Plus.lnk
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\Users\Amy\AppData\Local\Downloaded Installers
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\ProgramData\SlimWare Utilities Inc
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\Program Files\SlimService
2017-12-01 01:41 - 2017-12-01 01:41 - 000000000 ____D C:\Program Files\SlimCleaner Plus
2017-12-01 01:38 - 2017-12-01 01:38 - 000003244 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Scan
2017-12-01 01:38 - 2017-12-01 01:38 - 000000470 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
2017-12-01 01:37 - 2017-12-01 01:45 - 000000000 ____D C:\Users\Amy\AppData\Local\SlimWare Utilities Inc
2017-12-01 01:37 - 2017-12-01 01:37 - 000002489 _____ C:\Users\Public\Desktop\DriverUpdate.lnk
2017-12-01 01:37 - 2017-12-01 01:37 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2017-12-01 01:37 - 2017-12-01 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2017-12-01 01:37 - 2017-12-01 01:37 - 000000000 ____D C:\Program Files\SlimWare Utilities
2017-12-01 01:37 - 2017-12-01 01:37 - 000000000 ____D C:\Program Files\DriverUpdate
2017-12-01 01:35 - 2017-12-01 01:35 - 002391552 _____ (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2017-12-01 01:35 - 2017-12-01 01:35 - 001015616 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Amy\Downloads\DriverUpdate-setup.exe
2017-12-01 01:28 - 2017-12-01 01:32 - 000651020 _____ C:\WINDOWS\Minidump\120117-49828-01.dmp
2017-12-01 01:17 - 2017-12-01 01:18 - 000650844 _____ C:\WINDOWS\Minidump\120117-47484-01.dmp
2017-11-29 03:20 - 2017-11-29 03:20 - 000156818 _____ C:\Users\Amy\Downloads\282AR9RV_licence_summary_2017-11-29.pdf
2017-11-29 01:14 - 2017-11-29 01:14 - 000000000 ____D C:\Users\Amy\Desktop\Visa stuff
2017-11-28 00:14 - 2017-12-01 01:44 - 000000000 ____D C:\Users\Amy\AppData\Local\ctftvqe
2017-11-27 23:56 - 2017-11-27 23:56 - 000650988 _____ C:\WINDOWS\Minidump\112717-39453-01.dmp
2017-11-25 19:12 - 2017-11-25 19:12 - 000002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2017-11-25 19:12 - 2017-11-25 19:12 - 000002048 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-11-25 19:11 - 2017-11-25 19:10 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-11-25 19:11 - 2017-11-25 19:10 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2017-11-25 18:27 - 2017-11-25 01:35 - 000326281 _____ C:\Users\Amy\Downloads\b628_ab_16D_e9i1_web047320_lo (2).pdf
2017-11-25 18:10 - 2017-11-25 18:15 - 000650820 _____ C:\WINDOWS\Minidump\112517-62921-01.dmp
2017-11-25 04:25 - 2017-11-25 04:29 - 000650724 _____ C:\WINDOWS\Minidump\112517-52421-01.dmp
2017-11-25 03:59 - 2017-11-25 04:02 - 000650868 _____ C:\WINDOWS\Minidump\112517-43171-01.dmp
2017-11-20 23:51 - 2017-11-20 23:50 - 000326281 _____ C:\Users\Amy\Downloads\b628_ab_16D_e9i1_web047320_lo (1).pdf
2017-11-20 23:50 - 2017-11-05 21:31 - 000326281 _____ C:\Users\Amy\Downloads\b628_ab_16D_e9i1_web047320_lo.pdf
2017-11-08 23:24 - 2017-11-08 23:24 - 000000000 ____D C:\Windows.old
2017-11-01 22:14 - 2017-12-01 01:27 - 836660498 _____ C:\WINDOWS\MEMORY.DMP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 01:46 - 2017-04-12 03:57 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-01 01:39 - 2015-05-06 21:04 - 000000000 ____D C:\Users\Amy\Documents\Youcam
2017-12-01 01:35 - 2016-10-19 21:57 - 001585610 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-01 01:30 - 2016-10-19 22:31 - 000003658 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-01 01:28 - 2017-08-25 23:43 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-01 01:28 - 2016-10-19 22:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-01 01:28 - 2016-10-19 21:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-01 01:27 - 2017-08-22 01:26 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2017-12-01 01:16 - 2016-07-16 06:04 - 018350080 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-01 01:13 - 2016-07-16 11:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-01 00:57 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-29 00:12 - 2016-07-16 11:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-28 01:15 - 2016-07-16 11:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-27 23:58 - 2016-10-19 21:58 - 000000000 ____D C:\Users\Amy
2017-11-27 21:23 - 2017-08-22 01:51 - 000000000 ____D C:\Users\Amy\AppData\Roaming\tixati
2017-11-26 19:53 - 2017-10-06 02:10 - 000000000 ____D C:\Users\Amy\Desktop\Open University
2017-11-26 04:17 - 2014-12-23 00:11 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-26 04:15 - 2016-01-09 01:45 - 000000000 ____D C:\Users\Amy\Desktop\Docs
2017-11-26 04:12 - 2016-07-16 06:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-26 04:12 - 2014-10-28 12:52 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-11-25 19:45 - 2014-12-22 18:35 - 000000000 ____D C:\Users\Amy\AppData\Local\Packages
2017-11-25 19:12 - 2017-04-12 03:57 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys.151163713884302
