Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possibly infected laptop [Solved]


  • This topic is locked This topic is locked

#1
nigella

nigella

    Member

  • Member
  • PipPipPip
  • 231 posts

I dont know whether my windows 10 laptop is infected so I have run FARBAR. the files are below please could someone look at the files below and let me know if there is a problem? 

 

thank you in anticipation

 

Nigel

 

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by My Laptop (administrator) on HP (Hewlett-Packard HP Pavilion 15 Notebook PC) (02-01-2020 17:33:20)
Running from C:\Users\My Laptop\Desktop
Loaded Profiles: My Laptop (Available Profiles: My Laptop)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{37800ED1-4DBC-486B-9144-4204124D0FBA}\AvastBrowserInstaller.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Windows\Temp\CR_6B848.tmp\setup.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Windows\Temp\CR_6B848.tmp\setup.exe
(AVG Netherlands B.V. -> ) C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Netherlands B.V. -> ) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Hewlett-Packard -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
(HP Inc. -> HP) C:\Windows\System32\HP3DDGService.exe
(HP Inc. -> HP) C:\Windows\System32\hpservice.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Driver Booster\5.5.1\Pub\PubMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(McAfee, Inc. -> Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(McAfee, Inc. -> Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\My Laptop\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-09-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291056 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-08-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2195968 2018-09-25] (AVG Netherlands B.V. -> )
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\My Laptop\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\My Laptop\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\RunOnce: [Uninstall 18.151.0729.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\My Laptop\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\amd64"
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\RunOnce: [Uninstall 18.151.0729.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\My Laptop\AppData\Local\Microsoft\OneDrive\18.151.0729.0012"
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.62\Installer\chrmstp.exe [2017-10-23] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\69.0.792.82\Installer\chrmstp.exe [2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-10-28] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-03-03]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee, Inc. -> McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-03-03]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee, Inc. -> McAfee)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C097B6A-4C98-47F7-BB82-BFF11FBA1275} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {13BFB1E4-63AA-4722-8119-50F1AE077F9F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {14F75809-F446-4BB6-A0CF-78BB038BFC5D} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [949480 2016-09-20] (McAfee, Inc. -> McAfee, Inc.)
Task: {196EE173-2898-4D1C-B9E6-4DA7A0D378B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {1B78E030-682F-47A5-9B3E-D2CD43656A55} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4179040 2016-12-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {22883568-FB99-4E05-900D-03DB643A56FC} - System32\Tasks\HPCeeScheduleForMy Laptop => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {233EE9D7-45F6-4BBC-A738-4E4464ADECB0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {27C0DE88-9D69-4437-AEC3-F32D335F39DB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {2919C030-F83E-431B-9548-B20BA1FB04AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2D04F07C-A798-4752-B4D8-C6FB5BC46A33} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4548368 2019-12-04] (McAfee, LLC -> McAfee, LLC.)
Task: {2F85F79E-B675-4172-9C81-3623F6AD9B66} - System32\Tasks\Uninstaller_SkipUac_My_Laptop => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5122320 2018-08-27] (IObit Information Technology -> IObit)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36FFB0A2-8B80-4172-9D51-4C092635D90B} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.5.1\Scheduler.exe [147232 2018-07-06] (IObit Information Technology -> IObit)
Task: {372C625B-E632-453D-903F-2B9525D8FAD3} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-10-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {3BD57484-C56A-4566-A1DF-FBA245C2E5A3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3CCBBE39-AB41-4480-AC1F-FEC827FA4597} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {45E0086E-F8F9-489D-887F-CC0176D35E8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-27] (HP Inc. -> HP Inc.)
Task: {54348320-4E6E-49F8-A51F-C40A47FD4DDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [31744 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {60A615FD-0E4D-4E82-9957-94923210ADBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-27] (HP Inc. -> HP Inc.)
Task: {6DA29CA7-C8F6-4C06-8A0C-F94572765405} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\Platform\McAMTaskAgent.exe [908816 2016-10-19] (McAfee, Inc. -> McAfee, Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6F63DEFE-C664-49C8-8FD0-6FFF088F999E} - System32\Tasks\AVG EUpdate Task => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [4072504 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
Task: {72A71EFB-FC2E-4F85-BBFF-5053CC0A7CCB} - System32\Tasks\Driver Booster SkipUAC (My Laptop) => C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe [6074128 2018-07-06] (IObit Information Technology -> IObit)
Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312 2013-09-10] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {7CE92601-E57F-4909-8AF1-973CB00C497D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5122320 2018-08-27] (IObit Information Technology -> IObit)
Task: {7D24931B-ED3B-4069-A010-01A93F65B39C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {7DE460C8-23F0-4608-A751-E945F7B13B1A} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\Platform\McAMTaskAgent.exe [908816 2016-10-19] (McAfee, Inc. -> McAfee, Inc.)
Task: {7F049B41-DB98-4CE1-A8BC-C5BB51FFDD83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8359D2B3-8E7A-444A-A4F1-853956014392} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-02-27] (Google Inc -> Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {A3648063-297C-4F8F-9BA5-9344B5B820B8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {AF5D9B96-088D-4A85-AB40-421CB6028AAC} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2673664 2018-07-26] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
Task: {B0EC75FC-59F3-420E-9977-8031088DB0C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {B3CB2F35-8D1E-4FD2-8663-2A8944C84672} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B8843BD9-9F22-4DD7-B654-697734882744} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2798320 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
Task: {C7DBE5D9-F4C6-4C5E-A307-258829A62EB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA11B275-A965-4396-84EC-05BBDD35BCCA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CB6A16A0-ECB8-44F7-B2B6-0F53DF3DDA5F} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2071592 2018-09-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CF6CD60D-04F8-4453-BC00-D630FEDE2098} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {D1480C28-B374-4562-9C02-A0FBDECF1B08} - \WPD\SqmUpload_S-1-5-21-4036567448-3610357976-3683549566-1002 -> No File <==== ATTENTION
Task: {D98C3C9D-1F1F-4217-A74F-E92148B734E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1057648 2017-09-25] (HP Inc. -> HP Inc.)
Task: {DB42DDE4-7167-4784-AEA7-93DA1C0AF4EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DB7B58A7-42E7-40FC-A51F-FA19C85F09A7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E2FF1C8E-FEF5-4B2B-B6CD-3873A345259C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [120680 2017-06-22] (HP Inc. -> HP Inc.)
Task: {E455A447-BE2E-45F2-8166-AA88B1A25098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-02-27] (Google Inc -> Google Inc.)
Task: {F29B5190-305B-4AF5-A592-E067C4E450F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [208232 2017-04-01] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMy Laptop.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1260d2a8-ad54-4341-b97b-eb75dcd479f0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4978b2be-f9b8-4d90-985a-6549af04307a}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {3FD9EC4C-CA4B-4F66-94CE-BB0B4D3B91A2} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151218&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={92EB5056-A40C-4AAA-A535-1C1E23A8ACDC}&mid=54e6028b216e47cca7fe719a878da99b-300f3c0fc0935ee21f95b56a165a42b89d411439&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-11-10 17:30:43&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll [2018-09-25] (AVG Netherlands B.V. -> AVG)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-03-03] (McAfee, Inc. -> McAfee)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll [2018-09-25] (AVG Netherlands B.V. -> AVG)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-03-03] (McAfee, Inc. -> McAfee)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-03-03] (McAfee, Inc. -> McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-03-03] (McAfee, Inc. -> McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-11-21] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-11-21] (McAfee, Inc. -> McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default [2020-01-01]
FF user.js: detected! => C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\user.js [2014-07-22]
FF Homepage: Mozilla\Firefox\Profiles\u1l4q535.default -> hxxp://rocket-find.com/?f=1&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
FF Extension: (AVG Web TuneUp) - C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\Extensions\[email protected] [2018-09-25] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avg/wtu/update.json]
FF Extension: (McAfee SafeKey) - C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-03-03] [Legacy] [not signed]
FF Extension: (Yahoo! Toolbar) - C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-25] [Legacy] [not signed]
FF Extension: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor [2020-01-02] [Legacy] [not signed]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Legacy]
FF SearchPlugin: C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\avg-secure-search.xml [2018-09-27]
FF SearchPlugin: C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\McSiteAdvisor.xml [2017-11-03]
FF SearchPlugin: C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\WSE Rocket.xml [2014-08-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-12-17] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-21] (McAfee, Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-21] (McAfee, Inc. -> )
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-24] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-24] (Google Inc -> Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] (WildTangent Inc -> )
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default [2018-09-24]
CHR Extension: (McAfee SafeKey) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2017-10-23]
CHR Extension: (AVG Secure Search) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-10-23]
CHR Extension: (ARC Welder) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2017-10-23]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-23]
CHR Extension: (AVG SafePrice) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-10-23]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2017-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-23]
CHR Extension: (Show Box) - C:\Users\My Laptop\Downloads\com.tdo.showbox_4.94-104.apk_export_QvuGj [2017-10-23]
CHR Extension: (Show Box) - C:\Users\My Laptop\Downloads\com.tdo.showbox_4.94-104 (1).apk_export_WJqXm [2017-10-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-31]
CHR HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn]
CHR HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-31]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0046411577984913mcinstcleanup; C:\WINDOWS\TEMP\004641~1.EXE [961888 2016-05-16] (McAfee, Inc. -> McAfee, Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] (Advanced Micro Devices, Inc. -> )
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [295832 2017-05-12] (Advanced Micro Devices, Inc. -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc. -> Apple Inc.)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [323512 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8043904 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
S3 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [111040 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc. -> McAfee, Inc.)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP Inc. -> HP)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [149776 2018-06-28] (IObit Information Technology -> IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-01] (IObit Information Technology -> IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [994848 2016-11-21] (McAfee, Inc. -> McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc. -> McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc. -> McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc. -> McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc. -> McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc. -> McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc. -> McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc. -> McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc. -> McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (McAfee, Inc. -> Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6593536 2018-07-26] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation -> Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [811520 2018-09-25] (AVG Netherlands B.V. -> )
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP Inc. -> HP)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27376 2017-05-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309642.inf_amd64_bacc31ace4b1ec7c\atikmdag.sys [26559496 2017-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309642.inf_amd64_bacc31ace4b1ec7c\atikmpag.sys [527248 2017-05-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [82120 2015-03-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [23752 2015-03-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2017-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [192104 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [222288 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [194224 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [339048 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51952 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15344 2018-09-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [155664 2018-09-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [104256 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [78864 2018-09-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1020112 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [459624 2018-09-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [208216 2018-09-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [373944 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-08-02] (McAfee, Inc. -> McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc. -> McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-08-15] (SurfRight B.V. -> )
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP Inc. -> HP)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (Martin Malik - REALiX -> REALiX™)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-05-12] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-05-15] (IObit Information Technology -> IObit)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc. -> McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-08-02] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-08-02] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc. -> McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc. -> McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243496 2016-08-02] (McAfee, Inc. -> McAfee, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] (Microsoft Windows -> )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Technologies CZ, s.r.o. -> AVG Netherlands B.V.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (Hewlett-Packard Company -> HP Inc.)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-07] (Deal Keeper -> StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-02 17:33 - 2020-01-02 17:38 - 000051545 _____ C:\Users\My Laptop\Desktop\FRST.txt
2020-01-02 17:23 - 2020-01-02 17:31 - 000048149 _____ C:\Users\My Laptop\Downloads\Addition.txt
2020-01-02 17:18 - 2020-01-02 17:18 - 002272256 _____ (Farbar) C:\Users\My Laptop\Desktop\FRST64.exe
2020-01-02 17:13 - 2020-01-02 17:31 - 000061970 _____ C:\Users\My Laptop\Downloads\FRST.txt
2020-01-02 17:11 - 2020-01-02 17:35 - 000000000 ____D C:\FRST
2020-01-02 17:02 - 2020-01-02 17:02 - 000000000 ____D C:\Users\My Laptop\Downloads\4 Some EP and Singles
2020-01-01 20:36 - 2020-01-01 20:36 - 002272256 _____ (Farbar) C:\Users\My Laptop\Downloads\FRST64.exe
2020-01-01 20:34 - 2020-01-02 17:21 - 000002800 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForMy Laptop
2020-01-01 20:34 - 2020-01-02 17:21 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMy Laptop.job
2020-01-01 20:05 - 2020-01-01 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-01-01 19:52 - 2020-01-02 17:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-01-01 18:17 - 2020-01-01 18:17 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-02 17:28 - 2017-09-09 09:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-02 17:21 - 2018-09-27 16:47 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2020-01-02 17:21 - 2018-09-27 16:47 - 000003162 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2020-01-02 17:21 - 2018-09-24 18:04 - 000002418 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_My_Laptop
2020-01-02 17:21 - 2018-09-24 17:38 - 000002568 _____ C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2020-01-02 17:21 - 2017-10-23 23:26 - 000003262 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2020-01-02 17:21 - 2017-09-09 09:46 - 000003446 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-02 17:21 - 2017-09-09 09:46 - 000003292 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C5A8CCE8-E7F8-4E4C-B859-2D2AC531673D}
2020-01-02 17:21 - 2017-09-09 09:46 - 000003218 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-02 17:21 - 2017-09-09 09:46 - 000002880 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4036567448-3610357976-3683549566-1002
2020-01-02 17:21 - 2017-09-09 09:46 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4036567448-3610357976-3683549566-1002
2020-01-02 17:21 - 2017-09-09 09:46 - 000002650 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2020-01-02 17:21 - 2017-09-09 09:46 - 000002552 _____ C:\WINDOWS\system32\Tasks\CreateChoiceProcessTask
2020-01-02 17:21 - 2017-09-09 09:46 - 000002530 _____ C:\WINDOWS\system32\Tasks\YCMServiceAgent
2020-01-02 17:21 - 2017-09-09 09:46 - 000002470 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2020-01-02 17:21 - 2017-09-09 09:46 - 000002320 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4036567448-3610357976-3683549566-500
2020-01-02 17:21 - 2017-09-09 09:46 - 000002286 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (My Laptop)
2020-01-02 17:21 - 2017-09-09 09:46 - 000002254 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2020-01-02 17:21 - 2017-09-09 09:46 - 000002250 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator
2020-01-02 17:21 - 2017-03-18 20:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-02 17:21 - 2014-08-15 17:27 - 000000292 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2020-01-02 17:21 - 2014-02-27 17:00 - 000000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2020-01-02 17:21 - 2014-02-27 17:00 - 000000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2020-01-02 17:00 - 2018-09-28 10:57 - 000000000 ____D C:\Users\My Laptop\AppData\Local\CrashDumps
2020-01-01 20:35 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\rescache
2020-01-01 20:30 - 2015-08-02 17:29 - 000002386 _____ C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-01 20:30 - 2015-08-02 17:29 - 000000000 ___RD C:\Users\My Laptop\OneDrive
2020-01-01 20:21 - 2017-09-09 09:12 - 001063718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-01 20:16 - 2018-09-28 10:57 - 000000000 ____D C:\Windows10Upgrade
2020-01-01 20:14 - 2017-09-09 09:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-01 19:51 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-01 19:14 - 2014-02-11 14:12 - 000000000 ____D C:\Users\My Laptop\Documents\Youcam
2020-01-01 19:10 - 2014-08-15 17:26 - 000000000 ____D C:\ProgramData\ProductData
2020-01-01 19:07 - 2018-09-27 16:47 - 000000000 ____D C:\Users\My Laptop\AppData\Local\AVAST Software
2020-01-01 18:18 - 2017-09-09 09:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-01-01 18:18 - 2017-03-18 11:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-12-26 10:29 - 2017-03-18 11:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-12-19 06:36 - 2017-09-09 09:13 - 000000000 ____D C:\Users\My Laptop
==================== Files in the root of some directories ========
2014-02-27 17:29 - 2014-02-27 17:29 - 000000046 _____ () C:\ProgramData\Temp.cmd
2014-02-27 16:02 - 2015-03-03 09:40 - 027093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
 
ATTENTION: ==> Could not access BCD.  -> 0
LastRegBack: 2020-01-01 19:31
==================== End of FRST.txt ========================

 

Addition.txt

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by My Laptop (02-01-2020 17:40:12)
Running from C:\Users\My Laptop\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-09-09 10:02:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-4036567448-3610357976-3683549566-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4036567448-3610357976-3683549566-503 - Limited - Disabled)
Guest (S-1-5-21-4036567448-3610357976-3683549566-501 - Limited - Disabled)
My Laptop (S-1-5-21-4036567448-3610357976-3683549566-1002 - Administrator - Enabled) => C:\Users\My Laptop
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (HKLM-x32\...\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc) (Version: 2.2.0.98 - WildTangent) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 69.0.792.82 - AVAST Software)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.6.3066 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{F0A7F6FC-97BC-4D27-B33B-6E1EFE1BB42D}) (Version: 16.78.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.78.3.33194 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.9.626 - AVG Technologies)
Bejeweled 3 (HKLM-x32\...\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c) (Version: 2.2.0.98 - WildTangent) Hidden
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.60.2528 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc) (Version: 2.2.0.98 - WildTangent) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (HKLM-x32\...\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d) (Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-b5b8a571-a42f-4a82-aa40-df113809295b) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Deal Keeper (HKLM\...\Deal Keeper) (Version: 2014.07.22.133925 - Deal Keeper) <==== ATTENTION
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-GB (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF02-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.5.1 - IObit)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WTA-affd67c8-1223-40fa-9808-c172f04608dc) (Version: 2.2.0.98 - WildTangent) Hidden
FMW 1 (HKLM\...\{4CC5FB14-3F4D-4FA8-B921-00A9B40145C4}) (Version: 1.227.45 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.62 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.0.2.29 - IObit)
iTunes (HKLM\...\{7DDA6271-F51E-4BE5-AAE9-5A8A4612FA43}) (Version: 12.9.0.167 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-4f82c505-bc53-4741-8445-5d70588e8279) (Version: 2.2.0.98 - WildTangent) Hidden
KnowHow ReadMe (HKLM-x32\...\{8AFC7125-0E25-47AA-8444-9DA7940ABBC4}) (Version: 1.00.0000 - Dixons Retail)
Mahjongg Artifacts (HKLM-x32\...\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc) (Version: 2.2.0.110 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.190 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.1.10 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.213 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-a44df564-86a1-430c-923e-eda6915214e8) (Version: 2.2.0.97 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-555c3930-552b-4976-833e-03bce5a1ad1e) (Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Trinklit Supreme (HKLM-x32\...\WTA-4114008f-2824-43ee-b949-0d70a6fa008c) (Version: 2.2.0.98 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{133A2E34-3E09-4A1A-A9AA-F9D8E5417199}) (Version: 2.50.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-b58d4b20-60b1-4601-8886-64c125713517) (Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (HKLM-x32\...\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32) (Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wedding Dash (HKLM-x32\...\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WSE Rocket (HKLM-x32\...\WSE Rocket) (Version:  - WSE Rocket) <==== ATTENTION
Zuma's Revenge (HKLM-x32\...\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51) (Version: 2.2.0.98 - WildTangent) Hidden
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-07-03] (WildTangent Games)
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-14] (Box, Inc.)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1341.1.0_x86__kgqvnymyfvs32 [2018-09-24] (king.com)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-29] (Hewlett-Packard Company)
Knowhow Cloud -> C:\Program Files\WindowsApps\Livedrive.KnowhowCloud_4.0.74.0_x64__9e4my9w6xtbsy [2018-09-24] (Livedrive)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10730.20115.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_5.0.177.1_x64__4ehj4w4frejdr [2018-09-24] (.-McAfee Inc-.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.25.11802.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.8172.0_x86__8wekyb3d8bbwe [2018-09-24] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.25.11802.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-09-24] (Snapfish)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-24] (Twitter Inc.)
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2014-06-24] (CYBERLINKCOM CORP)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-07-26] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-01-18] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2016-11-21] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-01-18] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-07-26] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-07-26] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-11-21] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2016-11-21] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ARC Welder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=emfinbmielocnlhgmfkkmkngdoccbadn
ShortcutWithArgument: C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Show Box.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=imiepkjghlcgkbnphkofhoknklanejoi
==================== Loaded Modules (Whitelisted) =============
2016-12-02 10:08 - 2016-12-02 10:08 - 048920064 _____ () [File not signed] C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2013-11-27 22:01 - 2013-02-01 11:15 - 000027136 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2013-09-25 06:48 - 2013-09-25 06:48 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 10:25 - 2013-10-14 10:25 - 002541056 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 10:24 - 2013-10-14 10:24 - 000627200 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-11-27 22:01 - 2012-03-27 14:15 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\xerces-c_3_1.dll
2013-10-14 10:34 - 2013-10-14 10:34 - 000765440 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2013-10-14 10:23 - 2013-10-14 10:23 - 000690176 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2013-10-14 10:25 - 2013-10-14 10:25 - 001097216 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-18 20:08 - 2010-11-18 20:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-09-09 09:31 - 2017-09-09 09:31 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2017-09-09 09:31 - 2017-09-09 09:31 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2018-09-28 10:57 - 2018-07-19 13:13 - 000196096 _____ (Microsoft Corporation) [File not signed] C:\Windows10Upgrade\Downloader.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 001297296 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 000306064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 000599952 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 000208272 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ldapdrv.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 002075536 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2013-11-27 22:01 - 2012-03-27 14:15 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icudt48.dll
2013-11-27 22:01 - 2012-03-27 14:15 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icuuc48.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2020-01-01 19:51 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DA4D1AF3-38CB-4B39-BE6C-C442F20A8D74}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9790505F-C047-40BE-8D0F-EF08E1CC3DE7}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BA78C6F8-3712-4320-AFC9-C34C6E1ACD4B}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CC56388F-69DB-4C76-B6C4-8415C425C590}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FEA230AC-821F-4A1D-8311-D5774DC19C4B}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5B38D33C-D1A6-48B5-B401-4FDE5FFCD93E}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BF20EEBA-4B2C-456A-A47E-480AC0A534BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B7EBE15-BFA1-4C9B-98D2-743194C34D82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9C9EE9D1-0588-4C3F-AC8A-88C633BB08A0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{BC35A7CA-0579-4B18-83A4-A951A4182551}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{93A86802-79F3-4BB7-97A2-7B878437957A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{3D166061-865C-4837-BEC4-3DC616F848CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{95FE2538-D408-42D5-89B3-CB4D4E575A41}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{33ECA03F-0362-480B-9CC6-39994E2D313E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C2DC02E8-5B64-4BF0-8CE0-CB2217A91853}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe No File
FirewallRules: [{5105B4E9-C147-444F-820E-20A9D6E816EA}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{3452DD19-9F29-42A8-983A-077289ED7614}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{597ED712-1892-4C2E-97FF-6957B72D15FD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{A56EE4D4-2534-455B-8F19-BE74A3519A5B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{BAC07855-A25C-42CF-AA77-008C35950ED7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65DBD762-4102-4215-AC3A-7F0E4D022E74}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6E8FBBFA-7D59-4A5A-9D8A-60E161FDB905}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0A51FE7C-7C8B-407D-B651-A34ED2CABA31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F677648-DB26-4546-B490-D4CE4F55A6A3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{CC31FEEA-D33A-4894-AD1F-DB20EBF599EB}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{FF9639B3-C981-46E8-BBEA-C45367A8AE5F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{ED49264E-7943-4CA5-A39F-0B3E760A3B53}] => (Allow) LPort=1900
FirewallRules: [{4C288755-76FE-4DBC-AD8C-07D104DC428A}] => (Allow) LPort=2869
FirewallRules: [{2786685C-F1E3-4171-98B7-B8BF30E17FB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E942F4CB-02C6-4A92-A7CF-471669533A7E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0757656E-6B0F-4B77-BF55-41885A0E9D7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3E287775-53EA-4A8E-B853-C666DFF4F518}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5450270B-C3D8-4ED5-8231-B9A920A4106A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D9A18AF3-7FB9-4815-9C9E-01D7911CD9A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0BEA1EB0-C96B-451B-A485-FC0BE9E82D68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8EE08731-B0F7-4410-BAC2-C4756EC52078}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{84AF6E46-D5E5-44B6-811F-EB9712647463}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{966D6987-73B0-4CEF-A310-218F2E45A638}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{98BD98FE-0934-4882-B3D2-5F5812FB5F87}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{A1A6296F-A5AD-4966-9A5C-EE53EDD92CFE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{7B7853DD-A65F-4753-872A-37BCEF42577F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{3AB4C6D3-C53A-4641-8970-76D80BC8D220}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{67DAE70F-2BA2-4F93-828D-7FCC2447B058}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{B892193C-02CB-4356-831E-95ADFE1BF3C1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{0DBC7A29-0729-47DF-9793-AB9ECCE4E391}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{D51C59A7-A87D-44E4-A273-248D90623542}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{E041ADFA-AB31-4009-9F10-7601E0C072F0}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{0744B6BA-475F-483C-94A7-64B62650C703}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{46182B11-84A6-43D1-A760-E83356EA75DF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{E093D8A3-3C2E-4976-A962-4F616522A74D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{D508BD01-1302-4D32-9114-8A8D4E2CF489}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{8A2B6063-48DC-4F10-BD8B-B74083E3AC49}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.5.1\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{F9768D9D-CA94-4AA6-B58D-8D48B8109074}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.5.1\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{926F527D-E9A4-4E79-A301-E42125A0E307}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{D8E71D63-8BEE-4087-A48F-899A6ABC0995}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4D25A7A6-E91B-4A39-8F7A-ECA82306DA4F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{474AC16A-AA77-4D90-B0DB-662D16D0D5F3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40CF23F3-5C5D-4082-8EB5-3DC1497F9769}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
==================== Restore Points =========================
01-11-2017 21:02:31 Scheduled Checkpoint
24-09-2018 17:41:33 Windows Modules Installer
28-09-2018 11:39:10 Windows Update
02-01-2020 17:43:53 Windows Modules Installer
==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (01/02/2020 05:45:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/02/2020 05:26:20 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating McAfee Firewall status to SECURITY_PRODUCT_STATE_OFF.
Error: (01/02/2020 05:26:20 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating McAfee Firewall status to SECURITY_PRODUCT_STATE_OFF.
Error: (01/02/2020 05:26:20 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating McAfee Firewall status to SECURITY_PRODUCT_STATE_OFF.
Error: (01/02/2020 05:26:20 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating McAfee Firewall status to SECURITY_PRODUCT_STATE_OFF.
Error: (01/02/2020 05:26:20 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating McAfee Firewall status to SECURITY_PRODUCT_STATE_OFF.
Error: (01/02/2020 05:26:20 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating McAfee Firewall status to SECURITY_PRODUCT_STATE_OFF.
Error: (01/02/2020 05:26:20 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating McAfee Firewall status to SECURITY_PRODUCT_STATE_OFF.

System errors:
=============
Error: (01/02/2020 05:38:21 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.
Error: (01/02/2020 05:34:19 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.
Error: (01/02/2020 05:07:07 PM) (Source: DCOM) (EventID: 10029) (User: HP)
Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.
Error: (01/02/2020 05:03:06 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {784E29F4-5EBE-4279-9948-1E8FE941646D} timed out waiting for the service wuauserv to stop.
Error: (01/02/2020 05:00:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/01/2020 08:16:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.
Error: (01/01/2020 08:16:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:
An instance of the service is already running.
Error: (01/01/2020 08:16:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:
An instance of the service is already running.

==================== Memory info ===========================
BIOS: Insyde F.15 06/03/2014
Motherboard: Hewlett-Packard 216F
Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 77%
Total physical RAM: 3554.07 MB
Available physical RAM: 815.96 MB
Total Virtual: 4691.84 MB
Available Virtual: 1076.68 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:678.67 GB) (Free:452.53 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.19 GB) (Free:1.84 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{af3a545f-11c4-4ac9-b1a7-53e0dfa039f8}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.1 GB) NTFS
\\?\Volume{e61d594c-eefb-4803-a2cc-231e4894c53b}\ () (Fixed) (Total:1 GB) (Free:0.33 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: CF9F01CA)
Partition: GPT.
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

 Hello nigella and welcome to GeeksToGo.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Uninstall programmes

Uninstall the following programmes:


Deal Keeper
Driver Booster 5
IObit Uninstaller 8
McAfee LiveSafe
McAfee SafeKey
McAfee WebAdvisor
WSE Rocket

 

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0C097B6A-4C98-47F7-BB82-BFF11FBA1275} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2919C030-F83E-431B-9548-B20BA1FB04AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3CCBBE39-AB41-4480-AC1F-FEC827FA4597} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {54348320-4E6E-49F8-A51F-C40A47FD4DDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7F049B41-DB98-4CE1-A8BC-C5BB51FFDD83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B3CB2F35-8D1E-4FD2-8663-2A8944C84672} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C7DBE5D9-F4C6-4C5E-A307-258829A62EB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA11B275-A965-4396-84EC-05BBDD35BCCA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D1480C28-B374-4562-9C02-A0FBDECF1B08} - \WPD\SqmUpload_S-1-5-21-4036567448-3610357976-3683549566-1002 -> No File <==== ATTENTION
Task: {DB42DDE4-7167-4784-AEA7-93DA1C0AF4EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DB7B58A7-42E7-40FC-A51F-FA19C85F09A7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {3FD9EC4C-CA4B-4F66-94CE-BB0B4D3B91A2} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151218&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={92EB5056-A40C-4AAA-A535-1C1E23A8ACDC}&mid=54e6028b216e47cca7fe719a878da99b-300f3c0fc0935ee21f95b56a165a42b89d411439&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-11-10 17:30:43&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF user.js: detected! => C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\user.js [2014-07-22]
FF Homepage: Mozilla\Firefox\Profiles\u1l4q535.default -> hxxp://rocket-find.com/?f=1&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-07] (Deal Keeper -> StdLib)
2020-01-01 18:17 - 2020-01-01 18:17 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore
2014-02-27 17:29 - 2014-02-27 17:29 - 000000046 _____ () C:\ProgramData\Temp.cmd
2014-02-27 16:02 - 2015-03-03 09:40 - 027093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ShortcutWithArgument: C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Show Box.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=imiepkjghlcgkbnphkofhoknklanejoi
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
FirewallRules: [{93A86802-79F3-4BB7-97A2-7B878437957A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{95FE2538-D408-42D5-89B3-CB4D4E575A41}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{C2DC02E8-5B64-4BF0-8CE0-CB2217A91853}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe No File
FirewallRules: [{6F677648-DB26-4546-B490-D4CE4F55A6A3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{84AF6E46-D5E5-44B6-811F-EB9712647463}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{966D6987-73B0-4CEF-A310-218F2E45A638}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{98BD98FE-0934-4882-B3D2-5F5812FB5F87}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{A1A6296F-A5AD-4966-9A5C-EE53EDD92CFE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{7B7853DD-A65F-4753-872A-37BCEF42577F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{3AB4C6D3-C53A-4641-8970-76D80BC8D220}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{67DAE70F-2BA2-4F93-828D-7FCC2447B058}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{B892193C-02CB-4356-831E-95ADFE1BF3C1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{0DBC7A29-0729-47DF-9793-AB9ECCE4E391}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.

===================================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Custom Scan option
  • at the bottom, click on Configure Scan
  • in the right window, place a checkmark next to the drive letter of your USB device
  • click the Scan Now button
  • Threat Scan will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard

Please paste the contents of the clipboard into your next reply to me.

Logs to include with next post:

Fixlog.txt
AdwCleaner log
Mbam.txt


Satchfan

 


  • 0

#3
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

thank you Satchfan, its now midnight and I need to sleep, I will do the fix tomorrow (Friday) and post the results 


  • 0

#4
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

I'm in the UK and the same applies. :thumbsup:


  • 0

#5
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by My Laptop (05-01-2020 21:09:26) Run:1
Running from C:\Users\My Laptop\Desktop
Loaded Profiles: My Laptop (Available Profiles: My Laptop)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0C097B6A-4C98-47F7-BB82-BFF11FBA1275} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2919C030-F83E-431B-9548-B20BA1FB04AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3CCBBE39-AB41-4480-AC1F-FEC827FA4597} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {54348320-4E6E-49F8-A51F-C40A47FD4DDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7F049B41-DB98-4CE1-A8BC-C5BB51FFDD83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B3CB2F35-8D1E-4FD2-8663-2A8944C84672} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C7DBE5D9-F4C6-4C5E-A307-258829A62EB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA11B275-A965-4396-84EC-05BBDD35BCCA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D1480C28-B374-4562-9C02-A0FBDECF1B08} - \WPD\SqmUpload_S-1-5-21-4036567448-3610357976-3683549566-1002 -> No File <==== ATTENTION
Task: {DB42DDE4-7167-4784-AEA7-93DA1C0AF4EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DB7B58A7-42E7-40FC-A51F-FA19C85F09A7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {3FD9EC4C-CA4B-4F66-94CE-BB0B4D3B91A2} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151218&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={92EB5056-A40C-4AAA-A535-1C1E23A8ACDC}&mid=54e6028b216e47cca7fe719a878da99b-300f3c0fc0935ee21f95b56a165a42b89d411439&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-11-10 17:30:43&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF user.js: detected! => C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\user.js [2014-07-22]
FF Homepage: Mozilla\Firefox\Profiles\u1l4q535.default -> hxxp://rocket-find.com/?f=1&a=rckt_coinis_14_30_ie&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCzyyEtDyCzz0F0AyCyDtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyEtD0ByEyByB0EtGtB0AtCtAtGyEyCyCyEtGyCtAtAzytGyDtDtD0DtDtDtBtA0DtB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyC0C0D0A0B0AtGyC0BzztDtGyCtAtAtAtGyDzyyD0AtGyCyBtBtAtC0E0Dzz0B0C0B0E2Q&cr=892814978&ir=
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-07] (Deal Keeper -> StdLib)
2020-01-01 18:17 - 2020-01-01 18:17 - 000000000 ____D C:\WINDOWS\system32\��������erStore
2014-02-27 17:29 - 2014-02-27 17:29 - 000000046 _____ () C:\ProgramData\Temp.cmd
2014-02-27 16:02 - 2015-03-03 09:40 - 027093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ShortcutWithArgument: C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Show Box.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=imiepkjghlcgkbnphkofhoknklanejoi
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
FirewallRules: [{93A86802-79F3-4BB7-97A2-7B878437957A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{95FE2538-D408-42D5-89B3-CB4D4E575A41}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{C2DC02E8-5B64-4BF0-8CE0-CB2217A91853}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe No File
FirewallRules: [{6F677648-DB26-4546-B490-D4CE4F55A6A3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{84AF6E46-D5E5-44B6-811F-EB9712647463}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{966D6987-73B0-4CEF-A310-218F2E45A638}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{98BD98FE-0934-4882-B3D2-5F5812FB5F87}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{A1A6296F-A5AD-4966-9A5C-EE53EDD92CFE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{7B7853DD-A65F-4753-872A-37BCEF42577F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{3AB4C6D3-C53A-4641-8970-76D80BC8D220}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{67DAE70F-2BA2-4F93-828D-7FCC2447B058}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{B892193C-02CB-4356-831E-95ADFE1BF3C1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{0DBC7A29-0729-47DF-9793-AB9ECCE4E391}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
EmptyTemp:
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C097B6A-4C98-47F7-BB82-BFF11FBA1275}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C097B6A-4C98-47F7-BB82-BFF11FBA1275}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2919C030-F83E-431B-9548-B20BA1FB04AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2919C030-F83E-431B-9548-B20BA1FB04AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CCBBE39-AB41-4480-AC1F-FEC827FA4597}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CCBBE39-AB41-4480-AC1F-FEC827FA4597}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54348320-4E6E-49F8-A51F-C40A47FD4DDF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54348320-4E6E-49F8-A51F-C40A47FD4DDF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F049B41-DB98-4CE1-A8BC-C5BB51FFDD83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F049B41-DB98-4CE1-A8BC-C5BB51FFDD83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3CB2F35-8D1E-4FD2-8663-2A8944C84672}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3CB2F35-8D1E-4FD2-8663-2A8944C84672}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7DBE5D9-F4C6-4C5E-A307-258829A62EB9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7DBE5D9-F4C6-4C5E-A307-258829A62EB9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA11B275-A965-4396-84EC-05BBDD35BCCA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA11B275-A965-4396-84EC-05BBDD35BCCA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1480C28-B374-4562-9C02-A0FBDECF1B08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1480C28-B374-4562-9C02-A0FBDECF1B08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4036567448-3610357976-3683549566-1002" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB42DDE4-7167-4784-AEA7-93DA1C0AF4EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB42DDE4-7167-4784-AEA7-93DA1C0AF4EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB7B58A7-42E7-40FC-A51F-FA19C85F09A7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB7B58A7-42E7-40FC-A51F-FA19C85F09A7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDDCB575-7293-4848-8477-A979CFB7A874} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FDDCB575-7293-4848-8477-A979CFB7A874} => removed successfully
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FD9EC4C-CA4B-4F66-94CE-BB0B4D3B91A2} => removed successfully
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDDCB575-7293-4848-8477-A979CFB7A874} => removed successfully
C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\user.js => moved successfully
"Firefox homepage" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => removed successfully
{55dce8ba-9dec-4013-937e-adbf9317d990}w64 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\{55dce8ba-9dec-4013-937e-adbf9317d990}w64 => removed successfully
{55dce8ba-9dec-4013-937e-adbf9317d990}w64 => service removed successfully
"C:\WINDOWS\system32\��������erStore" => not found
C:\ProgramData\Temp.cmd => moved successfully
C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Show Box.lnk => Shortcut argument removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => not found
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93A86802-79F3-4BB7-97A2-7B878437957A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95FE2538-D408-42D5-89B3-CB4D4E575A41}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2DC02E8-5B64-4BF0-8CE0-CB2217A91853}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F677648-DB26-4546-B490-D4CE4F55A6A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84AF6E46-D5E5-44B6-811F-EB9712647463}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{966D6987-73B0-4CEF-A310-218F2E45A638}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98BD98FE-0934-4882-B3D2-5F5812FB5F87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1A6296F-A5AD-4966-9A5C-EE53EDD92CFE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B7853DD-A65F-4753-872A-37BCEF42577F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3AB4C6D3-C53A-4641-8970-76D80BC8D220}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67DAE70F-2BA2-4F93-828D-7FCC2447B058}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B892193C-02CB-4356-831E-95ADFE1BF3C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DBC7A29-0729-47DF-9793-AB9ECCE4E391}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59116866 B
Java, Flash, Steam htmlcache => 37470 B
Windows/system/drivers => 265809034 B
Edge => 28305805 B
Chrome => 48273605 B
Firefox => 16612966 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 32216 B
Users => 32216 B
ProgramData => 32216 B
Public => 32216 B
systemprofile => 32808 B
systemprofile32 => 32808 B
LocalService => 81630 B
NetworkService => 1622886 B
My Laptop => 351205735 B

RecycleBin => 11040935825 B
EmptyTemp: => 11 GB temporary data Removed.

================================

The system needed a reboot.

 

 

==== End 1 Fixlog 21:19:32 ====

 

AdwCleaner log

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build:    12-17-2019
# Database: 2020-01-02.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-05-2020
# Duration: 00:02:05
# OS:       Windows 10 Home
# Cleaned:  141
# Failed:   0

***** [ Services ] *****

Deleted       WtuSystemSupport

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted       C:\Program Files (x86)\IOBIT\Driver Booster
Deleted       C:\Program Files (x86)\WSE Rocket
Deleted       C:\Program Files (x86)\avg web tuneup
Deleted       C:\Program Files\Common Files\AVG Secure Search
Deleted       C:\Program Files\avg web tuneup
Deleted       C:\ProgramData\IOBIT\Driver Booster
Deleted       C:\ProgramData\avg web tuneup
Deleted       C:\Users\My Laptop\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp
Deleted       C:\Users\My Laptop\AppData\Local\Rocket
Deleted       C:\Users\My Laptop\AppData\Local\avg web tuneup
Deleted       C:\Users\My Laptop\AppData\Roaming\IOBIT\Driver Booster
Deleted       C:\Users\My Laptop\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\My Laptop\AppData\Roaming\IObit\Advanced SystemCare V8

***** [ Files ] *****

Deleted       C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\WSE Rocket.xml
Deleted       C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\avg-secure-search.xml
Deleted       C:\Users\My Laptop\Favorites\eBay.lnk
Deleted       C:\Windows\System32\drivers\{55DCE8BA-9DEC-4013-937E-ADBF9317D990}W64.SYS

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (MY LAPTOP)

***** [ Registry ] *****

Deleted       HKCU\Software\InstallCore
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Deleted       HKCU\Software\Rocket Browser
Deleted       HKCU\Software\WSE Rocket
Deleted       HKCU\Software\Yahoo\Companion
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CE202DB-2048-4973-A5D1-B01BFD560D6F}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CE202DB-2048-4973-A5D1-B01BFD560D6F}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (MY LAPTOP)
Deleted       HKLM\Software\AVG Secure Search
Deleted       HKLM\Software\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Deleted       HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Deleted       HKLM\Software\Wow6432Node\AVG Tuneup
Deleted       HKLM\Software\Wow6432Node\Deal Keeper
Deleted       HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted       HKLM\Software\Wow6432Node\InstallCore
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\avgsh

***** [ Chromium (and derivatives) ] *****

Deleted       AVG Web TuneUp

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted       AVG Web TuneUp

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Deleted       Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted       Preinstalled.HPCoolSense   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP COOLSENSE
Deleted       Preinstalled.HPCoolSense   Folder   C:\Users\My Laptop\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE
Deleted       Preinstalled.HPCoolSense   Folder   C:\Windows\System32\Tasks\HEWLETT-PACKARD\HP COOLSENSE
Deleted       Preinstalled.HPCoolSense   Registry   HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7}
Deleted       Preinstalled.HPCoolSense   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{394B14EA-B072-4440-9510-87797CB12371}
Deleted       Preinstalled.HPHealthCheck   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\My Laptop\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\My Laptop\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.WildTangentGamesBundle   File   C:\Users\Public\Desktop\WildTangent Games for HP.lnk
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\ALOHA TRIPEAKS
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BEJEWELED 3
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BUILD-A-LOT
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\CRADLE OF ROME 2
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\CRAZY CHICKEN SOCCER
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\FARM FRENZY
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\GOVERNOR OF POKER 2 PREMIUM EDITION
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\JEWEL MATCH 3
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\MAHJONGG ARTIFACTS
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\POLAR BOWLER
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\RANCH RUSH 2 - PREMIUM EDITION
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\TRINKLIT SUPREME
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\VACATION QUEST - AUSTRALIA
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\VIRTUAL FAMILIES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\WEDDING DASH
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\ZUMAS REVENGE
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - SEAFIGHT
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4114008f-2824-43ee-b949-0d70a6fa008c
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4f82c505-bc53-4741-8445-5d70588e8279
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-555c3930-552b-4976-833e-03bce5a1ad1e
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-a44df564-86a1-430c-923e-eda6915214e8
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-affd67c8-1223-40fa-9808-c172f04608dc
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b58d4b20-60b1-4601-8886-64c125713517
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b5b8a571-a42f-4a82-aa40-df113809295b
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-mahjonggdarkdimensions
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [17885 octets] - [05/01/2020 22:52:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

Mbam.txt

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 05/01/2020
Scan Time: 23:17
Log File: 80b6107c-3011-11ea-abe8-a0d3c1694068.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.14187
Licence: Trial

-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: HP\My Laptop

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 289318
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 7 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [120], [168579],1.0.14187
PUP.Optional.MySearchDial, HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [120], [168579],1.0.14187

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

Thank you


  • 0

#6
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

When your computer is infected, it has almost certainly contributed to the situation.

You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

If you still think about using it, please see the link below for information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers.

CryptoLocker Ransomware.

The newest variation of Ransomware can make it impossible to recover the files that it encrypts. In other words, you will probably lose most, if not all of your files, including pictures. In addition, it has recently been reported that P2P downloads may be tracked, resulting in your IP address being monitored by copyright authorities.

I would strongly recommend that you uninstall it.

===================================================

Run Security Analysis

Download Security Analysis by Rocket Grannie from here

  • save it to your Desktop
  • close your security software to avoid potential conflicts
  • double-click RGSA.exe
  • click OK on the copyright-disclaimer
  • when finished, a Notepad window will open with the results of the scan
  • the log named SALog.txt can also be found on the Desktop or, in the same folder from where the tool is run if installed elsewhere
  • please copy and paste the contents of that log in the next post.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

================================================

Let’s run an online scan to be sure nothing is left.

Download ESET Online Scanner and save it to your desktop.

  • right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • when the tool opens, click Get Started.
  • read and accept the license agreement.
  • at the Welcome to ESET Online Scanner window, click Get Started.
  • select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • click on the Full Scan option.
  • select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • when the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature: click on Continue.
  • on the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

Logs to include with next post:

SALog.txt
Eset result


Thanks

Satchfan

 


  • 0

#7
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

SALog.txt

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 14th, December 2019
Running from:C:\Users\My Laptop\Desktop (18:07:15 - 01/08/2020)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
AVG Antivirus (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
AVG Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Google Chrome (79.0.3945.117)
Malwarebytes (3.8.3.2965) ==> is out of Date
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (44.0.2) ==> is out of Date
Windows Live Essentials (16.4.3508.0205) ==> is no longer supported

***----------------Analysis Complete-------------------------***

 

eset.txt

 

08/01/2020 22:27:35
Files scanned: 314874
Detected files: 9
Cleaned files: 7
Total scan time 04:12:46
Scan status: Finished
C:\AdwCleaner\Quarantine\v1\20200105.225524\136\{55DCE8BA-9DEC-4013-937E-ADBF9317D990}W64.SYS#21DF295CC5072C01 a variant of Win64/Adware.BrowseFox.AS application cleaned by deleting

C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Setup\avgOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted (after the next restart)

C:\ProgramData\IObit\ASCDownloader\IU4\Driver Booster 2.exe a variant of Win32/IObit.AH potentially unwanted application,a variant of Win32/IObit.J potentially unwanted application,a variant of Win32/IObit.L potentially unwanted application,a variant of Win32/IObit.D potentially unwanted application cleaned by deleting

C:\Users\My Laptop\AppData\Roaming\uTorrent\updates\3.4.9_42973.exe Win32/OpenCandy.J potentially unsafe application deleted

C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe Win32/OpenCandy.J potentially unsafe application deleted

C:\Users\My Laptop\Downloads\uTorrent.exe Win32/OpenCandy.J potentially unsafe application deleted

Autostart locations Win32/Bundled.Toolbar.Google.D potentially unsafe application contained infected files

 

thank you


  • 0

#8
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks


  • 0

#9
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

New Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by My Laptop (09-01-2020 23:47:41)
Running from C:\Users\My Laptop\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-09-09 10:02:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4036567448-3610357976-3683549566-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4036567448-3610357976-3683549566-503 - Limited - Disabled)
Guest (S-1-5-21-4036567448-3610357976-3683549566-501 - Limited - Disabled)
My Laptop (S-1-5-21-4036567448-3610357976-3683549566-1002 - Administrator - Enabled) => C:\Users\My Laptop

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.2.2152.121 - AVAST Software)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.8.3108 - AVG Technologies)
AVG TuneUp (HKLM-x32\...\{949BE04F-D7E8-4C19-9F89-8B304AB4308A}_is1) (Version: 19.1.1209 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.9.626 - AVG Technologies)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.60.2528 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-GB (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF02-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{7DDA6271-F51E-4BE5-AAE9-5A8A4612FA43}) (Version: 12.9.0.167 - Apple Inc.)
KnowHow ReadMe (HKLM-x32\...\{8AFC7125-0E25-47AA-8444-9DA7940ABBC4}) (Version: 1.00.0000 - Dixons Retail)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.1.10 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-07-03] (WildTangent Games)
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-14] (Box, Inc.)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1341.1.0_x86__kgqvnymyfvs32 [2018-09-24] (king.com)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-29] (Hewlett-Packard Company)
Knowhow Cloud -> C:\Program Files\WindowsApps\Livedrive.KnowhowCloud_4.0.74.0_x64__9e4my9w6xtbsy [2018-09-24] (Livedrive)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10730.20115.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_5.0.177.1_x64__4ehj4w4frejdr [2018-09-24] (.-McAfee Inc-.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.25.11802.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.8172.0_x86__8wekyb3d8bbwe [2018-09-24] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.25.11802.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-09-24] (Microsoft Corporation) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-09-24] (Snapfish)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-24] (Twitter Inc.)
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2014-06-24] (CYBERLINKCOM CORP)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-11-21] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ARC Welder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=emfinbmielocnlhgmfkkmkngdoccbadn

==================== Loaded Modules (Whitelisted) =============

2020-01-08 17:54 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVG\AVG TuneUp\libcef.dll
2013-11-27 22:01 - 2013-02-01 11:15 - 000027136 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2013-09-25 06:48 - 2013-09-25 06:48 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 10:25 - 2013-10-14 10:25 - 002541056 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 10:24 - 2013-10-14 10:24 - 000627200 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-11-27 22:01 - 2012-03-27 14:15 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\xerces-c_3_1.dll
2015-01-18 11:13 - 2011-04-28 01:11 - 005573632 _____ (Codejock Software) [File not signed] C:\Program Files (x86)\CyberLink\Power2Go8\ToolkitPro1110vc90U.dll
2013-10-14 10:34 - 2013-10-14 10:34 - 000765440 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2013-10-14 10:23 - 2013-10-14 10:23 - 000690176 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2013-10-14 10:25 - 2013-10-14 10:25 - 001097216 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-18 20:08 - 2010-11-18 20:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-09-09 09:31 - 2017-09-09 09:31 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2017-09-09 09:31 - 2017-09-09 09:31 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2013-10-14 10:35 - 2013-10-14 10:35 - 001297296 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 000306064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 000599952 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 000208272 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ldapdrv.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 002075536 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2013-11-27 22:01 - 2012-03-27 14:15 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icudt48.dll
2013-11-27 22:01 - 2012-03-27 14:15 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icuuc48.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2020-01-01 19:51 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232951286\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232951957\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DA4D1AF3-38CB-4B39-BE6C-C442F20A8D74}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{9790505F-C047-40BE-8D0F-EF08E1CC3DE7}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BA78C6F8-3712-4320-AFC9-C34C6E1ACD4B}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{CC56388F-69DB-4C76-B6C4-8415C425C590}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{FEA230AC-821F-4A1D-8311-D5774DC19C4B}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{5B38D33C-D1A6-48B5-B401-4FDE5FFCD93E}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BF20EEBA-4B2C-456A-A47E-480AC0A534BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B7EBE15-BFA1-4C9B-98D2-743194C34D82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9C9EE9D1-0588-4C3F-AC8A-88C633BB08A0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{BC35A7CA-0579-4B18-83A4-A951A4182551}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{3D166061-865C-4837-BEC4-3DC616F848CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{33ECA03F-0362-480B-9CC6-39994E2D313E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5105B4E9-C147-444F-820E-20A9D6E816EA}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{3452DD19-9F29-42A8-983A-077289ED7614}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{597ED712-1892-4C2E-97FF-6957B72D15FD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{BAC07855-A25C-42CF-AA77-008C35950ED7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65DBD762-4102-4215-AC3A-7F0E4D022E74}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6E8FBBFA-7D59-4A5A-9D8A-60E161FDB905}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0A51FE7C-7C8B-407D-B651-A34ED2CABA31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CC31FEEA-D33A-4894-AD1F-DB20EBF599EB}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{FF9639B3-C981-46E8-BBEA-C45367A8AE5F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{ED49264E-7943-4CA5-A39F-0B3E760A3B53}] => (Allow) LPort=1900
FirewallRules: [{4C288755-76FE-4DBC-AD8C-07D104DC428A}] => (Allow) LPort=2869
FirewallRules: [{2786685C-F1E3-4171-98B7-B8BF30E17FB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E942F4CB-02C6-4A92-A7CF-471669533A7E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0757656E-6B0F-4B77-BF55-41885A0E9D7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3E287775-53EA-4A8E-B853-C666DFF4F518}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5450270B-C3D8-4ED5-8231-B9A920A4106A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D9A18AF3-7FB9-4815-9C9E-01D7911CD9A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0BEA1EB0-C96B-451B-A485-FC0BE9E82D68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8EE08731-B0F7-4410-BAC2-C4756EC52078}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E041ADFA-AB31-4009-9F10-7601E0C072F0}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{4D25A7A6-E91B-4A39-8F7A-ECA82306DA4F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{474AC16A-AA77-4D90-B0DB-662D16D0D5F3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40CF23F3-5C5D-4082-8EB5-3DC1497F9769}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{3BB918BE-8AB0-4427-AF5C-C2AD81173617}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-11-2017 21:02:31 Scheduled Checkpoint
24-09-2018 17:41:33 Windows Modules Installer
28-09-2018 11:39:10 Windows Update
02-01-2020 17:43:53 Windows Modules Installer
05-01-2020 20:57:38 Windows Update
05-01-2020 20:59:07 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/09/2020 11:52:45 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (01/09/2020 11:46:10 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (01/09/2020 11:39:41 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (01/09/2020 11:34:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (01/09/2020 11:31:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HP)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (01/09/2020 11:27:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname HP.local already in use; will try HP-2.local instead

Error: (01/09/2020 11:27:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister    4 HP.local. Addr 192.168.1.112

Error: (01/09/2020 11:27:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.112:5353   16 HP.local. AAAA 2A00:23C5:BB51:2100:0D76:8C4E:975C:BFE7

System errors:
=============
Error: (01/09/2020 11:31:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (01/08/2020 11:00:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (01/08/2020 09:13:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (01/08/2020 09:09:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/08/2020 06:33:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (01/08/2020 06:31:36 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: The server Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy!WindowsDefaultLockScreen did not register with DCOM within the required timeout.

Error: (01/08/2020 06:12:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/08/2020 06:12:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\MYLAPT~1\AppData\Local\Temp\ehdrv.sys

==================== Memory info ===========================

BIOS: Insyde F.15 06/03/2014
Motherboard: Hewlett-Packard 216F
Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 81%
Total physical RAM: 3554.07 MB
Available physical RAM: 645.97 MB
Total Virtual: 4688.69 MB
Available Virtual: 974.97 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:678.67 GB) (Free:446 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.19 GB) (Free:1.84 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{af3a545f-11c4-4ac9-b1a7-53e0dfa039f8}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.1 GB) NTFS
\\?\Volume{e61d594c-eefb-4803-a2cc-231e4894c53b}\ () (Fixed) (Total:1 GB) (Free:0.33 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: CF9F01CA)

Partition: GPT.

==================== End of Addition.txt =======================

 

New FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by My Laptop (administrator) on HP (Hewlett-Packard HP Pavilion 15 Notebook PC) (09-01-2020 23:40:19)
Running from C:\Users\My Laptop\Desktop
Loaded Profiles: My Laptop (Available Profiles: My Laptop)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP) C:\Windows\System32\HP3DDGService.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\My Laptop\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Third Party Application Component -> Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-09-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [316336 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-08-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp. -> CyberLink Corp.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2152.121\Installer\chrmstp.exe [2020-01-01] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-10-28] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG TuneUp.lnk [2020-01-08]
ShortcutTarget: AVG TuneUp.lnk -> C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-03-03]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-03-03]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13BFB1E4-63AA-4722-8119-50F1AE077F9F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {196EE173-2898-4D1C-B9E6-4DA7A0D378B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {1B78E030-682F-47A5-9B3E-D2CD43656A55} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4179040 2016-12-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {22883568-FB99-4E05-900D-03DB643A56FC} - System32\Tasks\HPCeeScheduleForMy Laptop => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {233EE9D7-45F6-4BBC-A738-4E4464ADECB0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {27C0DE88-9D69-4437-AEC3-F32D335F39DB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {2F85F79E-B675-4172-9C81-3623F6AD9B66} - System32\Tasks\Uninstaller_SkipUac_My_Laptop => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {372C625B-E632-453D-903F-2B9525D8FAD3} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-10-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {3BD57484-C56A-4566-A1DF-FBA245C2E5A3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {45E0086E-F8F9-489D-887F-CC0176D35E8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [31744 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {60A615FD-0E4D-4E82-9957-94923210ADBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {62AF892B-4D67-41C6-82CF-CB9C2F89594D} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3981232 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6F63DEFE-C664-49C8-8FD0-6FFF088F999E} - System32\Tasks\AVG EUpdate Task => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [4072504 2018-09-24] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
Task: {7B3D63A3-1153-4C7D-8DD6-CE3536E2A333} - System32\Tasks\AVG TuneUp Update => C:\Program Files (x86)\AVG\AVG TuneUp\TUNEUpdate.exe [1706528 2020-01-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {7CE92601-E57F-4909-8AF1-973CB00C497D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {7D24931B-ED3B-4069-A010-01A93F65B39C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {8359D2B3-8E7A-444A-A4F1-853956014392} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-05] (Google LLC -> Google LLC)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {A3648063-297C-4F8F-9BA5-9344B5B820B8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {AB102E55-10E6-491C-A0BD-46B2DCF7EBB3} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\My Laptop\Desktop\esetonlinescanner_enu.exe [14562400 2020-01-08] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {AF5D9B96-088D-4A85-AB40-421CB6028AAC} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {B0EC75FC-59F3-420E-9977-8031088DB0C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {B15F75A8-6362-4284-955F-14BAF3776AEE} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850312 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {CB6A16A0-ECB8-44F7-B2B6-0F53DF3DDA5F} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1905072 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CF6CD60D-04F8-4453-BC00-D630FEDE2098} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {D93EB68E-E3CD-47FE-A623-4C6BD0FF41BE} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850312 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {E2FF1C8E-FEF5-4B2B-B6CD-3873A345259C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {E455A447-BE2E-45F2-8166-AA88B1A25098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-05] (Google LLC -> Google LLC)
Task: {F29B5190-305B-4AF5-A592-E067C4E450F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {F5BE47B3-A66E-4EDD-99C3-ECAB07D6905E} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\My Laptop\Desktop\esetonlinescanner_enu.exe [14562400 2020-01-08] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {F88D1990-55FD-43A7-B718-251B6BCA35A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForMy Laptop.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1260d2a8-ad54-4341-b97b-eb75dcd479f0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4978b2be-f9b8-4d90-985a-6549af04307a}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-03-03] (McAfee, Inc. -> McAfee)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-03-03] (McAfee, Inc. -> McAfee)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-03-03] (McAfee, Inc. -> McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-03-03] (McAfee, Inc. -> McAfee)

FireFox:
========
FF ProfilePath: C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default [2020-01-05]
FF Extension: (McAfee SafeKey) - C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-03-03] [Legacy] [not signed]
FF Extension: (Yahoo! Toolbar) - C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-25] [Legacy] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\McSiteAdvisor.xml [2017-11-03]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2020-01-05] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2020-01-05] (Google LLC -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default [2020-01-05]
CHR Extension: (McAfee SafeKey) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2017-10-23]
CHR Extension: (AVG Web TuneUp) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-10-23]
CHR Extension: (ARC Welder) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2017-10-23]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-23]
CHR Extension: (AVG SafePrice) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-10-23]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2017-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-23]
CHR Extension: (Show Box) - C:\Users\My Laptop\Downloads\com.tdo.showbox_4.94-104.apk_export_QvuGj [2017-10-23]
CHR Extension: (Show Box) - C:\Users\My Laptop\Downloads\com.tdo.showbox_4.94-104 (1).apk_export_WJqXm [2017-10-23]
CHR HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn]
CHR HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn]
CHR HKU\S-1-5-21-4036567448-3610357976-3683549566-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020232952988\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-02-27]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] (Advanced Micro Devices, Inc. -> )
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [295832 2017-05-12] (Advanced Micro Devices, Inc. -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc. -> Apple Inc.)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2152.121\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [996928 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6307248 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110560 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 CleanupPSvc; C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe [10301176 2019-07-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP Inc. -> HP)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-01] (IObit Information Technology -> IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation -> Microsoft Corporation)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP Inc. -> HP)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27376 2017-05-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309642.inf_amd64_bacc31ace4b1ec7c\atikmdag.sys [26559496 2017-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309642.inf_amd64_bacc31ace4b1ec7c\atikmpag.sys [527248 2017-05-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [82120 2015-03-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [23752 2015-03-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2017-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37880 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205600 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [275232 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [210328 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [65376 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16520 2020-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [43512 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [171640 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [111096 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84560 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [848688 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [461216 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [236288 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317304 2020-01-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-08-15] (SurfRight B.V. -> )
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP Inc. -> HP)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (Martin Malik - REALiX -> REALiX™)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] (Microsoft Windows -> )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (Hewlett-Packard Company -> HP Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-09 23:38 - 2020-01-09 23:38 - 000000000 ____D C:\Users\My Laptop\Desktop\FRST-OlderVersion
2020-01-08 22:28 - 2020-01-08 22:28 - 000003798 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-01-08 22:28 - 2020-01-08 22:28 - 000003356 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-01-08 22:28 - 2020-01-08 22:28 - 000003156 _____ C:\Users\My Laptop\Desktop\eset.txt
2020-01-08 22:15 - 2020-01-08 22:45 - 000000000 ___HD C:\$WINDOWS.~BT
2020-01-08 21:34 - 2020-01-08 22:12 - 000000036 _____ C:\WINDOWS\progress.ini
2020-01-08 19:49 - 2020-01-08 19:49 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-08 19:49 - 2020-01-08 19:49 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-01-08 19:49 - 2020-01-08 19:49 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-08 19:49 - 2020-01-08 19:49 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-01-08 19:49 - 2020-01-08 19:49 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-01-08 18:09 - 2020-01-08 18:09 - 000000774 _____ C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-01-08 18:09 - 2020-01-08 18:09 - 000000657 _____ C:\Users\My Laptop\Desktop\ESET Online Scanner.lnk
2020-01-08 18:09 - 2020-01-08 18:09 - 000000000 ____D C:\Users\My Laptop\AppData\Local\ESET
2020-01-08 18:08 - 2020-01-08 18:08 - 014562400 _____ (ESET spol. s r.o.) C:\Users\My Laptop\Desktop\esetonlinescanner_enu.exe
2020-01-08 18:07 - 2020-01-08 18:07 - 000001075 _____ C:\Users\My Laptop\Desktop\SALog.txt
2020-01-08 17:55 - 2020-01-08 17:55 - 000003972 _____ C:\WINDOWS\system32\Tasks\AVG TuneUp Update
2020-01-08 17:55 - 2020-01-08 17:55 - 000001119 _____ C:\Users\Public\Desktop\AVG TuneUp.lnk
2020-01-08 17:55 - 2020-01-08 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Technologies
2020-01-08 17:54 - 2020-01-08 17:54 - 000899584 _____ C:\Users\My Laptop\Desktop\RGSA.exe
2020-01-08 17:50 - 2020-01-08 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2020-01-05 23:30 - 2020-01-05 23:30 - 000001563 _____ C:\Users\My Laptop\Desktop\mbam.txt
2020-01-05 23:16 - 2020-01-05 23:16 - 000000000 ____D C:\Users\My Laptop\AppData\Local\mbam
2020-01-05 23:15 - 2020-01-05 23:15 - 000000000 ____D C:\Users\My Laptop\AppData\Local\mbamtray
2020-01-05 23:14 - 2020-01-08 19:48 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-05 23:14 - 2020-01-05 23:14 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-05 23:14 - 2020-01-05 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-05 23:14 - 2020-01-05 23:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-05 23:14 - 2020-01-05 23:14 - 000000000 ____D C:\Program Files\Malwarebytes
2020-01-05 23:14 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-01-05 23:10 - 2020-01-05 23:13 - 064333800 _____ (Malwarebytes ) C:\Users\My Laptop\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe
2020-01-05 23:06 - 2020-01-05 23:06 - 000018341 _____ C:\Users\My Laptop\Desktop\AdwCleaner[C00].txt
2020-01-05 22:50 - 2020-01-05 22:55 - 000000000 ____D C:\AdwCleaner
2020-01-05 22:49 - 2020-01-05 22:49 - 008237744 _____ (Malwarebytes) C:\Users\My Laptop\Desktop\adwcleaner_8.0.1.exe
2020-01-05 21:09 - 2020-01-05 21:19 - 000021231 _____ C:\Users\My Laptop\Desktop\Fixlog.txt
2020-01-05 20:59 - 2020-01-05 21:32 - 000000000 ____D C:\Program Files\CUAssistant
2020-01-05 20:47 - 2020-01-05 20:45 - 000355760 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2020-01-05 20:46 - 2020-01-05 21:38 - 000171640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2020-01-05 20:46 - 2020-01-05 20:45 - 000236288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2020-01-05 20:46 - 2020-01-05 20:45 - 000043512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2020-01-05 20:46 - 2020-01-05 20:44 - 000275232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2020-01-05 20:46 - 2020-01-05 20:44 - 000210328 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2020-01-05 20:46 - 2020-01-05 20:44 - 000065376 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2020-01-05 20:46 - 2020-01-05 20:44 - 000037880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2020-01-02 17:47 - 2018-03-05 01:56 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2020-01-02 17:47 - 2018-03-05 01:56 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-01-02 17:47 - 2018-02-12 22:17 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2020-01-02 17:47 - 2018-02-12 22:10 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2020-01-02 17:46 - 2018-07-17 23:55 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2020-01-02 17:46 - 2018-07-17 23:53 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-01-02 17:46 - 2018-07-17 23:53 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-01-02 17:46 - 2018-07-17 23:52 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2020-01-02 17:46 - 2018-07-17 23:47 - 002449920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-01-02 17:46 - 2018-07-17 23:47 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-01-02 17:46 - 2018-07-13 04:19 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2020-01-02 17:46 - 2018-07-13 04:08 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2020-01-02 17:46 - 2018-06-12 01:20 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-01-02 17:46 - 2018-06-08 05:34 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2020-01-02 17:46 - 2018-06-08 05:33 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2020-01-02 17:46 - 2018-06-08 05:32 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2020-01-02 17:46 - 2018-06-08 05:31 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2020-01-02 17:46 - 2018-06-08 05:30 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2020-01-02 17:46 - 2018-06-08 05:29 - 001307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-01-02 17:46 - 2018-06-08 05:25 - 001161728 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-01-02 17:46 - 2018-06-08 05:20 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2020-01-02 17:46 - 2018-06-08 05:17 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2020-01-02 17:46 - 2018-03-05 01:55 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-01-02 17:46 - 2018-03-05 01:53 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-01-02 17:46 - 2018-03-02 06:43 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2020-01-02 17:46 - 2018-02-12 22:58 - 000026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-01-02 17:45 - 2020-01-05 22:44 - 000003118 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-01-02 17:45 - 2020-01-05 22:44 - 000002636 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2020-01-02 17:40 - 2020-01-02 17:48 - 000048113 _____ C:\Users\My Laptop\Desktop\Addition.txt
2020-01-02 17:33 - 2020-01-09 23:44 - 000035596 _____ C:\Users\My Laptop\Desktop\FRST.txt
2020-01-02 17:23 - 2020-01-02 17:31 - 000048149 _____ C:\Users\My Laptop\Downloads\Addition.txt
2020-01-02 17:18 - 2020-01-09 23:38 - 002573312 _____ (Farbar) C:\Users\My Laptop\Desktop\FRST64.exe
2020-01-02 17:13 - 2020-01-02 17:31 - 000061970 _____ C:\Users\My Laptop\Downloads\FRST.txt
2020-01-02 17:11 - 2020-01-09 23:42 - 000000000 ____D C:\FRST
2020-01-02 17:02 - 2020-01-02 17:02 - 000000000 ____D C:\Users\My Laptop\Downloads\4 Some EP and Singles
2020-01-01 20:36 - 2020-01-01 20:36 - 002272256 _____ (Farbar) C:\Users\My Laptop\Downloads\FRST64.exe
2020-01-01 20:34 - 2020-01-05 23:00 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMy Laptop.job
2020-01-01 20:34 - 2020-01-05 22:44 - 000002800 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForMy Laptop
2020-01-01 19:52 - 2020-01-05 22:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-01-01 18:17 - 2020-01-01 18:17 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-09 23:37 - 2014-02-11 14:12 - 000000000 ____D C:\Users\My Laptop\Documents\Youcam
2020-01-09 23:33 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-09 23:31 - 2017-10-23 23:26 - 000004278 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2020-01-08 23:56 - 2017-09-09 09:13 - 000000000 ____D C:\Users\My Laptop
2020-01-08 23:42 - 2017-09-09 09:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-08 23:10 - 2017-03-18 21:03 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-08 22:54 - 2018-09-28 10:57 - 000000000 ____D C:\Users\My Laptop\AppData\Local\CrashDumps
2020-01-08 22:53 - 2018-09-28 10:57 - 000000000 ___HD C:\$GetCurrent
2020-01-08 22:53 - 2017-09-09 09:57 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2020-01-08 22:53 - 2017-09-09 09:57 - 000001908 _____ C:\WINDOWS\diagerr.xml
2020-01-08 22:53 - 2017-03-18 20:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-08 22:16 - 2017-09-01 10:46 - 000000000 ___DC C:\WINDOWS\Panther
2020-01-08 21:34 - 2018-09-28 10:57 - 000000000 ____D C:\Windows10Upgrade
2020-01-08 20:11 - 2016-12-02 10:09 - 000000000 ____D C:\Users\My Laptop\AppData\Roaming\uTorrent
2020-01-08 18:03 - 2014-02-27 17:10 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-08 18:03 - 2014-02-27 17:10 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-08 18:01 - 2016-03-21 11:17 - 000000000 ____D C:\Users\My Laptop\AppData\Roaming\AVG
2020-01-08 17:53 - 2016-03-21 10:59 - 000000000 ____D C:\ProgramData\Avg
2020-01-08 17:53 - 2016-03-21 10:59 - 000000000 ____D C:\Program Files (x86)\AVG
2020-01-08 17:52 - 2017-09-09 09:46 - 000004150 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C5A8CCE8-E7F8-4E4C-B859-2D2AC531673D}
2020-01-08 17:46 - 2017-09-09 09:46 - 000003658 _____ C:\WINDOWS\system32\Tasks\AVG EUpdate Task
2020-01-05 23:14 - 2017-03-18 21:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-05 23:00 - 2017-09-09 09:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-05 23:00 - 2014-08-15 17:27 - 000000292 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2020-01-05 22:59 - 2017-09-09 09:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-01-05 22:59 - 2017-03-18 11:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-01-05 22:57 - 2013-10-17 20:01 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2020-01-05 22:57 - 2013-10-17 19:30 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-01-05 22:56 - 2014-08-15 17:27 - 000000000 ____D C:\ProgramData\IObit
2020-01-05 22:56 - 2014-08-15 17:26 - 000000000 ____D C:\Users\My Laptop\AppData\Roaming\IObit
2020-01-05 22:56 - 2014-08-15 17:26 - 000000000 ____D C:\Program Files (x86)\IObit
2020-01-05 22:56 - 2014-02-11 14:15 - 000000000 ____D C:\Users\My Laptop\AppData\Roaming\Hewlett-Packard
2020-01-05 22:56 - 2014-02-11 14:13 - 000000000 ____D C:\Users\My Laptop\AppData\Local\Hewlett-Packard
2020-01-05 22:56 - 2013-11-27 21:47 - 000000000 ____D C:\Program Files (x86)\CyberLink
2020-01-05 22:44 - 2018-09-27 16:47 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2020-01-05 22:44 - 2018-09-27 16:47 - 000003162 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2020-01-05 22:44 - 2018-09-24 18:04 - 000002418 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_My_Laptop
2020-01-05 22:44 - 2017-09-09 09:46 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-05 22:44 - 2017-09-09 09:46 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-05 22:44 - 2017-09-09 09:46 - 000002880 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4036567448-3610357976-3683549566-1002
2020-01-05 22:44 - 2017-09-09 09:46 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4036567448-3610357976-3683549566-1002
2020-01-05 22:44 - 2017-09-09 09:46 - 000002552 _____ C:\WINDOWS\system32\Tasks\CreateChoiceProcessTask
2020-01-05 22:44 - 2017-09-09 09:46 - 000002530 _____ C:\WINDOWS\system32\Tasks\YCMServiceAgent
2020-01-05 22:44 - 2017-09-09 09:46 - 000002320 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4036567448-3610357976-3683549566-500
2020-01-05 22:44 - 2017-09-09 09:46 - 000002254 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2020-01-05 22:44 - 2017-09-09 09:46 - 000002250 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator
2020-01-05 22:17 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\rescache
2020-01-05 21:37 - 2017-10-23 23:25 - 000848688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2020-01-05 21:37 - 2017-10-23 23:25 - 000461216 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2020-01-05 21:13 - 2014-02-27 17:00 - 000000000 ____D C:\Program Files (x86)\Google
2020-01-05 21:11 - 2017-10-23 22:38 - 000000000 ____D C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2020-01-05 21:02 - 2014-02-11 14:10 - 000000000 ____D C:\Users\My Laptop\AppData\Local\Packages
2020-01-05 21:01 - 2018-09-24 17:46 - 000000000 ____D C:\Program Files\rempl
2020-01-05 20:45 - 2018-09-24 09:19 - 000016520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2020-01-05 20:45 - 2017-10-23 23:25 - 000317304 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2020-01-05 20:45 - 2017-10-23 23:25 - 000111096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2020-01-05 20:45 - 2017-10-23 23:25 - 000084560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2020-01-05 20:44 - 2018-09-24 09:19 - 000205600 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2020-01-05 20:42 - 2017-09-09 09:12 - 001072810 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-05 20:40 - 2018-09-27 16:47 - 000000000 ____D C:\Users\My Laptop\AppData\Local\AVAST Software
2020-01-05 20:36 - 2013-11-27 21:56 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-01-05 18:39 - 2017-03-18 21:01 - 000000000 ____D C:\WINDOWS\INF
2020-01-05 18:39 - 2017-03-18 11:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-01-05 18:36 - 2015-07-10 09:05 - 000000000 ____D C:\Users\Default.migrated
2020-01-05 18:29 - 2014-08-15 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2020-01-05 18:28 - 2014-06-24 15:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-05 18:27 - 2014-08-15 17:26 - 000000000 ____D C:\ProgramData\ProductData
2020-01-02 17:49 - 2018-09-27 16:48 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-01-02 17:49 - 2018-09-27 16:48 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2020-01-02 17:48 - 2014-06-24 15:57 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-01 20:30 - 2015-08-02 17:29 - 000002386 _____ C:\Users\My Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-01 20:30 - 2015-08-02 17:29 - 000000000 ___RD C:\Users\My Laptop\OneDrive

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

 

ATTENTION: ==> Could not access BCD.  -> 0

LastRegBack: 2020-01-05 22:08
==================== End of FRST.txt ========================

 

 

Thank you


  • 0

#10
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3BD57484-C56A-4566-A1DF-FBA245C2E5A3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
Task: {7CE92601-E57F-4909-8AF1-973CB00C497D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {AB102E55-10E6-491C-A0BD-46B2DCF7EBB3} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\My Laptop\Desktop\esetonlinescanner_enu.exe [14562400 2020-01-08] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\McSiteAdvisor.xml [2017-11-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-23]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-01] (IObit Information Technology -> IObit)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
2020-01-05 22:56 - 2014-08-15 17:27 - 000000000 ____D C:\ProgramData\IObit
2020-01-05 22:56 - 2014-08-15 17:26 - 000000000 ____D C:\Users\My Laptop\AppData\Roaming\IObit
2020-01-05 22:56 - 2014-08-15 17:26 - 000000000 ____D C:\Program Files (x86)\IObit
2020-01-05 18:29 - 2014-08-15 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{9790505F-C047-40BE-8D0F-EF08E1CC3DE7}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BA78C6F8-3712-4320-AFC9-C34C6E1ACD4B}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{CC56388F-69DB-4C76-B6C4-8415C425C590}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{FEA230AC-821F-4A1D-8311-D5774DC19C4B}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{5B38D33C-D1A6-48B5-B401-4FDE5FFCD93E}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{5105B4E9-C147-444F-820E-20A9D6E816EA}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{597ED712-1892-4C2E-97FF-6957B72D15FD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
C:\Program Files (x86)\Iobit
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Let’s run an online scan to be sure nothing is left.

Download ESET Online Scanner and save it to your desktop.

  • right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • when the tool opens, click Get Started.
  • read and accept the license agreement.
  • at the Welcome to ESET Online Scanner window, click Get Started.
  • select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • click on the Full Scan option.
  • select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • when the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature: click on Continue.
  • on the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

Logs to include with next post:

Fixlog.txt
eset.txt


Can you tell me if there are any remaining problems.


  • 0

Advertisements


#11
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by My Laptop (11-01-2020 13:26:09) Run:3
Running from C:\Users\My Laptop\Desktop
Loaded Profiles: My Laptop (Available Profiles: My Laptop)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3BD57484-C56A-4566-A1DF-FBA245C2E5A3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
Task: {7CE92601-E57F-4909-8AF1-973CB00C497D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {AB102E55-10E6-491C-A0BD-46B2DCF7EBB3} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\My Laptop\Desktop\esetonlinescanner_enu.exe [14562400 2020-01-08] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\McSiteAdvisor.xml [2017-11-03]
CHR Extension: (McAfee� WebAdvisor) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-23]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-01] (IObit Information Technology -> IObit)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
2020-01-05 22:56 - 2014-08-15 17:27 - 000000000 ____D C:\ProgramData\IObit
2020-01-05 22:56 - 2014-08-15 17:26 - 000000000 ____D C:\Users\My Laptop\AppData\Roaming\IObit
2020-01-05 22:56 - 2014-08-15 17:26 - 000000000 ____D C:\Program Files (x86)\IObit
2020-01-05 18:29 - 2014-08-15 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{9790505F-C047-40BE-8D0F-EF08E1CC3DE7}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BA78C6F8-3712-4320-AFC9-C34C6E1ACD4B}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{CC56388F-69DB-4C76-B6C4-8415C425C590}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{FEA230AC-821F-4A1D-8311-D5774DC19C4B}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{5B38D33C-D1A6-48B5-B401-4FDE5FFCD93E}] => (Allow) C:\Users\My Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{5105B4E9-C147-444F-820E-20A9D6E816EA}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{597ED712-1892-4C2E-97FF-6957B72D15FD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
C:\Program Files (x86)\Iobit
EmptyTemp:
*****************

Processes closed successfully.
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => No running process found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SecurityHealth" => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BD57484-C56A-4566-A1DF-FBA245C2E5A3}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{783C28D0-233E-4AAF-BAF0-C2D6B45923BF}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CE92601-E57F-4909-8AF1-973CB00C497D}" => not found
"C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB102E55-10E6-491C-A0BD-46B2DCF7EBB3}" => not found
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job" => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"C:\Program Files (x86)\McAfee\SiteAdvisor" => not found
"C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" => not found
"C:\Users\My Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\u1l4q535.default\searchplugins\McSiteAdvisor.xml" => not found
CHR Extension: (McAfee� WebAdvisor) - C:\Users\My Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-23] => Error: No automatic fix found for this entry.
LiveUpdateSvc => service not found.
GamesAppService => service not found.
HPSupportSolutionsFrameworkService => service not found.
"C:\ProgramData\IObit" => not found
"C:\Users\My Laptop\AppData\Roaming\IObit" => not found
"C:\Program Files (x86)\IObit" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CLVDShellExt => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Open With EncryptionMenu => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\CLVDShellExt => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\EncryptionMenu => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => not found
Laptop\AppData\Roaming\uTorrent\uTorrent.exe No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9790505F-C047-40BE-8D0F-EF08E1CC3DE7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA78C6F8-3712-4320-AFC9-C34C6E1ACD4B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC56388F-69DB-4C76-B6C4-8415C425C590}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FEA230AC-821F-4A1D-8311-D5774DC19C4B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B38D33C-D1A6-48B5-B401-4FDE5FFCD93E}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5105B4E9-C147-444F-820E-20A9D6E816EA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{597ED712-1892-4C2E-97FF-6957B72D15FD}" => not found
"C:\Program Files (x86)\Iobit" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17505060 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5179710 B
Edge => 0 B
Chrome => 12297835 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2462 B
NetworkService => 2462 B
My Laptop => 43697832 B

RecycleBin => 0 B
EmptyTemp: => 82.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:29:28 ====

 

eset.txt

11/01/2020 13:23:35
Files scanned: 331325
Detected files: 2
Cleaned files: 0
Total scan time 04:04:59
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)


  • 0

#12
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Temporarily disable AVG.

==============================================

Please copy all text in the code box below and paste it into Notepad:
 

@echo off
del /f /s /q "C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D”
del /f /s /q “C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as All Files
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the ‘delfile.bat’ file will also be deleted.

Please re-run Eset and post the results.


  • 0

#13
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

while I'm running eset, I have a question, I forgot my user password and I changed the ease of access button so that it would bring up the command prompt and reset my password but now I need to rename utilman and cmd are u able to help ?


  • 0

#14
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

I don't know what you mean. Have you forgotten your Windows password?


  • 0

#15
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Hello nigella

 

It has been 3 days since I last reponded. Please answer but, if I hear nothing within 24 hours then I'll assume that all is OK and close the topic.

 

Satchfan


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP