While running the Farbar scan I got an AVG message that said the UI did not load or something like that. I have received this same message a couple times recently.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.09.2018
Ran by Steve9697 (administrator) on LENOVO-PC (12-09-2018 14:44:04)
Running from C:\Users\Steve9697\Desktop
Loaded Profiles: Steve9697 (Available Profiles: Steve9697)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291056 2018-08-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-08-24] (Piriform Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F688769F-6A3C-44A1-B4D4-1F50E2E946BD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F71F3517-C3E8-4CB5-AD56-081EE2EC6E92}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={13BB2D5C-F30E-407D-84B8-ABD5F12A9B60}&mid=cf7f00884b8a47d2a1e011769372a57a-e430d6d9335b746559a7e0ea3c233e391f2628d2&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117av&pr=fr&d=2017-01-22 06:28:20&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {A4A33017-9042-4A4D-8471-96CF3E1A2F6E} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-15] (AVG)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FireFox:
========
FF DefaultProfile: 0zf3pnj8.default-1486589586370-1503817334726
FF ProfilePath: C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\0zf3pnj8.default-1486589586370-1503817334726 [2018-09-12]
FF Extension: (Firefox Monitor) - C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\0zf3pnj8.default-1486589586370-1503817334726\features\{4b77dfc6-5ca9-4dd5-b428-e70dabc6a56a}\[email protected] [2018-09-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1307137307-3646667384-4218071605-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Steve9697\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-27] (Citrix Online)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default [2018-09-12]
CHR Extension: (Slides) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-24]
CHR Extension: (Docs) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-24]
CHR Extension: (Google Drive) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-24]
CHR Extension: (YouTube) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (AVG Secure Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-07-19]
CHR Extension: (Google Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-02]
CHR Extension: (Sheets) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-24]
CHR Extension: (Gmail) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-24]
CHR HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [323512 2018-08-31] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8043904 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin Ltd. or its subsidiaries)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 vToolbarUpdater40.3.8; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe" [X]
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgArPot; C:\windows\System32\drivers\avgArPot.sys [192104 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\windows\System32\drivers\avgbidsdrivera.sys [222288 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\windows\System32\drivers\avgbidsha.sys [194224 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\windows\System32\drivers\avgbloga.sys [339048 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\windows\System32\drivers\avgbuniva.sys [51952 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\windows\System32\drivers\avgHwid.sys [39352 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\windows\System32\drivers\avgMonFlt.sys [155664 2018-09-11] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\windows\System32\drivers\avgRdr2.sys [104256 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\windows\System32\drivers\avgRvrt.sys [78864 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\windows\System32\drivers\avgSnx.sys [1020112 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\windows\System32\drivers\avgSP.sys [459624 2018-09-04] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\windows\System32\drivers\avgStm.sys [208216 2018-09-12] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\windows\System32\drivers\avgVmm.sys [373944 2018-08-31] (AVG Technologies CZ, s.r.o.)
R3 GeneStor; C:\windows\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-12] (Malwarebytes)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-20] (Realtek Semiconductor Corporation )
R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-12 14:44 - 2018-09-12 14:45 - 000016567 _____ C:\Users\Steve9697\Desktop\FRST.txt
2018-09-12 14:42 - 2018-09-12 14:38 - 002413568 _____ (Farbar) C:\Users\Steve9697\Desktop\FRST64.exe
2018-09-12 14:41 - 2018-09-12 14:41 - 000001131 _____ C:\Users\Steve9697\Downloads\FRST64.exe - Shortcut.lnk
2018-09-12 14:40 - 2018-09-12 14:44 - 000000000 ____D C:\FRST
2018-09-12 14:38 - 2018-09-12 14:38 - 002413568 _____ (Farbar) C:\Users\Steve9697\Downloads\FRST64.exe
2018-09-12 11:30 - 2018-09-12 11:30 - 007797989 _____ C:\Users\Steve9697\Desktop\bookmarks.html
2018-09-04 12:23 - 2018-09-04 12:24 - 016798624 _____ (Piriform Ltd) C:\Users\Steve9697\Downloads\ccsetup546.exe
2018-09-02 05:59 - 2018-09-02 05:59 - 000002891 _____ C:\Users\Steve9697\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audiobook Cutter FE.lnk