2017-11-25 19:10 - 2017-04-12 03:57 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-11-25 19:10 - 2017-04-12 03:57 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-11-25 04:49 - 2017-09-03 01:30 - 000000000 ____D C:\ProgramData\Chief Architect Interiors X9
2017-11-25 04:48 - 2017-09-03 01:10 - 000000000 ____D C:\Program Files (x86)\Nanosoft
2017-11-25 04:43 - 2017-08-22 01:00 - 000000000 ____D C:\Program Files\Opera
2017-11-25 04:06 - 2016-07-16 11:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-25 04:02 - 2015-01-05 10:48 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-11-25 01:33 - 2017-07-11 17:52 - 000000000 ____D C:\$WINDOWS.~BT
2017-11-25 01:33 - 2017-05-08 21:09 - 000000000 ____D C:\WINDOWS\Panther
2017-11-21 01:44 - 2017-10-11 04:07 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-21 01:44 - 2014-12-24 22:19 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-21 01:44 - 2014-12-24 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-21 00:21 - 2017-09-29 05:21 - 000000000 ____D C:\Program Files\rempl
2017-11-15 08:59 - 2016-02-11 00:06 - 000053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2017-11-09 00:32 - 2017-04-25 02:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-09 00:32 - 2016-02-09 21:57 - 000000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-11-05 02:01 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-05 02:00 - 2014-12-24 21:58 - 000000000 ____D C:\Users\Amy\AppData\Local\ElevatedDiagnostics
2017-11-01 23:32 - 2014-12-22 18:34 - 000000000 ___HD C:\Users\Amy\Documents\hp.applications.package.appdata
2017-11-01 04:08 - 2017-03-19 01:30 - 000000000 ____D C:\Users\Amy\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2017-08-22 03:43 - 2017-08-22 03:43 - 000000218 _____ () C:\Users\Amy\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
2017-12-01 01:37 - 2017-12-01 01:37 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Amy\AppData\Local\Temp\scp34A1.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\winfinsv.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
LastRegBack: 2017-11-27 00:05
==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Amy (01-12-2017 01:51:40)
Running from C:\Users\Amy\Downloads
Windows 10 Home Version 1607 14393.1770 (X64) (2016-10-19 22:36:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1400221839-1314888541-504861578-500 - Administrator - Disabled)
Amy (S-1-5-21-1400221839-1314888541-504861578-1002 - Administrator - Enabled) => C:\Users\Amy
DefaultAccount (S-1-5-21-1400221839-1314888541-504861578-503 - Limited - Disabled)
Guest (S-1-5-21-1400221839-1314888541-504861578-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1400221839-1314888541-504861578-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
AMD Catalyst Install Manager (HKLM\...\{6A73A3B8-901C-CB51-4C00-27C1BE50F7B2}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{82B9AF2D-4254-428A-9D1E-7714BA91A4B0}) (Version: 16.76.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.566 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Click Install if prompted (HKLM-x32\...\{92A9572E-834E-477B-A100-C9AD3EE4B4B9}) (Version: 1.0.0.0 - ExpressVpn) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
DEIF USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&8181) (Version:  - DEIF A/S)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DriverUpdate (HKLM\...\{EE6EFB90-09F2-4589-92FE-8B644AA35390}) (Version: 5.1.1 - Slimware Utilities Holdings, Inc.) Hidden
DriverUpdate (HKLM\...\DriverUpdate) (Version: 5.1.1 - Slimware Utilities Holdings, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
ExpressVPN (HKLM-x32\...\{10EB2DEF-3C7F-40DD-8C58-438906E20D08}) (Version: 6.2.3.2578 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{a219f179-a66a-48db-934c-aca0746714e5}) (Version: 6.2.3.2578 - ExpressVPN)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9D7BFF2A-F810-4E35-BE2C-A6CB4B9202DB}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{FD93EB2A-3768-4B16-BDDF-3E2F5667A0A0}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
iSkysoft Video Editor(Build 4.7.2) (HKLM-x32\...\iSkysoft Video Editor_is1) (Version:  - iSkysoft Software)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Product Improvement Study for HP OfficeJet Pro 8710 (HKLM\...\{61812F25-2589-498B-AED9-40CBC641247E}) (Version: 38.1.1881.57490 - HP Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.10 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7378 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Sky Go Download Player (HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\1089791000.go.sky.com) (Version:  - go.sky.com)
SlimCleaner Plus (HKLM\...\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.) Hidden
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
USB to Serial Cable Driver Installer (HKLM-x32\...\{EF384FD9-B0D4-4FF1-8F7D-46BCE2970393}) (Version: 1.8.13 - USB to Serial Cable)
