[aaaa44]

I run MBAM once a week.  It has not found any infections for many months. A few days ago it found an infection, and I quarantined it.  Also, a few days ago I got a what I believe was a fake Microsoft warning saying that my computer was infected and that I need to call the phone number listed immediately.  My computer is running fine, and I cannot detect any problems with it.

 

Do I need to do anything about the infected file MBAM found, or did MBAM quarantine it safely?     

[Advertisements]

Hello aaaa44 and

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.

• Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
• Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
• Please follow all instructions in the order given.
• Please do not install any other software unless advised. This may hinder the removal process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.
  
  
  Important!
  
  Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!
  
  I would strongly recommend you back up your personal data and folders before we begin.
  
  Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
  As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
  
  OK. Let's move on.
  
  Please run some FRST logs and I'll take a look for you.
  
  
  Please download Farbar Recovery Scan Tool and save it to your Desktop.
  Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
• Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
• Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
• The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
• Please also paste that along with the FRST.txt into your reply.
  Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

[Bruce1270]

Hello aaaa44 and

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.

• Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
• Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
• Please follow all instructions in the order given.
• Please do not install any other software unless advised. This may hinder the removal process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.
  
  
  Important!
  
  Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!
  
  I would strongly recommend you back up your personal data and folders before we begin.
  
  Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
  As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
  
  OK. Let's move on.
  
  Please run some FRST logs and I'll take a look for you.
  
  
  Please download Farbar Recovery Scan Tool and save it to your Desktop.
  Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
• Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
• Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
• The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
• Please also paste that along with the FRST.txt into your reply.
  Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

[aaaa44]

While running the Farbar scan I got an AVG message that said the UI did not load or something like that.  I have received this same message a couple times recently.

 

  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.09.2018
Ran by Steve9697 (administrator) on LENOVO-PC (12-09-2018 14:44:04)
Running from C:\Users\Steve9697\Desktop
Loaded Profiles: Steve9697 (Available Profiles: Steve9697)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291056 2018-08-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-08-24] (Piriform Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F688769F-6A3C-44A1-B4D4-1F50E2E946BD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F71F3517-C3E8-4CB5-AD56-081EE2EC6E92}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={13BB2D5C-F30E-407D-84B8-ABD5F12A9B60}&mid=cf7f00884b8a47d2a1e011769372a57a-e430d6d9335b746559a7e0ea3c233e391f2628d2&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117av&pr=fr&d=2017-01-22 06:28:20&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {A4A33017-9042-4A4D-8471-96CF3E1A2F6E} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-15] (AVG)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