2018-09-02 05:59 - 2018-09-02 05:59 - 000000984 _____ C:\Users\Steve9697\Desktop\Audiobook Cutter FE.lnk
2018-09-02 05:59 - 2018-09-02 05:59 - 000000000 ____D C:\Program Files (x86)\AudiobookCutterFE
2018-09-02 05:58 - 2018-09-02 05:58 - 001271808 _____ C:\Users\Steve9697\Downloads\AudiobookCutterFE_EN(1).msi
2018-09-02 05:48 - 2018-09-02 05:48 - 000002891 _____ C:\Users\Steve9697\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audiobook Cutter Demo.lnk
2018-09-02 05:48 - 2018-09-02 05:48 - 000000000 ____D C:\Program Files (x86)\AudiobookCutterDemo
2018-09-02 05:46 - 2018-09-02 05:46 - 001274368 _____ C:\Users\Steve9697\Downloads\AudiobookCutterDemo_EN.msi
2018-09-02 05:42 - 2018-09-02 05:43 - 001271808 _____ C:\Users\Steve9697\Downloads\AudiobookCutterFE_EN.msi
2018-09-01 22:18 - 2018-09-02 05:48 - 000000000 ____D C:\Users\Steve9697\AppData\Roaming\audacity
2018-09-01 22:18 - 2018-09-01 22:18 - 000001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2018-09-01 22:18 - 2018-09-01 22:18 - 000000000 ____D C:\Users\Steve9697\AppData\Local\Audacity
2018-09-01 22:18 - 2018-09-01 22:18 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-09-01 22:11 - 2018-09-01 22:12 - 020248056 _____ (Audacity Team ) C:\Users\Steve9697\Downloads\audacity-win-2.2.2.exe
2018-08-31 15:28 - 2018-08-31 15:28 - 000380656 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\avgBoot.exe
2018-08-30 07:09 - 2018-09-12 10:36 - 000259360 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-08-22 06:06 - 2018-08-22 06:06 - 000000000 ____D C:\Users\Steve9697\AppData\Local\mbam
2018-08-15 03:20 - 2018-07-19 00:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-08-15 03:20 - 2018-07-18 23:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-08-15 03:20 - 2018-07-18 21:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-08-15 03:20 - 2018-07-18 21:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-08-15 03:20 - 2018-07-18 21:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-08-15 03:20 - 2018-07-18 21:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-08-15 03:20 - 2018-07-18 21:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-08-15 03:20 - 2018-07-18 21:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2018-08-15 03:20 - 2018-07-18 21:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-08-15 03:20 - 2018-07-18 21:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-08-15 03:20 - 2018-07-18 20:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-08-15 03:20 - 2018-07-18 20:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-08-15 03:20 - 2018-07-18 20:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-08-15 03:20 - 2018-07-18 20:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-08-15 03:20 - 2018-07-18 20:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-08-15 03:20 - 2018-07-18 20:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-08-15 03:20 - 2018-07-18 20:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-08-15 03:20 - 2018-07-18 20:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-08-15 03:20 - 2018-07-18 20:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-08-15 03:20 - 2018-07-18 20:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-08-15 03:20 - 2018-07-18 20:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-08-15 03:20 - 2018-07-18 20:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-08-15 03:20 - 2018-07-18 20:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-08-15 03:20 - 2018-07-13 00:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-08-15 03:20 - 2018-07-07 11:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-08-15 03:20 - 2018-07-07 10:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-08-15 03:20 - 2018-07-06 10:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2018-08-15 03:20 - 2018-07-06 09:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2018-08-15 03:20 - 2018-06-30 11:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-08-15 03:20 - 2018-06-24 08:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-08-15 03:20 - 2018-06-24 08:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-08-15 03:20 - 2018-06-19 06:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-08-15 03:20 - 2018-06-19 06:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-08-15 03:20 - 2018-06-16 08:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-08-15 03:20 - 2018-06-14 21:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2018-08-15 03:20 - 2018-06-14 19:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-08-15 03:20 - 2018-06-14 18:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2018-08-15 03:20 - 2018-06-14 18:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2018-08-15 03:20 - 2018-06-14 18:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2018-08-15 03:20 - 2018-06-14 18:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2018-08-15 03:19 - 2018-07-18 23:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-08-15 03:19 - 2018-07-18 21:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-08-15 03:19 - 2018-07-18 21:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-08-15 03:19 - 2018-07-18 21:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-08-15 03:19 - 2018-07-18 21:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-08-15 03:19 - 2018-07-18 20:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2018-08-15 03:19 - 2018-07-18 20:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-08-15 03:19 - 2018-07-18 20:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-08-15 03:19 - 2018-07-18 20:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-08-15 03:19 - 2018-07-18 20:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-08-15 03:19 - 2018-07-18 20:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-08-15 03:19 - 2018-07-18 20:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-08-15 03:19 - 2018-07-18 20:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-08-15 03:19 - 2018-07-18 20:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-08-15 03:19 - 2018-07-18 20:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-08-15 03:19 - 2018-07-18 20:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-08-15 03:19 - 2018-07-07 10:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-08-15 03:19 - 2018-07-07 10:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-08-15 03:19 - 2018-07-07 09:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-08-15 03:19 - 2018-07-07 09:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-08-15 03:19 - 2018-06-19 06:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2018-08-15 03:19 - 2018-06-19 06:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2018-08-15 03:19 - 2018-06-16 07:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-08-15 03:19 - 2018-06-14 19:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-08-15 03:19 - 2018-06-14 19:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-08-15 03:19 - 2018-06-14 18:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2018-08-15 03:19 - 2018-06-08 11:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-12 13:45 - 2016-11-18 01:59 - 000000000 ____D C:\Users\Steve9697\AppData\LocalLow\Mozilla
2018-09-12 11:41 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\NDF
2018-09-12 11:41 - 2013-08-22 06:36 - 000000000 ____D C:\windows\Inf
2018-09-12 11:31 - 2014-10-16 17:52 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2018-09-12 11:31 - 2014-05-26 11:35 - 000000000 ____D C:\ProgramData\Temp
2018-09-12 11:29 - 2013-08-22 08:20 - 000000000 ____D C:\windows\CbsTemp
2018-09-12 11:18 - 2014-11-12 12:08 - 000000000 ____D C:\windows\system32\MRT
2018-09-12 11:13 - 2014-11-12 12:08 - 139184408 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-09-12 11:13 - 2014-10-01 00:48 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1307137307-3646667384-4218071605-1001
2018-09-12 10:47 - 2017-06-19 01:43 - 000208216 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgStm.sys
2018-09-12 10:42 - 2014-10-01 00:51 - 000003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{89EF1102-66E7-4EB6-A594-1EFDDFF5FBB9}
2018-09-12 10:37 - 2015-02-25 16:16 - 000000000 ___RD C:\Users\Steve9697\OneDrive
2018-09-12 10:37 - 2014-10-01 00:42 - 000000000 ____D C:\Users\Steve9697
2018-09-12 10:36 - 2016-07-21 02:14 - 000008192 _____ C:\windows\SysWOW64\WDPABKP.dat
2018-09-12 10:36 - 2013-08-22 07:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-09-11 23:01 - 2017-06-19 01:43 - 000004174 _____ C:\windows\System32\Tasks\Antivirus Emergency Update
2018-09-11 17:20 - 2017-06-13 15:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-09-11 17:20 - 2014-10-16 13:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-11 17:19 - 2013-08-22 06:25 - 000524288 ___SH C:\windows\system32\config\BBI
2018-09-11 14:44 - 2018-03-14 01:45 - 000004472 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-11 14:44 - 2015-01-27 23:37 - 000004288 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-09-11 14:44 - 2013-08-22 08:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-09-11 14:44 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Macromed
2018-09-11 12:25 - 2017-06-19 01:43 - 000155664 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgMonFlt.sys
2018-09-10 02:47 - 2014-10-16 17:55 - 000000000 ____D C:\Program Files\CCleaner
2018-09-07 21:28 - 2014-10-16 13:55 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-09-06 12:35 - 2017-10-24 15:03 - 000004128 _____ C:\windows\System32\Tasks\CCleaner Update
2018-09-05 04:28 - 2015-10-08 11:25 - 000000000 ____D C:\Users\Steve9697\AppData\Roaming\Anvsoft
2018-09-04 13:41 - 2014-03-18 02:53 - 000863592 _____ C:\windows\system32\PerfStringBackup.INI
2018-09-04 12:25 - 2014-10-16 17:55 - 000000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-04 11:06 - 2017-06-19 01:43 - 000459624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSP.sys
2018-08-31 15:29 - 2017-06-19 01:43 - 000078864 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRvrt.sys
2018-08-31 15:28 - 2017-11-27 15:10 - 000192104 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArPot.sys
2018-08-31 15:28 - 2017-06-19 01:43 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgVmm.sys
2018-08-31 15:28 - 2017-06-19 01:43 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRdr2.sys
2018-08-31 15:28 - 2017-06-19 01:43 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgHwid.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSnx.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbloga.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsdrivera.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsha.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbuniva.sys
2018-08-30 07:08 - 2017-09-13 16:17 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-08-30 04:13 - 2018-07-18 11:27 - 000000000 ____D C:\Users\Steve9697\AppData\Local\CrashDumps
2018-08-23 11:32 - 2015-11-04 11:34 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-08-17 18:24 - 2013-08-22 08:36 - 000000000 ____D C:\windows\rescache
2018-08-15 22:56 - 2013-08-22 07:44 - 000371472 _____ C:\windows\system32\FNTCACHE.DAT
2018-08-15 22:51 - 2013-08-22 08:36 - 000000000 ___RD C:\windows\ToastData
2018-08-14 22:58 - 2016-03-02 00:15 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-14 01:36 - 2013-08-22 08:36 - 000000000 ____D C:\windows\AppReadiness
==================== Files in the root of some directories =======
2015-03-19 02:03 - 2015-03-19 02:03 - 000000038 ___SH () C:\Users\Steve9697\AppData\Local\69ff07055291669bb2b218.72821112
2017-07-11 10:05 - 2017-07-11 10:05 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{0D6263E4-37F9-4F15-8B23-D744C38AE971}
2017-08-02 01:08 - 2017-08-02 01:08 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{553BEC90-D9D7-429E-8E8A-48268AB247EE}
2017-11-21 02:39 - 2017-11-21 02:39 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{6FDE4617-C3D8-4B6D-9C8C-7EB3F1F61D01}
2017-07-14 14:30 - 2017-07-14 14:30 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{82DD34B9-19D5-44FB-8AAA-89805F2BD89F}
2017-07-12 13:16 - 2017-07-12 13:16 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{9F2EE62A-02A1-4C22-BBE1-412774DD4430}
2016-12-16 16:01 - 2016-12-16 16:01 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{D5E557FA-6162-4CDA-A8DE-829D93D047A9}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-09-10 04:46
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018
Ran by Steve9697 (12-09-2018 14:46:22)
Running from C:\Users\Steve9697\Desktop
Windows 8.1 Connected (Update) (X64) (2014-10-01 07:42:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1307137307-3646667384-4218071605-500 - Administrator - Disabled)
Guest (S-1-5-21-1307137307-3646667384-4218071605-501 - Limited - Disabled)
Steve9697 (S-1-5-21-1307137307-3646667384-4218071605-1001 - Administrator - Enabled) => C:\Users\Steve9697
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{11F6087F-2114-45B5-9EB3-F80E1368CBE9}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ANT Drivers Installer x64 (HKLM\...\{20AB389B-8602-403C-B19B-F0A1D6C510A5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.4 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Audiobook Cutter Demo (HKLM-x32\...\{40BB5CF5-BA5D-40A7-BB82-0FB77FF7F45B}) (Version: 1.9.4 - Audiobook Software)
Audiobook Cutter Free Edition (HKLM-x32\...\{D52FFC61-0647-44FA-B142-E54574B27729}) (Version: 1.9.4 - Audiobook Software)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.6.3066 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Brother Software Suite (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
ChairGun4 4.3.2 (HKLM-x32\...\{1EFE73CA-B847-4F80-958B-3DE1CE690FE3}_is1) (Version: - Hawke Sport Optics)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Elevated Installer (HKLM-x32\...\{6E257EB0-5EFF-416D-82D4-592924566BB4}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E1C18A5C-63D7-4DC5-977F-5B4BAB4169D9}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo SoftAP (HKLM-x32\...\{F5A08FAD-697C-4952-9E7D-F741CD42F069}) (Version: 1.0.0.17 - Realtek)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 62.0 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0 (x64 en-US)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - )
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-08-31] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-12-30] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-08-31] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FCCD4EE-DF2A-407B-AB66-BF3422B5357F} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {1AB60F8E-FCC0-4DC0-ADFE-406CC681F9A5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {2BC38040-1277-4F89-9D5D-05A0AA6455AC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {2BC38040-1277-4F89-9D5D-05A0AA6455AC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\windows\system32\GWX\GWXDetector.exe [2015-09-24] (Microsoft Corporation)
Task: {54304288-479D-4399-94FA-CA0E758F4291} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {5ACBB1FE-E7C3-47E4-B38E-13197A2DD128} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {678218CB-1275-4424-9853-8927A4DF4F36} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {7F0B2783-9391-4C27-A4B3-4E14FFA4A772} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {88024B17-85FD-460E-AD99-3CE8C7561BAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {98FD34EF-9E84-4441-9FE9-AF078DDD14AB} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {A7877AC7-A448-4D17-9B02-35881C8770D1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-11] (Adobe Systems Incorporated)
Task: {AC89DB9B-CDD2-444C-8C71-79069453B7D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {AE09C122-7DCB-43AC-AF5A-892FE5860B7B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-11] (Adobe Systems Incorporated)
Task: {AFE28CE4-7925-4B2B-8554-3D6E49D7FC5E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {AFE28CE4-7925-4B2B-8554-3D6E49D7FC5E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\windows\system32\GWX\GWXDetector.exe [2015-09-24] (Microsoft Corporation)
Task: {B015C726-5B67-443C-891B-D0005EA0A703} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-06-06] ()
Task: {B9EA530E-6C95-4602-B5DD-4D4DBCC0FB77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {B9EA530E-6C95-4602-B5DD-4D4DBCC0FB77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {B9EA530E-6C95-4602-B5DD-4D4DBCC0FB77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\windows\system32\GWX\GWXDetector.exe [2015-09-24] (Microsoft Corporation)
Task: {BE12D3E9-1792-4560-AB51-F65494D28D7C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-08-31] (AVG Technologies CZ, s.r.o.)
Task: {C4DC4ECF-C0E2-479C-B45C-FBED8E616544} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C89F2E5A-4B64-426E-A7DB-F7FFBA54DA5B} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-11] (AVG Technologies CZ, s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-05-26 11:24 - 2011-08-16 20:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2014-05-26 11:43 - 2013-05-14 11:53 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-11-07 13:41 - 2018-08-30 07:08 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2014-05-26 11:23 - 2013-10-25 02:23 - 000053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2014-05-26 11:24 - 2011-08-16 20:46 - 000024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2018-06-06 14:31 - 2018-06-06 14:31 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2014-05-26 11:24 - 2011-05-17 13:27 - 000028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2017-02-07 16:44 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-03-02 15:41 - 2018-03-02 15:42 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-08-31 15:27 - 2018-08-31 15:27 - 000574192 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\google.com -> hxxps://accounts.google.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2018-09-07 01:12 - 000000035 _____ C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "LVT"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{BDF16C49-93CD-4CEB-A984-F0A82708E316}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F639D26B-E28B-4E47-ACCA-3EFEBD8D6F40}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{ACCDB750-845A-4473-983D-3C8904568017}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{44A32B92-C515-4CF8-ACB3-16275EF74E6B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{72266752-7B5D-4693-B874-F2167A9C7A29}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1CD0E376-D966-4CB1-A110-58A0F9A2D4ED}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{65CB4B1F-D6C9-4260-B7DD-D88963C311E8}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{81AC19CA-D61D-4E23-BD91-9A7E5FFA49DF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{240EBF9B-0195-4A7E-B0F4-4C3CCB63C03C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{170EE1B5-ED7D-4ECC-AA3A-AC81AEDB7A70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D1B786E-01E6-40FA-8520-7AB001818487}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{87C34D4C-5CB7-48E5-AB97-1641F1BA8C87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D7FD550D-241A-4BA4-B24B-625FF76E0528}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6A8143D0-0296-44E0-8016-81D1050FD513}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{952C7416-76EB-4244-8286-47F92165C5BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{04F1F35B-047D-4ECE-A57E-F7B35E946525}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{EC253810-3EA7-4064-B82F-0D3EB7B62447}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8A06E90E-60B3-4F68-9F2C-1C53829CA5E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23595B4C-2AF0-4CC1-9F9D-04A016034259}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F46B25B1-9F9F-4D34-9133-82AE6614FA27}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8457566B-D38F-42B7-BEA7-53BB971B5A2A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8A74A29A-AB8F-4479-B798-A16883101AFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CA9F9F7B-C896-46A1-B6EB-453DFADD0D50}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6F93776B-F6CD-41D8-9192-26E2DE1DA17A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F53B1D18-3E82-4F97-9D1E-81226A69BF73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2D9EC8F5-7C75-4619-9C51-A11C5F9F76FA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4BA2815A-BEA2-4C6D-9E35-EE554C7D3DBD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{8B6FEE9E-8DB0-4E19-BD59-43A96043D086}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5A025FBD-2C83-49CE-91F2-03978D694920}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DE1B209F-DFDE-493E-AE59-C16DFB0F8F37}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BDE2133C-BF5A-430B-91BB-C936BABC9C29}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E4DE94B-540F-4512-8575-E646D517F0B8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{002BBBC3-D374-4B75-914A-007C0295F3CC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{EF91260D-42D1-49A4-8B3C-605F586E0227}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FBC9C41A-0958-4B2E-988E-C51F08F29A91}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{442938AE-6AE4-46DE-A0ED-2FF6DF1D8686}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C4B68898-F3E3-4115-AE77-097C1DB72D41}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{172E28C5-F1D7-418B-A967-1B85E9A74F9B}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{0260590E-5405-41FD-9C33-1B06E3298613}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{0BF2142D-5A79-4B7D-B997-65E03CAEE492}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
27-08-2018 01:41:32 Scheduled Checkpoint
02-09-2018 05:47:13 Installed Audiobook Cutter Demo
02-09-2018 05:58:59 Installed Audiobook Cutter Free Edition
11-09-2018 13:06:10 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/12/2018 10:48:32 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (1476) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (09/12/2018 10:48:32 AM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (1476) WebCacheLocal: An attempt to open the file "C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (09/12/2018 01:34:34 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2780) An attempt to open the file "C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (09/11/2018 05:21:55 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (09/11/2018 05:21:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (09/09/2018 06:11:42 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (5716) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (09/09/2018 06:11:30 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (6740) An attempt to open the file "C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/29/2018 02:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AVCFree.exe, version: 5.8.4.0, time stamp: 0x55fbbb73
Faulting module name: DuiLib_u.dll, version: 0.0.0.0, time stamp: 0x55fbbb37
Exception code: 0xc0000005
Fault offset: 0x0001d588
Faulting process id: 0x13cc
Faulting application start time: 0x01d43fd669021c7c
Faulting application path: C:\Program Files (x86)\Anvsoft\Any Video Converter\AVCFree.exe
Faulting module path: C:\Program Files (x86)\Anvsoft\Any Video Converter\DuiLib_u.dll
Report Id: d1830a3f-abcf-11e8-838f-c03fd5964c89
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (09/12/2018 10:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.3.8 service failed to start due to the following error:
The system cannot find the file specified.
Error: (09/12/2018 10:35:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WtuSystemSupport service failed to start due to the following error:
The system cannot find the file specified.
Error: (09/12/2018 10:35:36 AM) (Source: GeneStor) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/12/2018 10:35:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:01:18 AM on 9/12/2018 was unexpected.
Error: (09/11/2018 05:40:40 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.18.
The computer with the IP address 192.168.1.104 did not allow the name to be claimed by
this computer.
Error: (09/11/2018 05:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.3.8 service failed to start due to the following error:
The system cannot find the file specified.
Error: (09/11/2018 05:21:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WtuSystemSupport service failed to start due to the following error:
The system cannot find the file specified.
Error: (09/11/2018 05:20:58 PM) (Source: GeneStor) (EventID: 0) (User: )
Description: Event-ID 0
Windows Defender:
===================================
Date: 2017-06-19 06:08:41.002
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2017-06-19 05:19:27.654
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 117.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.13804.0
Error code: 0x80070002
Error description: The system cannot find the file specified.
Date: 2017-06-19 05:19:26.654
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.1013.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x800b0100
Error description: No signature was present in the subject.
Date: 2017-06-19 05:19:26.654
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.1013.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x800b0100
Error description: No signature was present in the subject.
Date: 2017-06-19 05:12:50.385
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
CodeIntegrity:
===================================
Date: 2018-09-07 18:52:39.840
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-09-07 18:52:38.684
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-09-07 18:52:37.527
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-09-07 18:52:36.356
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-09-07 18:52:35.184
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-09-07 18:52:34.027
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-09-07 18:52:32.855
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-09-07 18:52:31.683
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 69%
Total physical RAM: 3983.75 MB
Available physical RAM: 1222.89 MB
Total Virtual: 5007.75 MB
Available Virtual: 1510.37 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:269.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:801.05 GB) NTFS
\\?\Volume{61bd4a58-f561-4c73-93be-019161e145df}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.61 GB) NTFS
\\?\Volume{3d68ce7f-4435-4d70-be9c-469c76d28fb8}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:14.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 47193F2E)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 7FE5E5CC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ===================