Utility Software 1 version 1.43.0 (HKLM-x32\...\Utility Software 1_is1) (Version: 1.43.0 - DEIF A/S)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-25] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-10-31] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-10-31] (Cyberlink)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-25] (AVG Technologies CZ, s.r.o.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0034F26B-B9DE-4F04-B5FE-11A79C38A859} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0B3AAC6C-1A4B-413D-8651-61202E202EE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {195C80B8-A615-448D-B4C1-3ACF655235C5} - System32\Tasks\HMA! Pro VPN Update => C:\Program Files (x86)\HMA! Pro VPN\VpnUpdate.exe [2017-07-28] (AVAST Software)
Task: {1A7EE3CC-4C88-4769-9587-6808CD875B1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2E23A82A-7742-440A-9FE0-0C77A3BECD02} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {308BDE39-A794-4483-BA9C-A028B8B8D585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {30D44750-5564-4AA3-8116-C9E828F92476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3153C3B9-08C0-4670-ACE9-42782BF9A8E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {414B4073-337C-4D87-9A0C-753FC31B9D24} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-11-25] (AVG Technologies CZ, s.r.o.)
Task: {47DCC927-00CF-4A7B-B9CD-C7FE067D2B4D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Amy) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2016-10-25] (Slimware Utilities Holdings, Inc.)
Task: {4F0FA876-94BB-4960-9C7E-BF0ED4F11B7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {50775F2D-F8FD-4261-991F-4E086E636C04} - \WPD\SqmUpload_S-1-5-21-1400221839-1314888541-504861578-1002 -> No File <==== ATTENTION
Task: {53341B13-006D-4A83-8244-205599BC56F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {55A749D7-79D3-479F-9B51-8417D0E44DF3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-25] (Adobe Systems Incorporated)
Task: {5E8A005D-93A7-4E8C-9036-0999E5DFAF8B} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {7395BCCB-5C16-4ED4-963E-ED836E3EDC8F} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {78AF05D8-7ECB-42B9-A49B-B41B5F2533E3} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.)
Task: {816F7D87-04AA-4BA4-B821-F1475A877D47} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {88998F7B-29E8-4D29-BE20-8C470BAD94B4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {980CBF4A-84DC-461A-9E4A-7B6EDF8A0466} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8710 => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [2015-08-31] (HP Inc.)
Task: {A4D4FC05-161D-44E7-A398-D65596F6EC70} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-25] (Adobe Systems Incorporated)
Task: {A796DCBB-D331-4429-99C0-79BAD4597984} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A8FE7099-926C-4E40-8914-F73AA7C25E9D} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe [2017-11-13] (SlimWare Utilities, Inc.)
Task: {B233F622-1DF4-4F10-87E5-0E23C9C11D8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C0CAD228-A8AC-47BA-AB16-76B604DC1D31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CC39B7DF-45B6-4FCE-8325-58BC11204936} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D1E6D950-FBEB-4A8D-9CD1-6E57CA212847} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {DAFCA33E-C910-4249-BB16-29156240658F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DCB7E4DE-18CA-495E-B4C8-65C019915DA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E626451E-5569-4AAB-A2B2-D64DF526C052} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E6F7D3F1-6FE6-4999-9220-A7F2ACB8CC5E} - System32\Tasks\HPCheckDropBoxStatus => c:\HP\HPQWare\DropBox\HPAppDetector.exe [2014-06-04] ()
Task: {E83FC52B-0B80-4814-AC54-904DD036AB37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EB3AC6AF-89D1-4C66-8A8B-6964E79EF87E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {ED0EF568-2FEF-4976-AE86-4DF6AE22D055} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FF1A7671-DFB5-4D54-9E5D-BBA7BFBAD789} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Amy).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2016-07-16 11:42 - 2016-07-16 11:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-19 09:04 - 2017-09-07 06:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-09 22:23 - 2017-10-23 22:26 - 000981576 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2017-11-25 19:10 - 2017-11-25 19:10 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll
2014-06-05 22:40 - 2014-06-05 22:40 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-05 10:48 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-28 12:49 - 2014-03-05 18:09 - 000088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2017-07-06 10:22 - 2017-07-06 10:22 - 000331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2017-07-06 10:24 - 2017-07-06 10:24 - 009239168 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2016-10-20 01:38 - 2016-10-20 01:38 - 000959168 _____ () C:\Users\Amy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2017-03-21 21:45 - 2017-01-31 12:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-10-19 22:40 - 2016-10-19 22:40 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-18 02:04 - 2017-03-04 06:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-18 02:04 - 2017-03-04 06:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-18 02:04 - 2017-03-04 06:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-18 02:04 - 2017-03-04 06:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-13 05:11 - 2017-09-18 02:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-13 05:11 - 2017-09-18 02:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-13 05:11 - 2017-09-18 02:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-27 15:29 - 2017-10-23 22:26 - 002187336 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2017-10-27 21:21 - 2017-10-27 21:21 - 000927744 _____ () C:\Users\Amy\AppData\Local\ctftvqe\ctftvqe.exe