FireFox:
========
FF DefaultProfile: 0zf3pnj8.default-1486589586370-1503817334726
FF ProfilePath: C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\0zf3pnj8.default-1486589586370-1503817334726 [2018-09-12]
FF Extension: (Firefox Monitor) - C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\0zf3pnj8.default-1486589586370-1503817334726\features\{4b77dfc6-5ca9-4dd5-b428-e70dabc6a56a}\[email protected] [2018-09-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1307137307-3646667384-4218071605-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Steve9697\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-27] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default [2018-09-12]
CHR Extension: (Slides) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-24]
CHR Extension: (Docs) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-24]
CHR Extension: (Google Drive) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-24]
CHR Extension: (YouTube) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (AVG Secure Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-07-19]
CHR Extension: (Google Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-02]
CHR Extension: (Sheets) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-24]
CHR Extension: (Gmail) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-24]
CHR HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [323512 2018-08-31] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8043904 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin Ltd. or its subsidiaries)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 vToolbarUpdater40.3.8; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe" [X]
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\windows\System32\drivers\avgArPot.sys [192104 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\windows\System32\drivers\avgbidsdrivera.sys [222288 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\windows\System32\drivers\avgbidsha.sys [194224 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\windows\System32\drivers\avgbloga.sys [339048 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\windows\System32\drivers\avgbuniva.sys [51952 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\windows\System32\drivers\avgHwid.sys [39352 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\windows\System32\drivers\avgMonFlt.sys [155664 2018-09-11] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\windows\System32\drivers\avgRdr2.sys [104256 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\windows\System32\drivers\avgRvrt.sys [78864 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\windows\System32\drivers\avgSnx.sys [1020112 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\windows\System32\drivers\avgSP.sys [459624 2018-09-04] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\windows\System32\drivers\avgStm.sys [208216 2018-09-12] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\windows\System32\drivers\avgVmm.sys [373944 2018-08-31] (AVG Technologies CZ, s.r.o.)
R3 GeneStor; C:\windows\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-12] (Malwarebytes)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-20] (Realtek Semiconductor Corporation )
R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-12 14:44 - 2018-09-12 14:45 - 000016567 _____ C:\Users\Steve9697\Desktop\FRST.txt
2018-09-12 14:42 - 2018-09-12 14:38 - 002413568 _____ (Farbar) C:\Users\Steve9697\Desktop\FRST64.exe
2018-09-12 14:41 - 2018-09-12 14:41 - 000001131 _____ C:\Users\Steve9697\Downloads\FRST64.exe - Shortcut.lnk
2018-09-12 14:40 - 2018-09-12 14:44 - 000000000 ____D C:\FRST
2018-09-12 14:38 - 2018-09-12 14:38 - 002413568 _____ (Farbar) C:\Users\Steve9697\Downloads\FRST64.exe
2018-09-12 11:30 - 2018-09-12 11:30 - 007797989 _____ C:\Users\Steve9697\Desktop\bookmarks.html
2018-09-04 12:23 - 2018-09-04 12:24 - 016798624 _____ (Piriform Ltd) C:\Users\Steve9697\Downloads\ccsetup546.exe
2018-09-02 05:59 - 2018-09-02 05:59 - 000002891 _____ C:\Users\Steve9697\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audiobook Cutter FE.lnk
2018-09-02 05:59 - 2018-09-02 05:59 - 000000984 _____ C:\Users\Steve9697\Desktop\Audiobook Cutter FE.lnk
2018-09-02 05:59 - 2018-09-02 05:59 - 000000000 ____D C:\Program Files (x86)\AudiobookCutterFE
2018-09-02 05:58 - 2018-09-02 05:58 - 001271808 _____ C:\Users\Steve9697\Downloads\AudiobookCutterFE_EN(1).msi
2018-09-02 05:48 - 2018-09-02 05:48 - 000002891 _____ C:\Users\Steve9697\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audiobook Cutter Demo.lnk
2018-09-02 05:48 - 2018-09-02 05:48 - 000000000 ____D C:\Program Files (x86)\AudiobookCutterDemo
2018-09-02 05:46 - 2018-09-02 05:46 - 001274368 _____ C:\Users\Steve9697\Downloads\AudiobookCutterDemo_EN.msi
2018-09-02 05:42 - 2018-09-02 05:43 - 001271808 _____ C:\Users\Steve9697\Downloads\AudiobookCutterFE_EN.msi
2018-09-01 22:18 - 2018-09-02 05:48 - 000000000 ____D C:\Users\Steve9697\AppData\Roaming\audacity
2018-09-01 22:18 - 2018-09-01 22:18 - 000001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2018-09-01 22:18 - 2018-09-01 22:18 - 000000000 ____D C:\Users\Steve9697\AppData\Local\Audacity
2018-09-01 22:18 - 2018-09-01 22:18 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-09-01 22:11 - 2018-09-01 22:12 - 020248056 _____ (Audacity Team ) C:\Users\Steve9697\Downloads\audacity-win-2.2.2.exe
2018-08-31 15:28 - 2018-08-31 15:28 - 000380656 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\avgBoot.exe
2018-08-30 07:09 - 2018-09-12 10:36 - 000259360 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-08-22 06:06 - 2018-08-22 06:06 - 000000000 ____D C:\Users\Steve9697\AppData\Local\mbam
2018-08-15 03:20 - 2018-07-19 00:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-08-15 03:20 - 2018-07-18 23:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-08-15 03:20 - 2018-07-18 21:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-08-15 03:20 - 2018-07-18 21:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-08-15 03:20 - 2018-07-18 21:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-08-15 03:20 - 2018-07-18 21:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-08-15 03:20 - 2018-07-18 21:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-08-15 03:20 - 2018-07-18 21:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2018-08-15 03:20 - 2018-07-18 21:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-08-15 03:20 - 2018-07-18 21:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-08-15 03:20 - 2018-07-18 20:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-08-15 03:20 - 2018-07-18 20:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-08-15 03:20 - 2018-07-18 20:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-08-15 03:20 - 2018-07-18 20:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-08-15 03:20 - 2018-07-18 20:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-08-15 03:20 - 2018-07-18 20:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-08-15 03:20 - 2018-07-18 20:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-08-15 03:20 - 2018-07-18 20:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-08-15 03:20 - 2018-07-18 20:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-08-15 03:20 - 2018-07-18 20:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-08-15 03:20 - 2018-07-18 20:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-08-15 03:20 - 2018-07-18 20:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-08-15 03:20 - 2018-07-18 20:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-08-15 03:20 - 2018-07-13 00:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-08-15 03:20 - 2018-07-07 11:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-08-15 03:20 - 2018-07-07 10:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-08-15 03:20 - 2018-07-06 10:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2018-08-15 03:20 - 2018-07-06 09:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2018-08-15 03:20 - 2018-06-30 11:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-08-15 03:20 - 2018-06-24 08:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-08-15 03:20 - 2018-06-24 08:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-08-15 03:20 - 2018-06-19 06:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-08-15 03:20 - 2018-06-19 06:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-08-15 03:20 - 2018-06-16 08:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-08-15 03:20 - 2018-06-14 21:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2018-08-15 03:20 - 2018-06-14 19:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-08-15 03:20 - 2018-06-14 18:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2018-08-15 03:20 - 2018-06-14 18:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2018-08-15 03:20 - 2018-06-14 18:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2018-08-15 03:20 - 2018-06-14 18:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2018-08-15 03:19 - 2018-07-18 23:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-08-15 03:19 - 2018-07-18 21:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-08-15 03:19 - 2018-07-18 21:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-08-15 03:19 - 2018-07-18 21:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-08-15 03:19 - 2018-07-18 21:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-08-15 03:19 - 2018-07-18 20:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2018-08-15 03:19 - 2018-07-18 20:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-08-15 03:19 - 2018-07-18 20:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-08-15 03:19 - 2018-07-18 20:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-08-15 03:19 - 2018-07-18 20:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-08-15 03:19 - 2018-07-18 20:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-08-15 03:19 - 2018-07-18 20:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-08-15 03:19 - 2018-07-18 20:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-08-15 03:19 - 2018-07-18 20:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-08-15 03:19 - 2018-07-18 20:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-08-15 03:19 - 2018-07-18 20:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-08-15 03:19 - 2018-07-07 10:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-08-15 03:19 - 2018-07-07 10:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-08-15 03:19 - 2018-07-07 09:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-08-15 03:19 - 2018-07-07 09:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-08-15 03:19 - 2018-06-19 06:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2018-08-15 03:19 - 2018-06-19 06:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2018-08-15 03:19 - 2018-06-16 07:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-08-15 03:19 - 2018-06-14 19:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-08-15 03:19 - 2018-06-14 19:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-08-15 03:19 - 2018-06-14 18:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2018-08-15 03:19 - 2018-06-08 11:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-12 13:45 - 2016-11-18 01:59 - 000000000 ____D C:\Users\Steve9697\AppData\LocalLow\Mozilla
2018-09-12 11:41 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\NDF
2018-09-12 11:41 - 2013-08-22 06:36 - 000000000 ____D C:\windows\Inf
2018-09-12 11:31 - 2014-10-16 17:52 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2018-09-12 11:31 - 2014-05-26 11:35 - 000000000 ____D C:\ProgramData\Temp
2018-09-12 11:29 - 2013-08-22 08:20 - 000000000 ____D C:\windows\CbsTemp
2018-09-12 11:18 - 2014-11-12 12:08 - 000000000 ____D C:\windows\system32\MRT
2018-09-12 11:13 - 2014-11-12 12:08 - 139184408 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-09-12 11:13 - 2014-10-01 00:48 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1307137307-3646667384-4218071605-1001
2018-09-12 10:47 - 2017-06-19 01:43 - 000208216 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgStm.sys
2018-09-12 10:42 - 2014-10-01 00:51 - 000003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{89EF1102-66E7-4EB6-A594-1EFDDFF5FBB9}
2018-09-12 10:37 - 2015-02-25 16:16 - 000000000 ___RD C:\Users\Steve9697\OneDrive
2018-09-12 10:37 - 2014-10-01 00:42 - 000000000 ____D C:\Users\Steve9697
2018-09-12 10:36 - 2016-07-21 02:14 - 000008192 _____ C:\windows\SysWOW64\WDPABKP.dat
2018-09-12 10:36 - 2013-08-22 07:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-09-11 23:01 - 2017-06-19 01:43 - 000004174 _____ C:\windows\System32\Tasks\Antivirus Emergency Update
2018-09-11 17:20 - 2017-06-13 15:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-09-11 17:20 - 2014-10-16 13:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-11 17:19 - 2013-08-22 06:25 - 000524288 ___SH C:\windows\system32\config\BBI
2018-09-11 14:44 - 2018-03-14 01:45 - 000004472 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-11 14:44 - 2015-01-27 23:37 - 000004288 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-09-11 14:44 - 2013-08-22 08:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-09-11 14:44 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\Macromed
2018-09-11 12:25 - 2017-06-19 01:43 - 000155664 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgMonFlt.sys
2018-09-10 02:47 - 2014-10-16 17:55 - 000000000 ____D C:\Program Files\CCleaner
2018-09-07 21:28 - 2014-10-16 13:55 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-09-06 12:35 - 2017-10-24 15:03 - 000004128 _____ C:\windows\System32\Tasks\CCleaner Update
2018-09-05 04:28 - 2015-10-08 11:25 - 000000000 ____D C:\Users\Steve9697\AppData\Roaming\Anvsoft
2018-09-04 13:41 - 2014-03-18 02:53 - 000863592 _____ C:\windows\system32\PerfStringBackup.INI
2018-09-04 12:25 - 2014-10-16 17:55 - 000000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-04 11:06 - 2017-06-19 01:43 - 000459624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSP.sys
2018-08-31 15:29 - 2017-06-19 01:43 - 000078864 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRvrt.sys
2018-08-31 15:28 - 2017-11-27 15:10 - 000192104 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArPot.sys
2018-08-31 15:28 - 2017-06-19 01:43 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgVmm.sys
2018-08-31 15:28 - 2017-06-19 01:43 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRdr2.sys
2018-08-31 15:28 - 2017-06-19 01:43 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgHwid.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSnx.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbloga.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsdrivera.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsha.sys
2018-08-31 15:27 - 2017-06-19 01:43 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbuniva.sys
2018-08-30 07:08 - 2017-09-13 16:17 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-08-30 04:13 - 2018-07-18 11:27 - 000000000 ____D C:\Users\Steve9697\AppData\Local\CrashDumps
2018-08-23 11:32 - 2015-11-04 11:34 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-08-17 18:24 - 2013-08-22 08:36 - 000000000 ____D C:\windows\rescache
2018-08-15 22:56 - 2013-08-22 07:44 - 000371472 _____ C:\windows\system32\FNTCACHE.DAT
2018-08-15 22:51 - 2013-08-22 08:36 - 000000000 ___RD C:\windows\ToastData
2018-08-14 22:58 - 2016-03-02 00:15 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-14 01:36 - 2013-08-22 08:36 - 000000000 ____D C:\windows\AppReadiness

==================== Files in the root of some directories =======

2015-03-19 02:03 - 2015-03-19 02:03 - 000000038 ___SH () C:\Users\Steve9697\AppData\Local\69ff07055291669bb2b218.72821112
2017-07-11 10:05 - 2017-07-11 10:05 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{0D6263E4-37F9-4F15-8B23-D744C38AE971}
2017-08-02 01:08 - 2017-08-02 01:08 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{553BEC90-D9D7-429E-8E8A-48268AB247EE}
2017-11-21 02:39 - 2017-11-21 02:39 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{6FDE4617-C3D8-4B6D-9C8C-7EB3F1F61D01}
2017-07-14 14:30 - 2017-07-14 14:30 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{82DD34B9-19D5-44FB-8AAA-89805F2BD89F}
2017-07-12 13:16 - 2017-07-12 13:16 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{9F2EE62A-02A1-4C22-BBE1-412774DD4430}
2016-12-16 16:01 - 2016-12-16 16:01 - 000000000 _____ () C:\Users\Steve9697\AppData\Local\{D5E557FA-6162-4CDA-A8DE-829D93D047A9}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-10 04:46

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018
Ran by Steve9697 (12-09-2018 14:46:22)
Running from C:\Users\Steve9697\Desktop
Windows 8.1 Connected (Update) (X64) (2014-10-01 07:42:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1307137307-3646667384-4218071605-500 - Administrator - Disabled)
Guest (S-1-5-21-1307137307-3646667384-4218071605-501 - Limited - Disabled)
Steve9697 (S-1-5-21-1307137307-3646667384-4218071605-1001 - Administrator - Enabled) => C:\Users\Steve9697

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{11F6087F-2114-45B5-9EB3-F80E1368CBE9}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ANT Drivers Installer x64 (HKLM\...\{20AB389B-8602-403C-B19B-F0A1D6C510A5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.4 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Audiobook Cutter Demo (HKLM-x32\...\{40BB5CF5-BA5D-40A7-BB82-0FB77FF7F45B}) (Version: 1.9.4 - Audiobook Software)
Audiobook Cutter Free Edition (HKLM-x32\...\{D52FFC61-0647-44FA-B142-E54574B27729}) (Version: 1.9.4 - Audiobook Software)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.6.3066 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Brother Software Suite (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
ChairGun4 4.3.2 (HKLM-x32\...\{1EFE73CA-B847-4F80-958B-3DE1CE690FE3}_is1) (Version:  - Hawke Sport Optics)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Elevated Installer (HKLM-x32\...\{6E257EB0-5EFF-416D-82D4-592924566BB4}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E1C18A5C-63D7-4DC5-977F-5B4BAB4169D9}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo SoftAP (HKLM-x32\...\{F5A08FAD-697C-4952-9E7D-F741CD42F069}) (Version: 1.0.0.17 - Realtek)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 62.0 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0 (x64 en-US)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - )
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-08-31] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-12-30] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-08-31] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FCCD4EE-DF2A-407B-AB66-BF3422B5357F} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {1AB60F8E-FCC0-4DC0-ADFE-406CC681F9A5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {2BC38040-1277-4F89-9D5D-05A0AA6455AC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {2BC38040-1277-4F89-9D5D-05A0AA6455AC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\windows\system32\GWX\GWXDetector.exe [2015-09-24] (Microsoft Corporation)
Task: {54304288-479D-4399-94FA-CA0E758F4291} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {5ACBB1FE-E7C3-47E4-B38E-13197A2DD128} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {678218CB-1275-4424-9853-8927A4DF4F36} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {7F0B2783-9391-4C27-A4B3-4E14FFA4A772} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {88024B17-85FD-460E-AD99-3CE8C7561BAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {98FD34EF-9E84-4441-9FE9-AF078DDD14AB} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {A7877AC7-A448-4D17-9B02-35881C8770D1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-11] (Adobe Systems Incorporated)
Task: {AC89DB9B-CDD2-444C-8C71-79069453B7D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {AE09C122-7DCB-43AC-AF5A-892FE5860B7B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-11] (Adobe Systems Incorporated)
Task: {AFE28CE4-7925-4B2B-8554-3D6E49D7FC5E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {AFE28CE4-7925-4B2B-8554-3D6E49D7FC5E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\windows\system32\GWX\GWXDetector.exe [2015-09-24] (Microsoft Corporation)
Task: {B015C726-5B67-443C-891B-D0005EA0A703} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-06-06] ()
Task: {B9EA530E-6C95-4602-B5DD-4D4DBCC0FB77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {B9EA530E-6C95-4602-B5DD-4D4DBCC0FB77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {B9EA530E-6C95-4602-B5DD-4D4DBCC0FB77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\windows\system32\GWX\GWXDetector.exe [2015-09-24] (Microsoft Corporation)
Task: {BE12D3E9-1792-4560-AB51-F65494D28D7C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-08-31] (AVG Technologies CZ, s.r.o.)
Task: {C4DC4ECF-C0E2-479C-B45C-FBED8E616544} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C89F2E5A-4B64-426E-A7DB-F7FFBA54DA5B} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-11] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-05-26 11:24 - 2011-08-16 20:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2014-05-26 11:43 - 2013-05-14 11:53 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-11-07 13:41 - 2018-08-30 07:08 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2014-05-26 11:23 - 2013-10-25 02:23 - 000053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2014-05-26 11:24 - 2011-08-16 20:46 - 000024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2018-06-06 14:31 - 2018-06-06 14:31 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2014-05-26 11:24 - 2011-05-17 13:27 - 000028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2017-02-07 16:44 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-03-02 15:41 - 2018-03-02 15:42 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-08-31 15:27 - 2018-08-31 15:27 - 000574192 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\google.com -> hxxps://accounts.google.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2018-09-07 01:12 - 000000035 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "LVT"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BDF16C49-93CD-4CEB-A984-F0A82708E316}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F639D26B-E28B-4E47-ACCA-3EFEBD8D6F40}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{ACCDB750-845A-4473-983D-3C8904568017}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{44A32B92-C515-4CF8-ACB3-16275EF74E6B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{72266752-7B5D-4693-B874-F2167A9C7A29}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1CD0E376-D966-4CB1-A110-58A0F9A2D4ED}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{65CB4B1F-D6C9-4260-B7DD-D88963C311E8}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{81AC19CA-D61D-4E23-BD91-9A7E5FFA49DF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{240EBF9B-0195-4A7E-B0F4-4C3CCB63C03C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{170EE1B5-ED7D-4ECC-AA3A-AC81AEDB7A70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D1B786E-01E6-40FA-8520-7AB001818487}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{87C34D4C-5CB7-48E5-AB97-1641F1BA8C87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D7FD550D-241A-4BA4-B24B-625FF76E0528}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6A8143D0-0296-44E0-8016-81D1050FD513}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{952C7416-76EB-4244-8286-47F92165C5BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{04F1F35B-047D-4ECE-A57E-F7B35E946525}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{EC253810-3EA7-4064-B82F-0D3EB7B62447}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8A06E90E-60B3-4F68-9F2C-1C53829CA5E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23595B4C-2AF0-4CC1-9F9D-04A016034259}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F46B25B1-9F9F-4D34-9133-82AE6614FA27}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8457566B-D38F-42B7-BEA7-53BB971B5A2A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8A74A29A-AB8F-4479-B798-A16883101AFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CA9F9F7B-C896-46A1-B6EB-453DFADD0D50}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6F93776B-F6CD-41D8-9192-26E2DE1DA17A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F53B1D18-3E82-4F97-9D1E-81226A69BF73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2D9EC8F5-7C75-4619-9C51-A11C5F9F76FA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4BA2815A-BEA2-4C6D-9E35-EE554C7D3DBD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{8B6FEE9E-8DB0-4E19-BD59-43A96043D086}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5A025FBD-2C83-49CE-91F2-03978D694920}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DE1B209F-DFDE-493E-AE59-C16DFB0F8F37}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BDE2133C-BF5A-430B-91BB-C936BABC9C29}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E4DE94B-540F-4512-8575-E646D517F0B8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{002BBBC3-D374-4B75-914A-007C0295F3CC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{EF91260D-42D1-49A4-8B3C-605F586E0227}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FBC9C41A-0958-4B2E-988E-C51F08F29A91}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{442938AE-6AE4-46DE-A0ED-2FF6DF1D8686}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C4B68898-F3E3-4115-AE77-097C1DB72D41}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{172E28C5-F1D7-418B-A967-1B85E9A74F9B}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{0260590E-5405-41FD-9C33-1B06E3298613}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{0BF2142D-5A79-4B7D-B997-65E03CAEE492}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

27-08-2018 01:41:32 Scheduled Checkpoint
02-09-2018 05:47:13 Installed Audiobook Cutter Demo
02-09-2018 05:58:59 Installed Audiobook Cutter Free Edition
11-09-2018 13:06:10 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2018 10:48:32 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (1476) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/12/2018 10:48:32 AM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (1476) WebCacheLocal: An attempt to open the file "C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/12/2018 01:34:34 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2780) An attempt to open the file "C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/11/2018 05:21:55 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (09/11/2018 05:21:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/09/2018 06:11:42 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (5716) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/09/2018 06:11:30 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (6740) An attempt to open the file "C:\Users\Steve9697\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/29/2018 02:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AVCFree.exe, version: 5.8.4.0, time stamp: 0x55fbbb73
Faulting module name: DuiLib_u.dll, version: 0.0.0.0, time stamp: 0x55fbbb37
Exception code: 0xc0000005
Fault offset: 0x0001d588
Faulting process id: 0x13cc
Faulting application start time: 0x01d43fd669021c7c
Faulting application path: C:\Program Files (x86)\Anvsoft\Any Video Converter\AVCFree.exe
Faulting module path: C:\Program Files (x86)\Anvsoft\Any Video Converter\DuiLib_u.dll
Report Id: d1830a3f-abcf-11e8-838f-c03fd5964c89
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (09/12/2018 10:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.3.8 service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/12/2018 10:35:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WtuSystemSupport service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/12/2018 10:35:36 AM) (Source: GeneStor) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/12/2018 10:35:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:01:18 AM on ‎9/‎12/‎2018 was unexpected.

Error: (09/11/2018 05:40:40 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.18.
The computer with the IP address 192.168.1.104 did not allow the name to be claimed by
this computer.

Error: (09/11/2018 05:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.3.8 service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/11/2018 05:21:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WtuSystemSupport service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/11/2018 05:20:58 PM) (Source: GeneStor) (EventID: 0) (User: )
Description: Event-ID 0


Windows Defender:
===================================
Date: 2017-06-19 06:08:41.002
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2017-06-19 05:19:27.654
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 117.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.13804.0
Error code: 0x80070002
Error description: The system cannot find the file specified.

Date: 2017-06-19 05:19:26.654
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.1013.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x800b0100
Error description: No signature was present in the subject.

Date: 2017-06-19 05:19:26.654
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.1013.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x800b0100
Error description: No signature was present in the subject.

Date: 2017-06-19 05:12:50.385
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

CodeIntegrity:
===================================

Date: 2018-09-07 18:52:39.840
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-07 18:52:38.684
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-07 18:52:37.527
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-07 18:52:36.356
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-07 18:52:35.184
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-07 18:52:34.027
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-07 18:52:32.855
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-07 18:52:31.683
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 69%
Total physical RAM: 3983.75 MB
Available physical RAM: 1222.89 MB
Total Virtual: 5007.75 MB
Available Virtual: 1510.37 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:269.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:801.05 GB) NTFS

\\?\Volume{61bd4a58-f561-4c73-93be-019161e145df}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.61 GB) NTFS
\\?\Volume{3d68ce7f-4435-4d70-be9c-469c76d28fb8}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:14.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 47193F2E)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 7FE5E5CC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ===================

[Bruce1270]

Hi aaaa44

Just a few things to tidy up.

Step1 - Remove Programs
Please uninstall the following unwanted programs:

AVG Web TuneUp

• Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
• Enter control panel in the search box, then tap or click Control Panel.
• Under View by:, select Large Icons, then tap or click Programs and features.
• Tap or click the program, then tap or click Uninstall.
• Follow the instructions on screen.
  
  Step2 - FRST fix
  
  
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  
  Download the attached fixlist.txt to your desktop.  fixlist.txt   2.63KB   180 downloads
• Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
  
• Run FRST by right clicking on it and selecting Run as Administrator and press Fix
• On completion a log (fixlog.txt) will be generated.
• Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.
  
  Step3 - AdwCleaner
  
  Download AdwCleaner from here to the Desktop
• Close all open windows and browsers
• Double click the Adwcleaner icon to execute the program
• When the Tool opens for the first time accept the Terms of use
• Click on Settings
  
  turn on -
  Delete IFEO keys
  Reset Chrome policies
  Reset TCP/IP
  Reset IPSec
  Reset IE policies
• Click on Dashboard
  
• Click the Scan Now button and wait for the program to finish.
• If threats are found, Click on Clean & Repair. If no threats are found, click on View Log File and Copy/Paste log into your next reply.
  
• you may be prompted to restart your computer. Do so.
• Upon completion,you'll get the following screen.
  
• Click on View Log File.
• Copy and Paste the log into your next reply.
  
  Things for your next post:
• fixlog.txt
• AdwCleaner[C*].txt
• How is the computer running now?

[aaaa44]

When I tried uninstalling AVG Web TuneUp I kept getting a message saying that there was a problem with uninstalling, but just now when I tried to uninstall it again I got a message saying that there was a problem with uninstalling and that could be because the program was already uninstalled.  My computer seems to be running fine.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018
Ran by Steve9697 (14-09-2018 19:47:58) Run:1
Running from C:\Users\Steve9697\Desktop
Loaded Profiles: Steve9697 (Available Profiles: Steve9697)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={13BB2D5C-F30E-407D-84B8-ABD5F12A9B60}&mid=cf7f00884b8a47d2a1e011769372a57a-e430d6d9335b746559a7e0ea3c233e391f2628d2&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117av&pr=fr&d=2017-01-22 06:28:20&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {A4A33017-9042-4A4D-8471-96CF3E1A2F6E} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-15] (AVG)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-07-19]
CHR HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
S2 vToolbarUpdater40.3.8; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe" [X]
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {678218CB-1275-4424-9853-8927A4DF4F36} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files\AVG Web TuneUp
C:\Program Files (x86)\Common Files\AVG Secure Search
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt" => removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4A33017-9042-4A4D-8471-96CF3E1A2F6E}" => removed successfully
HKLM\Software\Classes\CLSID\{A4A33017-9042-4A4D-8471-96CF3E1A2F6E} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
CHR Extension: (AVG Secure Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-07-19] => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn" => removed successfully
"HKLM\System\CurrentControlSet\Services\vToolbarUpdater40.3.8" => removed successfully
vToolbarUpdater40.3.8 => service removed successfully
"HKLM\System\CurrentControlSet\Services\WtuSystemSupport" => removed successfully
WtuSystemSupport => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678218CB-1275-4424-9853-8927A4DF4F36}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678218CB-1275-4424-9853-8927A4DF4F36}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" => removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
C:\Program Files (x86)\AVG Web TuneUp => moved successfully
C:\Program Files\AVG Web TuneUp => moved successfully

"C:\Program Files (x86)\Common Files\AVG Secure Search" folder move:

Could not move "C:\Program Files (x86)\Common Files\AVG Secure Search" => Scheduled to move on reboot.


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15736167 B
Java, Flash, Steam htmlcache => 564 B
Windows/system/drivers => 8782530 B
Edge => 0 B
Chrome => 142485 B
Firefox => 1090461755 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 3306 B
NetworkService => 0 B
Steve9697 => 21015026 B

RecycleBin => 536937874 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

 

 

 

 

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-14.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-15-2018
# Duration: 00:00:05
# OS: Windows 8.1 Connected
# Cleaned: 20
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Pokki
Deleted C:\ProgramData\avg web tuneup
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
Deleted C:\Users\Steve9697\AppData\Local\avg web tuneup
Deleted C:\Program Files\Common Files\AVG Secure Search
Deleted C:\Users\Steve9697\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp

***** [ Files ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Deleted C:\Users\Steve9697\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\AVG Tuneup
Deleted HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2971 octets] - [15/09/2018 07:01:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Bruce1270]

Hi aaaa44

Next steps

Step1 - Run Malwarebytes again

Open Up Malwarebytes and update the application if prompted.
Click on Scan Now and allow the scan to complete.
If any threats are found put a checkmark on all detected and click on "Quarantine Selected"
Allow the program to complete the process.
Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


Step2 - ESET

Temporary disable your AntiVirus and AntiSpyware protection - instructions here .

Please visit ESET Online Scanner website.
Click Scan Now.

Download esetonlinescanner_enu.exe that you'll be given link to.
Double click esetonlinescanner_enu.exe.
Accept the Terms of Use

To perform the scan:

Make sure that Enable detection of potentially unwanted applications is selected.
In the Advanced Settings dropdown menu:
Enable detection of potentially unsafe applications are checked.
Enable detection of suspicious applications are checked.
Enable Anti-Stealth technology are checked.
Scan archives is checked.
Make sure that Clean threats automatically is unchecked.
Use custom proxy settings is unchecked.
Click Scan
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done results will be displayed. Click the Copy to clipboard.
When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!


Things for your next post:

• MBAM log
• ESET log.txt

[aaaa44]

When I try to disable AVG I get a "UI Failed To Load" popup.  I have been getting  this popup randomly lately. 

[Bruce1270]

okay. we'll come back to that. Follow the rest of the instructions.

Don't worry if the AV isn't disabled, the jobs should still run.

[aaaa44]

When I open Windows Defender to disable it I get this message: "This app has been turned off and isn't monitoring your computer."  Isn't Defender my current firewall?

[Bruce1270]

Hi aaaa44

Since Windows 8, Windows Defender has been Microsoft's built in Anti Virus. As you have another AV installed, AVG, this disables Windows Defender as it's never a good idea to have more than one anti virus.

Windows Firewall is a separate piece of software which restricts incoming and outgoing connections to and from your computer. It's currently enabled as shown in your FRST log.
 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

[aaaa44]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/16/18
Scan Time: 3:51 PM
Log File: 098c4898-ba03-11e8-9d06-c03fd5964c89.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.6569
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: LENOVO-PC\Steve9697

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 275733
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 14 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

Is this a correct result for the ESET scan?  I had to remove the asterisk in ESETlog*.txt in order for it to save to my desktop.

 

ÿþC#:#\#U#s#e#r#s#\#S#t#e#v#e#9#6#9#7#\#D#o#c#u#m#e#n#t#s#\#M#y# #D#o#c#u#m#e#n#t#s#\#M#y# #D#o#c#u#m#e#n#t#s#\#D#o#w#n#l#o#a#d#s#\#s#p#s#e#t#u#p#1#2#6#.#e#x#e#    #W#i#n#3#2#/#B#u#n#d#l#e#d#.#T#o#o#l#b#a#r#.#G#o#o#g#l#e#.#D# #p#o#t#e#n#t#i#a#l#l#y# #u#n#s#a#f#e# #a#p#p#l#i#c#a#t#i#o#n#    #

[Bruce1270]

Hi aaaa44

ESET log has come up a bit strange but i can make out what's in it.

After you run this script below please confirm if your AVG "UI failed to load" pop up has now stopped.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.  fixlist.txt   217bytes   182 downloads

• Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
  
• Run FRST by right clicking on it and selecting Run as Administrator and press Fix
• On completion a log (fixlog.txt) will be generated.
• Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.
  
  How is the computer running now?

[aaaa44]

My computer seems to be running fine.  I won't know if the "UI failed to load" popup has stopped until I have used my computer for a while.  The popup is not very consistent.  I've had my computer on for the last several hours with the monitor off, and when I turned the monitor on a half hour ago the popup was there.  I have a few questions before you end this topic.   

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018
Ran by Steve9697 (14-09-2018 19:47:58) Run:1
Running from C:\Users\Steve9697\Desktop
Loaded Profiles: Steve9697 (Available Profiles: Steve9697)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={13BB2D5C-F30E-407D-84B8-ABD5F12A9B60}&mid=cf7f00884b8a47d2a1e011769372a57a-e430d6d9335b746559a7e0ea3c233e391f2628d2&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117av&pr=fr&d=2017-01-22 06:28:20&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {A4A33017-9042-4A4D-8471-96CF3E1A2F6E} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-15] (AVG)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-07-19]
CHR HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
S2 vToolbarUpdater40.3.8; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe" [X]
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {678218CB-1275-4424-9853-8927A4DF4F36} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files\AVG Web TuneUp
C:\Program Files (x86)\Common Files\AVG Secure Search
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt" => removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4A33017-9042-4A4D-8471-96CF3E1A2F6E}" => removed successfully
HKLM\Software\Classes\CLSID\{A4A33017-9042-4A4D-8471-96CF3E1A2F6E} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
CHR Extension: (AVG Secure Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-07-19] => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn" => removed successfully
"HKLM\System\CurrentControlSet\Services\vToolbarUpdater40.3.8" => removed successfully
vToolbarUpdater40.3.8 => service removed successfully
"HKLM\System\CurrentControlSet\Services\WtuSystemSupport" => removed successfully
WtuSystemSupport => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678218CB-1275-4424-9853-8927A4DF4F36}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678218CB-1275-4424-9853-8927A4DF4F36}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" => removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
C:\Program Files (x86)\AVG Web TuneUp => moved successfully
C:\Program Files\AVG Web TuneUp => moved successfully

"C:\Program Files (x86)\Common Files\AVG Secure Search" folder move:

Could not move "C:\Program Files (x86)\Common Files\AVG Secure Search" => Scheduled to move on reboot.


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15736167 B
Java, Flash, Steam htmlcache => 564 B
Windows/system/drivers => 8782530 B
Edge => 0 B
Chrome => 142485 B
Firefox => 1090461755 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 3306 B
NetworkService => 0 B
Steve9697 => 21015026 B

RecycleBin => 536937874 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

CreateRestorePoint:
C:\Users\Steve9697\Documents\My Documents\My Documents\Downloads\spsetup126.exe
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
EmptyTemp:

   

[Bruce1270]

Hi aaaa44

I don't think the last FRST fix has run.

Can you delete any older fixlist.txt and fixlog.txt files from your desktop and give it another go please.

Use the fixlist file attached in post #12.

Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.
 

I have a few questions before you end this topic

No problems.

[aaaa44]

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Steve9697 (23-09-2018 04:33:32) Run:3
Running from C:\Users\Steve9697\Desktop
Loaded Profiles: Steve9697 (Available Profiles: Steve9697)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Users\Steve9697\Documents\My Documents\My Documents\Downloads\spsetup126.exe
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
EmptyTemp:

   
*****************

Restore point was successfully created.
C:\Users\Steve9697\Documents\My Documents\My Documents\Downloads\spsetup126.exe => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5435049 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1800 B
Edge => 0 B
Chrome => 0 B
Firefox => 709424791 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2480 B
NetworkService => 0 B
Steve9697 => 14200242 B

RecycleBin => 16808279 B
EmptyTemp: => 719.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:35:28 ====