2017-11-21 00:22 - 2017-11-21 01:08 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-21 00:22 - 2017-11-21 01:08 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-21 00:22 - 2017-11-21 01:08 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-08 23:26 - 2017-11-08 23:32 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-21 00:22 - 2017-11-21 01:08 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-07-16 11:42 - 2016-07-16 11:42 - 000361984 _____ () C:\WINDOWS\SYSTEM32\HrtfApo.dll
2017-10-19 12:18 - 2017-10-19 12:18 - 001089536 _____ () C:\Users\Amy\AppData\Local\ctftvqe\ctfvnce.exe
2016-10-25 16:19 - 2016-10-25 16:19 - 000763072 _____ () C:\Program Files\SlimService\MyDefragDll.dll
2017-07-06 10:25 - 2017-07-06 10:25 - 000441472 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2015-10-31 21:30 - 2015-06-22 09:18 - 000865720 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2015-10-31 21:30 - 2014-04-17 06:35 - 001323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2015-10-31 21:30 - 2015-06-22 09:18 - 000175544 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 000439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 000321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-10-14 16:10 - 2014-09-11 17:58 - 001498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-10-14 16:10 - 2014-05-19 16:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2017-11-25 19:10 - 2017-11-25 19:10 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-11-25 19:10 - 2017-11-25 19:10 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-07-11 04:11 - 2017-07-11 04:11 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-11-25 19:10 - 2017-11-25 19:10 - 000238928 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-11-25 19:10 - 2017-11-25 19:10 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2016-12-27 15:29 - 2016-12-27 15:29 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\Amy\AppData\Local\ctftvqe\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Amy\AppData\Local\ctftvqe\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Amy\AppData\Local\ctftvqe\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Amy\AppData\Local\ctftvqe\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 38.132.106.139 - 194.187.251.67
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1400221839-1314888541-504861578-1002\...\StartupApproved\Run: => "uTorrent"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{D9372C50-2BE7-4DC6-AFD2-861F67251694}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe
FirewallRules: [TCP Query User{D78C0465-9441-402F-A5ED-8E27BB242C78}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe
FirewallRules: [UDP Query User{D33CFDC3-C1BB-4199-BC8C-F86B4CEC9B13}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5C80E52C-3F75-48ED-9D0F-1EB0E01CB200}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{86F49014-3395-4C70-9730-B45965E124C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4B03B175-2CBB-4820-901C-BF7D5C2577F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB4E5962-27AD-407C-8F35-02C39ADFFC77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CFB74EE1-C31C-454C-AE4F-7019013B82B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{168270A8-72EA-448D-BFD8-3407A2EB6920}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{DDBB01AC-E045-4532-864C-6366F6A60D53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{F8002575-BC24-47A0-B124-26D59AC3FC32}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A0CA1926-0473-4C77-8F54-FEA43F704306}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{5E2D195F-3CE7-43E7-977B-DBF9C1F2D623}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe
FirewallRules: [{934E5549-8C24-4F76-81CA-F16DACE6181F}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe
FirewallRules: [{8DA1BC45-1BFA-4E4F-B715-70D9356E496D}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [{A43364FB-213C-4A2C-B59C-9BF876B0EB76}] => (Allow) C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{469378D0-054A-4F7A-A5F2-FB1ABF2DA887}] => (Allow) C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D59E382F-58EC-4616-B936-7FA6259D757C}] => (Allow) C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{54071838-F20A-4E45-A19C-ED7A8A454D9D}] => (Allow) C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{35FEB30F-708D-4B6E-99EB-B34A0232DE5A}] => (Allow) C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C45D7EA1-BD13-4C9E-B500-35E280F88193}] => (Allow) C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DB1DCC85-92FA-46EB-8CAC-60810C788D62}] => (Allow) C:\Users\Amy\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{13FE7631-8F72-449E-A730-385B9F78A378}] => (Allow) C:\Users\Amy\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{C92E1631-A927-4BE3-BE98-900C887F1C63}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe
FirewallRules: [{7A454FF0-AE01-44EC-861D-91E8823A65F9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe
FirewallRules: [{20E702B7-0CE8-4805-8758-AB823971C43A}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe
FirewallRules: [{DCE3599A-A2D5-488F-90E2-D2C8D77F3F83}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe
FirewallRules: [{96F35195-22CD-4A6F-9763-D75F280A217C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe
FirewallRules: [{A168B335-E1A1-41C9-AFD4-A0EC78FE948D}] => (Allow) LPort=5357
FirewallRules: [{2B65CD3C-D198-4D9A-A2FB-93CD0FD641F7}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{8F0F6C64-5BFB-481F-AA6E-FBE03A5D2964}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E3E489BE-17DC-41F4-8B3E-43A277113A05}C:\users\amy\appdata\roaming\vuze leap\vuzeleap.exe] => (Block) C:\users\amy\appdata\roaming\vuze leap\vuzeleap.exe
FirewallRules: [UDP Query User{4BBCA23A-E0D0-4E1A-A570-BCAAF8821F17}C:\users\amy\appdata\roaming\vuze leap\vuzeleap.exe] => (Block) C:\users\amy\appdata\roaming\vuze leap\vuzeleap.exe
FirewallRules: [{934965C2-3E2A-4CDB-B7B1-E8B102CF100B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03462527-A487-4236-965C-6F6680EBB81F}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [TCP Query User{08D3A0AF-9663-40C2-9526-380B06A67C4D}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{DEE79AAF-4CE5-43DF-9544-D89F05182542}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{8D39B0AC-1D93-4033-AF75-CAFCBD94673C}] => (Allow) C:\Program Files\Opera\48.0.2685.32\opera.exe
==================== Restore Points =========================
16-11-2017 01:07:13 Scheduled Checkpoint
21-11-2017 00:20:09 Windows Update
25-11-2017 04:44:15 Removed PTC Creo Elements/Direct Modeling Express 6.0 ( x64 )
==================== Faulty Device Manager Devices =============
Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================
Application errors:
==================
Error: (12/01/2017 01:37:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VpnUpdate.exe, version: 3.5.58.0, time stamp: 0x597af156
Faulting module name: VpnUpdate.exe, version: 3.5.58.0, time stamp: 0x597af156
Exception code: 0xc0000409
Fault offset: 0x000bf0a1
Faulting process ID: 0x2038
Faulting application start time: 0x01d36a44bfd8fb10
Faulting application path: C:\Program Files (x86)\HMA! Pro VPN\VpnUpdate.exe
Faulting module path: C:\Program Files (x86)\HMA! Pro VPN\VpnUpdate.exe
Report ID: a2fc0a9b-46e0-4c40-a796-ad9a5e9edfaa
Faulting package full name:
Faulting package-relative application ID:
Error: (12/01/2017 01:28:57 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
Error: (12/01/2017 01:18:31 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
Error: (12/01/2017 01:11:33 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
Error: (12/01/2017 01:11:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 766984
Error: (12/01/2017 01:11:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 766984
Error: (12/01/2017 01:11:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/01/2017 12:58:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1594
Error: (12/01/2017 12:58:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1594
Error: (12/01/2017 12:58:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (12/01/2017 01:37:07 AM) (Source: DCOM) (EventID: 10016) (User: AMYSCOMPUTER)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user AmysComputer\Amy SID (S-1-5-21-1400221839-1314888541-504861578-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c SID (S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734). This security permission can be modified using the Component Services administrative tool.
Error: (12/01/2017 01:35:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The requested resource is in use.
Error: (12/01/2017 01:35:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/01/2017 01:33:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service did not respond on starting.
Error: (12/01/2017 01:33:07 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
Error: (12/01/2017 01:32:12 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff809d8e7e9f3, 0xffff9b0166036b60, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 45a920c4-f522-4975-a69e-6b9c8b3692c1.
Error: (12/01/2017 01:29:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/01/2017 01:29:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CG6Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/01/2017 01:28:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/01/2017 01:28:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.

CodeIntegrity:
===================================
  Date: 2017-04-12 04:30:13.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:30:13.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:30:13.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:29:52.725
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:29:52.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:29:52.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:29:37.626
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:29:34.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:29:29.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-12 04:29:15.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: AMD A10-5745M APU with Radeon™ HD Graphics
Percentage of memory in use: 39%
Total physical RAM: 7364.7 MB
Available physical RAM: 4422.25 MB
Total Virtual: 8516.7 MB
Available Virtual: 5404.25 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1373.83 GB) (Free:1168.54 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.63 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (BLACK_SAILS_S2_D1) (CDROM) (Total:7.49 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 4A1D15F0)
Partition: GPT.
==================== End of Addition.txt ============================

  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwa...t-malwarebytes/

If you manage to run a scan, delete everything it finds]Upon completion of the scan or after the reboot, two files named  mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop.
Please attach both files in your next reply.
 


  • 0

#5
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts

Any progress?


  • 0

#6
amyrobinson28

amyrobinson28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi, sorry for the delay!

 

Thank you, I think that that may have worked :)

 

both files are attached.

Attached Files


  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts

Yes. Part of it.

  • Highlight the entire content of the quote box below.

Start::  
S2 CG6Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 HmaOpenVpnService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [X]
S2 CG6Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 HmaOpenVpnService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [X]
FirewallRules: [{A168B335-E1A1-41C9-AFD4-A0EC78FE948D}] => (Allow) LPort=5357
HKLM-x32\...\Run: [ctftvqe.exe] => "C:\Users\Amy\AppData\Local\ntuserlitelist\ctftvqe.exe\ctftvqe.exe.exe" -starup <==== ATTENTION
C:\Users\Amy\AppData\Local\ntuserlitelist
C:\WINDOWS\system32\drivers\winfinsv.sys
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR Extension: (Crazy Score) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmefmclajgpfbinkkojcomjjbhcapmd [2015-05-03] [UpdateUrl: hxxp://cdn.crazyscore.net/update] <==== ATTENTION
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old [2017-10-28] <==== ATTENTION
C:\WINDOWS\system32\drivers\winfinsv.sys
HKLM-x32\...\Run: [ctftvqe.exe] => "C:\Users\Amy\AppData\Local\ntuserlitelist\ctftvqe.exe\ctftvqe.exe.exe" -starup <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR Extension: (Crazy Score) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmefmclajgpfbinkkojcomjjbhcapmd [2015-05-03] [UpdateUrl: hxxp://cdn.crazyscore.net/update] <==== ATTENTION
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default Old [2017-10-28] <==== ATTENTION
C:\WINDOWS\system32\drivers\winfinsv.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
Task: {0034F26B-B9DE-4F04-B5FE-11A79C38A859} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1A7EE3CC-4C88-4769-9587-6808CD875B1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {308BDE39-A794-4483-BA9C-A028B8B8D585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3153C3B9-08C0-4670-ACE9-42782BF9A8E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {50775F2D-F8FD-4261-991F-4E086E636C04} - \WPD\SqmUpload_S-1-5-21-1400221839-1314888541-504861578-1002 -> No File <==== ATTENTION
Task: {88998F7B-29E8-4D29-BE20-8C470BAD94B4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A796DCBB-D331-4429-99C0-79BAD4597984} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F622-1DF4-4F10-87E5-0E23C9C11D8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C0CAD228-A8AC-47BA-AB16-76B604DC1D31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CC39B7DF-45B6-4FCE-8325-58BC11204936} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DAFCA33E-C910-4249-BB16-29156240658F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E626451E-5569-4AAB-A2B2-D64DF526C052} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {ED0EF568-2FEF-4976-AE86-4DF6AE22D055} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FF1A7671-DFB5-4D54-9E5D-BBA7BFBAD789} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Crazy Score -> {f439aa7e-a2a0-4635-99a2-164180e848ca} -> No File
Toolbar: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> No Name - {5350432D-5350-006A-76A7-7A786E7484D7} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Crazy Score -> {f439aa7e-a2a0-4635-99a2-164180e848ca} -> No File
Toolbar: HKU\S-1-5-21-1400221839-1314888541-504861578-1002 -> No Name - {5350432D-5350-006A-76A7-7A786E7484D7} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {0034F26B-B9DE-4F04-B5FE-11A79C38A859} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1A7EE3CC-4C88-4769-9587-6808CD875B1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {308BDE39-A794-4483-BA9C-A028B8B8D585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3153C3B9-08C0-4670-ACE9-42782BF9A8E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {50775F2D-F8FD-4261-991F-4E086E636C04} - \WPD\SqmUpload_S-1-5-21-1400221839-1314888541-504861578-1002 -> No File <==== ATTENTION
Task: {88998F7B-29E8-4D29-BE20-8C470BAD94B4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A796DCBB-D331-4429-99C0-79BAD4597984} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F622-1DF4-4F10-87E5-0E23C9C11D8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C0CAD228-A8AC-47BA-AB16-76B604DC1D31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CC39B7DF-45B6-4FCE-8325-58BC11204936} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DAFCA33E-C910-4249-BB16-29156240658F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E626451E-5569-4AAB-A2B2-D64DF526C052} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {ED0EF568-2FEF-4976-AE86-4DF6AE22D055} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FF1A7671-DFB5-4D54-9E5D-BBA7BFBAD789} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
HKLM-x32\...\Run: [ctftvqe.exe] => "C:\Users\Amy\AppData\Local\ntuserlitelist\ctftvqe.exe\ctftvqe.exe.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [ctftvqe.exe] => "C:\Users\Amy\AppData\Local\ntuserlitelist\ctftvqe.exe\ctftvqe.exe.exe" -starup <==== ATTENTION
(TOSHIBA CORPORATION) C:\Windows\Temp\mshmezwsrv.exe
2017-12-01 01:37 - 2017-12-01 01:37 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Amy\AppData\Local\Temp\scp34A1.tmp.exe
(TOSHIBA CORPORATION) C:\Windows\Temp\mshmezwsrv.exe
2017-12-01 01:37 - 2017-12-01 01:37 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Amy\AppData\Local\Temp\scp34A1.tmp.exe
2017-12-01 01:37 - 2017-12-01 01:37 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Amy\AppData\Local\Temp\scp34A1.tmp.exe
2017-12-01 01:37 - 2017-12-01 01:37 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Amy\AppData\Local\Temp\scp34A1.tmp.exe
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


  • 0

#8
amyrobinson28

amyrobinson28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi please find all of this below:

 

 

# AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 05 23:58:50 2017
# Updated on 2017/29/11 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: WtuSystemSupport
Deleted: SlimService
Deleted: vToolbarUpdater40.3.8

***** [ Folders ] *****
Deleted: C:\ProgramData\AVG Secure Search
Deleted: C:\Program Files\Common Files\AVG Secure Search
Deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted: C:\Users\All Users\AVG Secure Search
Deleted: C:\ProgramData\AVG Security Toolbar
Deleted: C:\Users\All Users\AVG Security Toolbar
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
Deleted: C:\Program Files\slimcleaner plus
Deleted: C:\Users\Amy\AppData\Local\regtool
Deleted: C:\ProgramData\avg web tuneup
Deleted: C:\Program Files\avg web tuneup
Deleted: C:\Program Files (x86)\avg web tuneup
Deleted: C:\Users\All Users\avg web tuneup
Deleted: C:\Users\Amy\AppData\Local\avg web tuneup
Deleted: C:\Program Files (x86)\S5
Deleted: C:\Users\Amy\AppData\Local\Downloaded Installers
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
Deleted: C:\Program Files\SlimCleaner Plus
Deleted: C:\ProgramData\slimware utilities inc
Deleted: C:\Users\All Users\slimware utilities inc
Deleted: C:\Users\Amy\AppData\Local\slimware utilities inc
Deleted: C:\ProgramData\SlimWare Utilities Inc
Deleted: C:\Users\All Users\SlimWare Utilities Inc
Deleted: C:\Users\Amy\AppData\Local\SlimWare Utilities Inc
Deleted: C:\Program Files\SlimService
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
Deleted: C:\Program Files\DriverUpdate
Deleted: C:\ProgramData\WindowsReporting
Deleted: C:\Users\All Users\WindowsReporting
Deleted: C:\ProgramData\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\Users\Amy\AppData\Roaming\CompuClever
Deleted: C:\ProgramData\Avg_Update_1016tb

***** [ Files ] *****
Deleted: C:\Users\Amy\Downloads\DRIVERUPDATE-SETUP.EXE
Deleted: C:\ProgramData\_lg.3sap
Deleted: C:\Users\All Users\_lg.3sap

***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted: DriverUpdate Scan
Deleted: SlimCleaner Plus (Scheduled Scan - Amy)
Deleted: SlimCleaner Plus (Scheduled Scan - Amy)

***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
Deleted: [Key] - HKLM\SOFTWARE\WebDiscoverBrowser
Deleted: [Key] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\WebDiscoverBrowser
Deleted: [Key] - HKCU\Software\WebDiscoverBrowser
Deleted: [Key] - HKLM\SOFTWARE\AVG Secure Search
Deleted: [Key] - HKLM\SOFTWARE\AVG Tuneup
Deleted: [Key] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\ICSW1.23
Deleted: [Key] - HKCU\Software\ICSW1.23
Deleted: [Key] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\VideoBox
Deleted: [Key] - HKCU\Software\VideoBox
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{959D527D-6C27-4879-A644-065526D6969C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted: [Value] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\Microsoft\Windows\CurrentVersion\Run|SlimCleaner Plus
Deleted: [Value] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SlimCleaner Plus
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SlimCleaner Plus
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Deleted: [Key] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\chrome-64-bit.en.softonic.com
Deleted: [Key] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\softonic.com
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Deleted: [Key] - HKLM\SOFTWARE\mystartsearchSoftware
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted: [Key] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-1400221839-1314888541-504861578-1002\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - Amy)

***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
Plugin deleted: MSN Homepage & Bing Search Engine -
Plugin deleted: AVG Web TuneUp -

*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [9175 B] - [2017/12/5 23:57:9]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

Attached Files


  • 0

#9
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts

I believe we now have it, but to confirm, lets perform a malwarebytes scan

 

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg


  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 


  • 0

#10
amyrobinson28

amyrobinson28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Thank you, please find it attached.

Attached Files


  • 0

#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
How is the computer doing?
  • 0

#12
amyrobinson28

amyrobinson28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Thank you it is working better now, I have had no trouble.

I have put some money into your account, thank you again for your help!


  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Thank you, and congratulations.

Use this application to remove quarantined items.

Please download DelFix by Xplode and save to your Desktop.
  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
Always keep your antivirus active and updated.

Best regards. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP