1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Dell Desktop running slow and has pop ups, please review, Thanks

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by tvc15, Jun 8, 2019.

  1. tvc15

    tvc15 Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2019 01
    Ran by Administrator (administrator) on DELL755-1 (Dell Inc. OptiPlex 755) (08-06-2019 12:23:46)
    Running from C:\Users\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: User1 & Administrator)
    Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\KWRCtl.exe
    (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ntvdm.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
    (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVA.EXE

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [Bing Bar] => C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corporation -> Microsoft Corp.)
    HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [273840 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation) [File not signed]
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Acresso Software Inc. -> Macrovision Corporation)
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE [219008 2011-04-24] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\CurrentVersion\Windows: [Load] C:\SKW\remind.exe <==== ATTENTION
    HKLM\...\Drivers32: [VIDC.I420] => MSH263.DRV
    HKLM\...\Drivers32: [VIDC.SP40] => C:\Windows\system32\SP40_32.DLL [32256 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
    HKLM\...\Drivers32: [VIDC.SP44] => C:\Windows\system32\SP4X_32.DLL [65536 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-21] (Google LLC -> Google Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk [2016-06-03]
    ShortcutTarget: Remote Control.lnk -> C:\Program Files\KWorld MultiMedia\RC Utility\KWRCtl.exe () [File not signed]
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {311A54CE-CED6-4D9D-BDD6-473A1BCACD49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-07-02] (Google Inc -> Google Inc.)
    Task: {8E541BFA-9AC8-43CD-9EEE-22C4D8EB975A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\avg\overseer\overseer.exe [1945712 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    Task: {911F3306-5C1C-461A-83F4-D76D9822971B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-07-02] (Google Inc -> Google Inc.)
    Task: {E4DDBA43-2675-4D93-B0A7-2C7680C69700} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {F2034335-4064-421D-97A8-D809F29344EA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2442160 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0EC18DDC-BEF5-4DA9-943D-73C697948B3C}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/advanced_search
    SearchScopes: HKU\S-1-5-21-1391915818-2398657177-1676357084-500 -> DefaultScope {253B2760-F390-411E-A604-022380FF8B16} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-1391915818-2398657177-1676357084-500 -> {253B2760-F390-411E-A604-022380FF8B16} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-12] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
    BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation -> Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1391915818-2398657177-1676357084-500 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-10-20] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
    FF Extension: (No Name) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2017-03-19] [not signed]
    FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF Extension: (No Name) - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2017-03-19] [not signed]
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-12] (Sun Microsystems, Inc.) [File not signed]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2019-06-08]
    CHR Extension: (Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-02]
    CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-02]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-02]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-02]
    CHR Extension: (Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-02]
    CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-02]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-07]
    CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-24]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2011-11-10] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [359920 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5632800 2019-05-28] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
    R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [263680 2011-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [34536 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [173280 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [226168 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [172080 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [56344 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [40744 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139400 2019-06-06] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [101032 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [72848 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [783072 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [403728 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [167408 2019-06-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [312296 2019-05-30] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    S2 CXIR; C:\Windows\System32\drivers\cxcir.sys [42504 2015-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    S3 CXPLRCAP; C:\Windows\System32\drivers\elvidcap.sys [122984 2014-10-31] (Elgato Systems -> Elgato Systems GmbH)
    S3 CXPOLARIS; C:\Windows\System32\drivers\cxpolaris.sys [646536 2015-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    S3 DVSAudio; C:\Windows\System32\drivers\DVSAudio.sys [14906 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Strategic Vista)
    R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation -> Intel Corporation)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [107168 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64088 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [87280 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S3 SPCA506AV; C:\Windows\System32\DRIVERS\DVS.SYS [160863 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Strategic Vista)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-04-04] (Adlice -> )

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-08 12:23 - 2019-06-08 12:25 - 000025307 _____ C:\Users\Administrator\Desktop\FRST.txt
    2019-06-08 12:22 - 2019-06-08 12:23 - 000000000 ____D C:\FRST
    2019-06-08 12:16 - 2019-06-08 12:20 - 001770496 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
    2019-06-08 10:26 - 2019-06-08 10:26 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-06-08 10:26 - 2019-06-08 10:26 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2019-06-08 10:26 - 2019-06-08 10:26 - 000107168 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2019-06-08 10:26 - 2019-06-08 10:26 - 000087280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2019-06-08 10:26 - 2019-06-08 10:26 - 000064088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2019-06-08 09:34 - 2019-06-08 09:34 - 000001229 _____ C:\Users\Administrator\Documents\MB 2019_06_08.txt
    2019-06-08 09:22 - 2019-06-08 10:26 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
    2019-06-08 09:22 - 2019-06-08 09:22 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-06-08 09:22 - 2019-06-08 09:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbamtray
    2019-06-08 09:22 - 2019-06-08 09:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-06-06 09:04 - 2019-06-06 09:04 - 000288228 _____ C:\Users\Administrator\Documents\securedoc_20190507T231407.html
    2019-06-05 00:50 - 2019-06-05 00:50 - 000977378 _____ C:\Users\Administrator\Documents\2018_TAXES_Mollye final.pdf
    2019-05-24 04:45 - 2019-05-24 04:45 - 000047768 _____ () C:\Windows\system32\Drivers\staport.sys
    2019-05-24 04:45 - 2019-05-24 04:44 - 000311216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2019-05-22 11:24 - 2019-05-22 11:24 - 000713105 _____ C:\Users\Administrator\Downloads\Classic Tomato Sauce recipe _ Epicurious.com.pdf
    2019-05-15 17:58 - 2019-05-15 20:05 - 000010281 _____ C:\Users\Administrator\Documents\UBER BOGUS CANCEL CHARGES.xlsx

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-08 09:20 - 2009-07-13 21:34 - 000015488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-06-08 09:20 - 2009-07-13 21:34 - 000015488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-06-08 09:11 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-06-07 16:32 - 2017-04-11 23:29 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2019-06-07 14:20 - 2009-07-13 21:52 - 000000000 ____D C:\Windows\system32\FxsTmp
    2019-06-07 12:24 - 2019-02-08 16:17 - 000000000 ____D C:\Users\Administrator\Documents\BPH
    2019-06-06 15:24 - 2017-04-21 12:03 - 000000000 ____D C:\Users\Administrator\Documents\Jaguar
    2019-06-06 04:45 - 2017-03-22 21:53 - 000139400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2019-06-03 04:45 - 2017-03-22 21:53 - 000167408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2019-05-30 04:45 - 2017-03-22 21:53 - 000312296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2019-05-27 02:09 - 2019-04-09 01:33 - 000000000 ____D C:\Users\Administrator\Documents\TAX Mollye 2018
    2019-05-24 04:44 - 2019-01-14 08:56 - 000226168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
    2019-05-24 04:44 - 2019-01-04 16:56 - 000172080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
    2019-05-24 04:44 - 2019-01-04 16:56 - 000056344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
    2019-05-24 04:44 - 2019-01-04 16:56 - 000034536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
    2019-05-24 04:44 - 2018-10-19 21:44 - 000040744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
    2019-05-24 04:44 - 2018-04-18 18:40 - 000173280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2019-05-24 04:44 - 2017-03-22 21:53 - 000783072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2019-05-24 04:44 - 2017-03-22 21:53 - 000403728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2019-05-24 04:44 - 2017-03-22 21:53 - 000101032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2019-05-24 04:44 - 2017-03-22 21:53 - 000072848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2019-05-21 16:15 - 2018-07-02 01:54 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-05-21 16:15 - 2018-07-02 01:54 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-05-18 12:18 - 2011-04-12 08:30 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-05-18 12:18 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
    2019-05-18 12:09 - 2017-02-08 13:25 - 000000000 ____D C:\Users\Administrator\Documents\Music Tabs
    2019-05-18 10:23 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\NDF
    2019-05-09 05:49 - 2017-04-16 10:15 - 000000000 _____ C:\Windows\system32\last.dump

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-06-02 01:17
    ==================== End of FRST.txt ============================





    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2019 01
    Ran by Administrator (08-06-2019 12:25:26)
    Running from C:\Users\Administrator\Desktop
    Microsoft Windows 7 Enterprise Service Pack 1 (X86) (2011-04-12 15:26:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1391915818-2398657177-1676357084-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-1391915818-2398657177-1676357084-501 - Limited - Disabled)
    User1 (S-1-5-21-1391915818-2398657177-1676357084-1001 - Administrator - Enabled) => C:\Users\User1

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.12 - Adobe Systems)
    Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
    Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
    AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 19.5.3093 - AVG Technologies)
    AXIS AAC Audio Decoder (HKLM\...\{6C716681-3633-41D5-965A-51A015CD91C7}) (Version: 3.0.20 - Axis Communications)
    AXIS H.264 Video Decoder (HKLM\...\{8BD0AF96-FB51-4A2C-8850-4F9731B7CA1A}) (Version: 3.0.10 - Axis Communications)
    AXIS Media Control 5.90 Redist (HKLM\...\AXIS Media Control SDK_is1) (Version: 5.90 - Axis Communications)
    AXIS MPEG-4 Video Decoder (HKLM\...\{10AB2C27-7B77-40F0-AE31-70E82AC5759C}) (Version: 3.0.00 - Axis Communications)
    Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation)
    Bing Bar Platform (HKLM\...\{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}) (Version: 5.0.1449.0 - Microsoft Corporation) Hidden
    Digital Video Management System (HKLM\...\{64A83485-0537-4731-8331-D9E8FA4AC01C}) (Version: 3.20 - Strategic Vista Corp)
    Digital Video Monitor System (HKLM\...\{E3D9A9CA-707B-48D6-8DAE-525BFE0FFE5A}) (Version: 1.20.144 - Strategic Vista)
    Elgato Video Capture (HKLM\...\{E29D0CAD-C1B2-49E5-BAE1-AB75461109A3}) (Version: 1.15.2.119 - Elgato Systems GmbH)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
    HomeSafe View version 1.2.22 (HKLM\...\{C45D08CB-3B52-4CC3-A959-6C9E53BDDD26}_is1) (Version: 1.2.22 - Dvrsoft Systems, Inc.)
    HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{2477B5FC-A1E0-411A-BF19-4D5C81A2603A}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Deskjet 3000 J310 series Help (HKLM\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
    Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
    KWorld ATSC BDA Drivers (HKLM\...\KWorld ATSC BDA Drivers_is1) (Version: - )
    KWorld RC Utility (HKLM\...\KWorld RC Utility_is1) (Version: - )
    KWorld USB PVR-TV Device (HKLM\...\TVCONDrv) (Version: - )
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
    QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    RogueKiller version 12.10.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.0.0 - Adlice Software)
    Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
    USB2.0 ATV (HKLM\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)
    Video Capture v7.07.0.127 (HKLM\...\Software_Elgato_Video Capture) (Version: 7.07.0.127 - Elgato Systems)
    Visec 2009 (HKLM\...\{0758E116-ACAA-39D1-1446-10E1CE1B7C79}) (Version: - )
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Installer Clean Up (HKLM\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171464 2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2016-06-03 22:28 - 2014-02-12 12:13 - 000028672 _____ () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\GDMDLL.dll
    2016-06-03 22:28 - 2014-02-12 12:13 - 000012800 _____ () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\KW_SMSBDA.dll
    2016-06-03 22:28 - 2014-02-12 12:13 - 000267264 _____ () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\KWRCtl.exe
    2016-06-03 22:28 - 2014-02-12 12:13 - 000065536 _____ () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\ReadRemoteKey.dll
    2016-06-03 22:28 - 2014-02-12 12:13 - 000028672 _____ (afa) [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\AF15BDAEX.dll
    2016-06-03 22:28 - 2014-02-12 12:13 - 000049152 _____ (ITE Technologies, Inc.) [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\AF9100EX.dll
    2010-04-26 17:07 - 2010-04-26 17:07 - 000121856 _____ (Microsoft Corporation) [File not signed] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\XmlLite.dll
    2013-03-06 10:55 - 2013-03-06 10:55 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
    2016-06-03 22:29 - 2016-06-03 22:29 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\advertising.com -> hxxp://s.update.wtag.adaptv.advertising.com
    IE restricted site: HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\bing.com -> hxxp://www.bing.com
    IE restricted site: HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\springserve.com -> hxxp://s.update.morgdog.springserve.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:04 - 2018-12-03 08:34 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E6C39AF4-573B-48C9-B1EA-D8FB8CE55B9D}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{3DA5B1F0-4B98-43A1-AC28-601BC377EB12}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{205AC393-64C2-4581-80A8-8A1FFE8CBCC0}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe No File
    FirewallRules: [{8C3035D0-E5B2-4DE6-AA35-85B827D4FB01}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe No File
    FirewallRules: [{5CBBAA44-949B-4C56-B61E-11EE7987E679}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1CEC8F7F-3CB1-431A-855D-B62D01C82ABE}] => (Allow) C:\Program Files\Visec 2009\Visec.exe (Philex Enterprises) [File not signed]
    FirewallRules: [{32DBF950-1594-4B39-8A79-D5610AFC17F7}] => (Allow) C:\Program Files\Visec 2009\Visec.exe (Philex Enterprises) [File not signed]
    FirewallRules: [{EF0ABFCD-1278-4F7B-B312-B3A230A6E417}] => (Allow) C:\Program Files\Visec 2009\Visec.exe (Philex Enterprises) [File not signed]
    FirewallRules: [{9423AD27-018F-4BF4-822B-CCAC540604E1}] => (Allow) C:\Program Files\Visec 2009\Visec.exe (Philex Enterprises) [File not signed]
    FirewallRules: [TCP Query User{A299476A-3E39-4C44-B6CF-3567363BFDF3}C:\program files\strategic vista\dvm\dvm.exe] => (Allow) C:\program files\strategic vista\dvm\dvm.exe (Core Video Inc.) [File not signed]
    FirewallRules: [UDP Query User{0FFAD668-B920-4F70-8DEC-7B9166FB6831}C:\program files\strategic vista\dvm\dvm.exe] => (Allow) C:\program files\strategic vista\dvm\dvm.exe (Core Video Inc.) [File not signed]
    FirewallRules: [TCP Query User{E4F4CBFD-0C62-4E44-B2B8-D48AE238EE57}C:\windows\system32\dpnsvr.exe] => (Allow) C:\windows\system32\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [UDP Query User{6E0A9AB2-EBAC-4CA5-AA27-56A697E5ACD9}C:\windows\system32\dpnsvr.exe] => (Allow) C:\windows\system32\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [TCP Query User{484864E4-D859-451E-BEBA-855F9EA39A13}C:\program files\strategic vista\dvm\dvm.exe] => (Block) C:\program files\strategic vista\dvm\dvm.exe (Core Video Inc.) [File not signed]
    FirewallRules: [UDP Query User{FAB5C72B-F03D-442A-B571-B0D22C01833E}C:\program files\strategic vista\dvm\dvm.exe] => (Block) C:\program files\strategic vista\dvm\dvm.exe (Core Video Inc.) [File not signed]
    FirewallRules: [TCP Query User{A625F631-11CA-4574-A364-E5F612B1078E}C:\program files\strategic vista\digital video security system\dvs system.exe] => (Allow) C:\program files\strategic vista\digital video security system\dvs system.exe (Core Video Inc.) [File not signed]
    FirewallRules: [UDP Query User{AF21664F-6E39-4A91-BDFD-E3AC57C1ED75}C:\program files\strategic vista\digital video security system\dvs system.exe] => (Allow) C:\program files\strategic vista\digital video security system\dvs system.exe (Core Video Inc.) [File not signed]
    FirewallRules: [{1F9F1668-D4DF-4FF9-BC67-9032B14D0FAF}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe No File
    FirewallRules: [{BCE5A181-4067-4CC6-B21E-CD1D695EE588}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe No File
    FirewallRules: [{6B97F81F-CBF1-4A1A-9960-C14EB69FA962}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{013933F0-85DF-4C70-8570-A85B53B306E0}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{9C5F864A-E13D-43D9-87F2-9827A979CB4F}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{AAC90974-E00D-4CD2-8FF0-07B50BC022AE}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [TCP Query User{D318E768-AEC3-4E1B-9610-B0BC45F20C86}C:\program files\swannview link\mydvr.exe] => (Allow) C:\program files\swannview link\mydvr.exe No File
    FirewallRules: [UDP Query User{9D193BA7-7618-48C9-BABB-3B1D73FF61A3}C:\program files\swannview link\mydvr.exe] => (Allow) C:\program files\swannview link\mydvr.exe No File
    FirewallRules: [TCP Query User{92730B47-E351-4877-9865-5935FDF271CA}C:\program files\swann\homesafe view\homesafe view.exe] => (Allow) C:\program files\swann\homesafe view\homesafe view.exe () [File not signed]
    FirewallRules: [UDP Query User{3A2436FE-1ADE-4A49-B9D8-0B91751B8118}C:\program files\swann\homesafe view\homesafe view.exe] => (Allow) C:\program files\swann\homesafe view\homesafe view.exe () [File not signed]
    FirewallRules: [{9C328B1E-11F2-4492-8443-3C63B8192B6A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

    ==================== Restore Points =========================

    06-05-2019 18:30:46 Scheduled Checkpoint
    14-05-2019 00:00:02 Scheduled Checkpoint
    22-05-2019 00:42:42 Scheduled Checkpoint
    30-05-2019 19:56:16 Scheduled Checkpoint
    07-06-2019 00:00:05 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: PCI Serial Port
    Description: PCI Serial Port
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/07/2019 04:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
    Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
    Exception code: 0xc0000005
    Fault offset: 0x0052854b
    Faulting process id: 0xcc0
    Faulting application start time: 0x01d51d88cf6a349d
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\system32\MSHTML.dll
    Report Id: 8e746542-897c-11e9-bf64-00219b40049e

    Error: (06/07/2019 04:32:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
    Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
    Exception code: 0xc0000005
    Fault offset: 0x0052854b
    Faulting process id: 0x918
    Faulting application start time: 0x01d51d88c5116ef4
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\system32\MSHTML.dll
    Report Id: 8495da73-897c-11e9-bf64-00219b40049e

    Error: (06/07/2019 04:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
    Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
    Exception code: 0xc0000005
    Fault offset: 0x0052854b
    Faulting process id: 0x176c
    Faulting application start time: 0x01d51b6cb729c3ba
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\system32\MSHTML.dll
    Report Id: 0a343dd6-897c-11e9-bf64-00219b40049e

    Error: (06/07/2019 04:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
    Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
    Exception code: 0xc0000005
    Fault offset: 0x0052854b
    Faulting process id: 0x16e0
    Faulting application start time: 0x01d51d6599b24f60
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\system32\MSHTML.dll
    Report Id: 009729cd-897c-11e9-bf64-00219b40049e

    Error: (06/07/2019 12:16:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
    Faulting module name: Acrobat.dll, version: 10.1.12.15, time stamp: 0x540856d6
    Exception code: 0xc0000005
    Fault offset: 0x004a4cc1
    Faulting process id: 0x1af0
    Faulting application start time: 0x01d51af38e92503c
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.dll
    Report Id: cab8f750-8958-11e9-bf64-00219b40049e

    Error: (06/07/2019 12:33:10 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2.
    Invalid Xml syntax.

    Error: (06/07/2019 12:00:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avgblog.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/06/2019 12:32:36 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2.
    Invalid Xml syntax.


    System errors:
    =============
    Error: (06/08/2019 10:56:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (06/08/2019 10:56:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (06/08/2019 10:54:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (06/08/2019 10:54:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (06/08/2019 10:53:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (06/08/2019 10:53:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (06/08/2019 09:11:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Conexant Polaris IR Transceiver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (06/07/2019 04:29:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.


    Windows Defender:
    ===================================
    Date: 2011-04-12 08:50:45.433
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version:
    Update Source:User
    Signature Type:
    Update Type:
    Current Engine Version:
    Previous Engine Version:1.1.6702.0
    Error code:0x8050a003
    Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

    ==================== Memory info ===========================

    BIOS: Dell Inc. A22 06/11/2012
    Motherboard: Dell Inc. 0GM819
    Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
    Percentage of memory in use: 89%
    Total physical RAM: 3325.61 MB
    Available physical RAM: 351.64 MB
    Total Virtual: 6649.51 MB
    Available Virtual: 3249.33 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.73 GB) (Free:91.58 GB) NTFS

    \\?\Volume{8c20c15a-6518-11e0-a4a5-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 41AB2316)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    Your computer could definitely use more RAM.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
  3. tvc15

    tvc15 Established Techie7 Member

    Thanks for your response. I found, after scanning, MB and RK are in the program files in C drive, not sure why. AdwCleaner and FRST are not in the C drive/program files, they are in desktop. But, message from AdwCleaner every time I try to start the scan: "AdwCleaner has stopped working" Should I start over with RK and MB in the desktop? Suggestion for getting AdwCleaner to scan? Thanks

    Logs follow:

    RogueKiller Anti-Malware V13.2.2.0 [Jun 10 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits
    Started in : Normal mode
    User : Administrator [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Signatures : 20190610_083545, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2019/06/10 14:24:16 (Duration : 00:31:10)
    Switches : -refid 3

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤



    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 6/10/19
    Scan Time: 3:11 PM
    Log File: bb0dd604-8bcc-11e9-b9ce-00219b40049e.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.586
    Update Package Version: 1.0.10986
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: DELL755-1\Administrator

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 224827
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 3 min, 30 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
     
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Since other scans are clean don't worry about AdwCleaner.

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  5. tvc15

    tvc15 Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-06-2019 01
    Ran by Administrator (administrator) on DELL755-1 (Dell Inc. OptiPlex 755) (11-06-2019 01:24:57)
    Running from C:\Users\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: User1 & Administrator)
    Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\KWRCtl.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller.exe
    (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ntvdm.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
    (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVA.EXE

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [Bing Bar] => C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corporation -> Microsoft Corp.)
    HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [273840 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation) [File not signed]
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Acresso Software Inc. -> Macrovision Corporation)
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE [219008 2011-04-24] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\CurrentVersion\Windows: [Load] C:\SKW\remind.exe <==== ATTENTION
    HKLM\...\Drivers32: [VIDC.I420] => MSH263.DRV
    HKLM\...\Drivers32: [VIDC.SP40] => C:\Windows\system32\SP40_32.DLL [32256 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
    HKLM\...\Drivers32: [VIDC.SP44] => C:\Windows\system32\SP4X_32.DLL [65536 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-21] (Google LLC -> Google Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk [2016-06-03]
    ShortcutTarget: Remote Control.lnk -> C:\Program Files\KWorld MultiMedia\RC Utility\KWRCtl.exe () [File not signed]
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {311A54CE-CED6-4D9D-BDD6-473A1BCACD49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-07-02] (Google Inc -> Google Inc.)
    Task: {8E541BFA-9AC8-43CD-9EEE-22C4D8EB975A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\avg\overseer\overseer.exe [1945712 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    Task: {911F3306-5C1C-461A-83F4-D76D9822971B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-07-02] (Google Inc -> Google Inc.)
    Task: {E4DDBA43-2675-4D93-B0A7-2C7680C69700} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {F2034335-4064-421D-97A8-D809F29344EA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2442160 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0EC18DDC-BEF5-4DA9-943D-73C697948B3C}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/advanced_search
    SearchScopes: HKU\S-1-5-21-1391915818-2398657177-1676357084-500 -> DefaultScope {253B2760-F390-411E-A604-022380FF8B16} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-1391915818-2398657177-1676357084-500 -> {253B2760-F390-411E-A604-022380FF8B16} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-12] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
    BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation -> Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1391915818-2398657177-1676357084-500 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-10-20] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
    FF Extension: (No Name) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2017-03-19] [not signed]
    FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF Extension: (No Name) - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2017-03-19] [not signed]
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-12] (Sun Microsystems, Inc.) [File not signed]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2019-06-11]
    CHR Extension: (Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-02]
    CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-02]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-02]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-02]
    CHR Extension: (Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-02]
    CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-02]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-07]
    CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-24]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2011-11-10] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [359920 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5632800 2019-05-28] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
    R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [263680 2011-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [34536 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [173280 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [226168 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [172080 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [56344 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [40744 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139400 2019-06-06] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [101032 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [72848 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [783072 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [403728 2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [167408 2019-06-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [312296 2019-05-30] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    S2 CXIR; C:\Windows\System32\drivers\cxcir.sys [42504 2015-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    S3 CXPLRCAP; C:\Windows\System32\drivers\elvidcap.sys [122984 2014-10-31] (Elgato Systems -> Elgato Systems GmbH)
    S3 CXPOLARIS; C:\Windows\System32\drivers\cxpolaris.sys [646536 2015-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    S3 DVSAudio; C:\Windows\System32\drivers\DVSAudio.sys [14906 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Strategic Vista)
    R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation -> Intel Corporation)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [107168 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64088 2019-06-09] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-06-09] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [87280 2019-06-08] (Malwarebytes Corporation -> Malwarebytes)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S3 SPCA506AV; C:\Windows\System32\DRIVERS\DVS.SYS [160863 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Strategic Vista)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [24688 2019-06-10] (Adlice -> )

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-11 01:24 - 2019-06-11 01:24 - 000000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
    2019-06-10 15:04 - 2019-06-10 15:17 - 000000000 ____D C:\Users\Administrator\Documents\TEMP
    2019-06-10 14:23 - 2019-06-10 14:23 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2019-06-10 14:12 - 2019-06-10 14:18 - 029932744 _____ (Adlice Software ) C:\Users\Administrator\Desktop\RogueKiller_setup_ref3.exe
    2019-06-09 12:12 - 2019-06-09 12:12 - 000559852 ____H C:\Users\Administrator\Documents\~WRL0842.tmp
    2019-06-08 12:25 - 2019-06-08 12:27 - 000025055 _____ C:\Users\Administrator\Desktop\Addition.txt
    2019-06-08 12:23 - 2019-06-11 01:25 - 000025497 _____ C:\Users\Administrator\Desktop\FRST.txt
    2019-06-08 12:22 - 2019-06-11 01:24 - 000000000 ____D C:\FRST
    2019-06-08 12:16 - 2019-06-11 01:24 - 001770496 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
    2019-06-08 10:26 - 2019-06-09 12:50 - 000064088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2019-06-08 10:26 - 2019-06-09 12:47 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-06-08 10:26 - 2019-06-08 10:26 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2019-06-08 10:26 - 2019-06-08 10:26 - 000107168 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2019-06-08 10:26 - 2019-06-08 10:26 - 000087280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2019-06-08 09:34 - 2019-06-08 09:34 - 000001229 _____ C:\Users\Administrator\Documents\MB 2019_06_08.txt
    2019-06-08 09:22 - 2019-06-08 10:26 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
    2019-06-08 09:22 - 2019-06-08 09:22 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-06-08 09:22 - 2019-06-08 09:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbamtray
    2019-06-08 09:22 - 2019-06-08 09:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-06-06 09:04 - 2019-06-06 09:04 - 000288228 _____ C:\Users\Administrator\Documents\securedoc_20190507T231407.html
    2019-06-05 00:50 - 2019-06-05 00:50 - 000977378 _____ C:\Users\Administrator\Documents\2018_TAXES_Mollye final.pdf
    2019-05-24 04:45 - 2019-05-24 04:45 - 000047768 _____ () C:\Windows\system32\Drivers\staport.sys
    2019-05-24 04:45 - 2019-05-24 04:44 - 000311216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2019-05-22 11:24 - 2019-05-22 11:24 - 000713105 _____ C:\Users\Administrator\Downloads\Classic Tomato Sauce recipe _ Epicurious.com.pdf
    2019-05-15 17:58 - 2019-05-15 20:05 - 000010281 _____ C:\Users\Administrator\Documents\UBER BOGUS CANCEL CHARGES.xlsx

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-11 01:23 - 2017-04-16 10:15 - 000000000 _____ C:\Windows\system32\last.dump
    2019-06-10 15:49 - 2009-07-13 21:52 - 000000000 ____D C:\Windows\system32\FxsTmp
    2019-06-10 15:48 - 2017-04-11 23:29 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2019-06-10 15:48 - 2017-04-11 19:38 - 000000000 ____D C:\AdwCleaner
    2019-06-10 15:03 - 2017-03-19 23:55 - 000000000 ____D C:\Program Files\RogueKiller
    2019-06-10 14:25 - 2017-03-20 00:11 - 000024688 _____ C:\Windows\system32\Drivers\truesight.sys
    2019-06-10 14:25 - 2017-03-20 00:10 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-06-10 14:23 - 2017-03-19 23:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-06-09 12:55 - 2009-07-13 21:34 - 000015488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-06-09 12:55 - 2009-07-13 21:34 - 000015488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-06-09 12:45 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-06-07 12:24 - 2019-02-08 16:17 - 000000000 ____D C:\Users\Administrator\Documents\BPH
    2019-06-06 15:24 - 2017-04-21 12:03 - 000000000 ____D C:\Users\Administrator\Documents\Jaguar
    2019-06-06 04:45 - 2017-03-22 21:53 - 000139400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2019-06-03 04:45 - 2017-03-22 21:53 - 000167408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2019-05-30 04:45 - 2017-03-22 21:53 - 000312296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2019-05-27 02:09 - 2019-04-09 01:33 - 000000000 ____D C:\Users\Administrator\Documents\TAX Mollye 2018
    2019-05-24 04:44 - 2019-01-14 08:56 - 000226168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
    2019-05-24 04:44 - 2019-01-04 16:56 - 000172080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
    2019-05-24 04:44 - 2019-01-04 16:56 - 000056344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
    2019-05-24 04:44 - 2019-01-04 16:56 - 000034536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
    2019-05-24 04:44 - 2018-10-19 21:44 - 000040744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
    2019-05-24 04:44 - 2018-04-18 18:40 - 000173280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2019-05-24 04:44 - 2017-03-22 21:53 - 000783072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2019-05-24 04:44 - 2017-03-22 21:53 - 000403728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2019-05-24 04:44 - 2017-03-22 21:53 - 000101032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2019-05-24 04:44 - 2017-03-22 21:53 - 000072848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2019-05-21 16:15 - 2018-07-02 01:54 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-05-21 16:15 - 2018-07-02 01:54 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-05-18 12:18 - 2011-04-12 08:30 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-05-18 12:18 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
    2019-05-18 12:09 - 2017-02-08 13:25 - 000000000 ____D C:\Users\Administrator\Documents\Music Tabs
    2019-05-18 10:23 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\NDF

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-06-02 01:17
    ==================== End of FRST.txt ============================



    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-06-2019 01
    Ran by Administrator (11-06-2019 01:25:58)
    Running from C:\Users\Administrator\Desktop
    Microsoft Windows 7 Enterprise Service Pack 1 (X86) (2011-04-12 15:26:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1391915818-2398657177-1676357084-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-1391915818-2398657177-1676357084-501 - Limited - Disabled)
    User1 (S-1-5-21-1391915818-2398657177-1676357084-1001 - Administrator - Enabled) => C:\Users\User1

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.12 - Adobe Systems)
    Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
    Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
    AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 19.5.3093 - AVG Technologies)
    AXIS AAC Audio Decoder (HKLM\...\{6C716681-3633-41D5-965A-51A015CD91C7}) (Version: 3.0.20 - Axis Communications)
    AXIS H.264 Video Decoder (HKLM\...\{8BD0AF96-FB51-4A2C-8850-4F9731B7CA1A}) (Version: 3.0.10 - Axis Communications)
    AXIS Media Control 5.90 Redist (HKLM\...\AXIS Media Control SDK_is1) (Version: 5.90 - Axis Communications)
    AXIS MPEG-4 Video Decoder (HKLM\...\{10AB2C27-7B77-40F0-AE31-70E82AC5759C}) (Version: 3.0.00 - Axis Communications)
    Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation)
    Bing Bar Platform (HKLM\...\{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}) (Version: 5.0.1449.0 - Microsoft Corporation) Hidden
    Digital Video Management System (HKLM\...\{64A83485-0537-4731-8331-D9E8FA4AC01C}) (Version: 3.20 - Strategic Vista Corp)
    Digital Video Monitor System (HKLM\...\{E3D9A9CA-707B-48D6-8DAE-525BFE0FFE5A}) (Version: 1.20.144 - Strategic Vista)
    Elgato Video Capture (HKLM\...\{E29D0CAD-C1B2-49E5-BAE1-AB75461109A3}) (Version: 1.15.2.119 - Elgato Systems GmbH)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
    HomeSafe View version 1.2.22 (HKLM\...\{C45D08CB-3B52-4CC3-A959-6C9E53BDDD26}_is1) (Version: 1.2.22 - Dvrsoft Systems, Inc.)
    HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{2477B5FC-A1E0-411A-BF19-4D5C81A2603A}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Deskjet 3000 J310 series Help (HKLM\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
    Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
    KWorld ATSC BDA Drivers (HKLM\...\KWorld ATSC BDA Drivers_is1) (Version: - )
    KWorld RC Utility (HKLM\...\KWorld RC Utility_is1) (Version: - )
    KWorld USB PVR-TV Device (HKLM\...\TVCONDrv) (Version: - )
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
    QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
    Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
    USB2.0 ATV (HKLM\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)
    Video Capture v7.07.0.127 (HKLM\...\Software_Elgato_Video Capture) (Version: 7.07.0.127 - Elgato Systems)
    Visec 2009 (HKLM\...\{0758E116-ACAA-39D1-1446-10E1CE1B7C79}) (Version: - )
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Installer Clean Up (HKLM\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171464 2013-03-09] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll [2014-09-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-05-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2016-06-03 22:28 - 2014-02-12 12:13 - 000028672 _____ () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\GDMDLL.dll
    2016-06-03 22:28 - 2014-02-12 12:13 - 000012800 _____ () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\KW_SMSBDA.dll
    2016-06-03 22:28 - 2014-02-12 12:13 - 000267264 _____ () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\KWRCtl.exe
    2016-06-03 22:28 - 2014-02-12 12:13 - 000065536 _____ () [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\ReadRemoteKey.dll
    2016-06-03 22:28 - 2014-02-12 12:13 - 000028672 _____ (afa) [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\AF15BDAEX.dll
    2016-06-03 22:28 - 2014-02-12 12:13 - 000049152 _____ (ITE Technologies, Inc.) [File not signed] C:\Program Files\KWorld MultiMedia\RC Utility\AF9100EX.dll
    2010-04-26 17:07 - 2010-04-26 17:07 - 000121856 _____ (Microsoft Corporation) [File not signed] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\XmlLite.dll
    2013-03-06 10:55 - 2013-03-06 10:55 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
    2016-06-03 22:29 - 2016-06-03 22:29 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\advertising.com -> hxxp://s.update.wtag.adaptv.advertising.com
    IE restricted site: HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\bing.com -> hxxp://www.bing.com
    IE restricted site: HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\springserve.com -> hxxp://s.update.morgdog.springserve.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:04 - 2018-12-03 08:34 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E6C39AF4-573B-48C9-B1EA-D8FB8CE55B9D}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{3DA5B1F0-4B98-43A1-AC28-601BC377EB12}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{205AC393-64C2-4581-80A8-8A1FFE8CBCC0}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe No File
    FirewallRules: [{8C3035D0-E5B2-4DE6-AA35-85B827D4FB01}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe No File
    FirewallRules: [{5CBBAA44-949B-4C56-B61E-11EE7987E679}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1CEC8F7F-3CB1-431A-855D-B62D01C82ABE}] => (Allow) C:\Program Files\Visec 2009\Visec.exe (Philex Enterprises) [File not signed]
    FirewallRules: [{32DBF950-1594-4B39-8A79-D5610AFC17F7}] => (Allow) C:\Program Files\Visec 2009\Visec.exe (Philex Enterprises) [File not signed]
    FirewallRules: [{EF0ABFCD-1278-4F7B-B312-B3A230A6E417}] => (Allow) C:\Program Files\Visec 2009\Visec.exe (Philex Enterprises) [File not signed]
    FirewallRules: [{9423AD27-018F-4BF4-822B-CCAC540604E1}] => (Allow) C:\Program Files\Visec 2009\Visec.exe (Philex Enterprises) [File not signed]
    FirewallRules: [TCP Query User{A299476A-3E39-4C44-B6CF-3567363BFDF3}C:\program files\strategic vista\dvm\dvm.exe] => (Allow) C:\program files\strategic vista\dvm\dvm.exe (Core Video Inc.) [File not signed]
    FirewallRules: [UDP Query User{0FFAD668-B920-4F70-8DEC-7B9166FB6831}C:\program files\strategic vista\dvm\dvm.exe] => (Allow) C:\program files\strategic vista\dvm\dvm.exe (Core Video Inc.) [File not signed]
    FirewallRules: [TCP Query User{E4F4CBFD-0C62-4E44-B2B8-D48AE238EE57}C:\windows\system32\dpnsvr.exe] => (Allow) C:\windows\system32\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [UDP Query User{6E0A9AB2-EBAC-4CA5-AA27-56A697E5ACD9}C:\windows\system32\dpnsvr.exe] => (Allow) C:\windows\system32\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [TCP Query User{484864E4-D859-451E-BEBA-855F9EA39A13}C:\program files\strategic vista\dvm\dvm.exe] => (Block) C:\program files\strategic vista\dvm\dvm.exe (Core Video Inc.) [File not signed]
    FirewallRules: [UDP Query User{FAB5C72B-F03D-442A-B571-B0D22C01833E}C:\program files\strategic vista\dvm\dvm.exe] => (Block) C:\program files\strategic vista\dvm\dvm.exe (Core Video Inc.) [File not signed]
    FirewallRules: [TCP Query User{A625F631-11CA-4574-A364-E5F612B1078E}C:\program files\strategic vista\digital video security system\dvs system.exe] => (Allow) C:\program files\strategic vista\digital video security system\dvs system.exe (Core Video Inc.) [File not signed]
    FirewallRules: [UDP Query User{AF21664F-6E39-4A91-BDFD-E3AC57C1ED75}C:\program files\strategic vista\digital video security system\dvs system.exe] => (Allow) C:\program files\strategic vista\digital video security system\dvs system.exe (Core Video Inc.) [File not signed]
    FirewallRules: [{1F9F1668-D4DF-4FF9-BC67-9032B14D0FAF}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe No File
    FirewallRules: [{BCE5A181-4067-4CC6-B21E-CD1D695EE588}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe No File
    FirewallRules: [{6B97F81F-CBF1-4A1A-9960-C14EB69FA962}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{013933F0-85DF-4C70-8570-A85B53B306E0}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{9C5F864A-E13D-43D9-87F2-9827A979CB4F}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{AAC90974-E00D-4CD2-8FF0-07B50BC022AE}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [TCP Query User{D318E768-AEC3-4E1B-9610-B0BC45F20C86}C:\program files\swannview link\mydvr.exe] => (Allow) C:\program files\swannview link\mydvr.exe No File
    FirewallRules: [UDP Query User{9D193BA7-7618-48C9-BABB-3B1D73FF61A3}C:\program files\swannview link\mydvr.exe] => (Allow) C:\program files\swannview link\mydvr.exe No File
    FirewallRules: [TCP Query User{92730B47-E351-4877-9865-5935FDF271CA}C:\program files\swann\homesafe view\homesafe view.exe] => (Allow) C:\program files\swann\homesafe view\homesafe view.exe () [File not signed]
    FirewallRules: [UDP Query User{3A2436FE-1ADE-4A49-B9D8-0B91751B8118}C:\program files\swann\homesafe view\homesafe view.exe] => (Allow) C:\program files\swann\homesafe view\homesafe view.exe () [File not signed]
    FirewallRules: [{9C328B1E-11F2-4492-8443-3C63B8192B6A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

    ==================== Restore Points =========================

    06-05-2019 18:30:46 Scheduled Checkpoint
    14-05-2019 00:00:02 Scheduled Checkpoint
    22-05-2019 00:42:42 Scheduled Checkpoint
    30-05-2019 19:56:16 Scheduled Checkpoint
    07-06-2019 00:00:05 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: PCI Serial Port
    Description: PCI Serial Port
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/10/2019 03:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: adwcleaner_7.0.1.0.exe, version: 7.0.1.0, time stamp: 0x597f6aa5
    Faulting module name: adwcleaner_7.0.1.0.exe, version: 7.0.1.0, time stamp: 0x597f6aa5
    Exception code: 0xc0000005
    Fault offset: 0x0004c90a
    Faulting process id: 0x1ad0
    Faulting application start time: 0x01d51fde9fb597ef
    Faulting application path: C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
    Faulting module path: C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
    Report Id: e5808240-8bd1-11e9-86c9-00219b40049e

    Error: (06/10/2019 03:47:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: adwcleaner_7.0.1.0.exe, version: 7.0.1.0, time stamp: 0x597f6aa5
    Faulting module name: adwcleaner_7.0.1.0.exe, version: 7.0.1.0, time stamp: 0x597f6aa5
    Exception code: 0xc0000005
    Fault offset: 0x0004c90a
    Faulting process id: 0x1aa4
    Faulting application start time: 0x01d51fde553b8dd2
    Faulting application path: C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
    Faulting module path: C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
    Report Id: b2e0bf33-8bd1-11e9-86c9-00219b40049e

    Error: (06/10/2019 03:34:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: adwcleaner_7.0.1.0.exe, version: 7.0.1.0, time stamp: 0x597f6aa5
    Faulting module name: adwcleaner_7.0.1.0.exe, version: 7.0.1.0, time stamp: 0x597f6aa5
    Exception code: 0xc0000005
    Fault offset: 0x0004c90a
    Faulting process id: 0xf84
    Faulting application start time: 0x01d51fdc915c53a3
    Faulting application path: C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
    Faulting module path: C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
    Report Id: d998f9bb-8bcf-11e9-86c9-00219b40049e

    Error: (06/10/2019 03:32:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: adwcleaner_7.0.1.0.exe, version: 7.0.1.0, time stamp: 0x597f6aa5
    Faulting module name: adwcleaner_7.0.1.0.exe, version: 7.0.1.0, time stamp: 0x597f6aa5
    Exception code: 0xc0000005
    Fault offset: 0x0004c90a
    Faulting process id: 0x1228
    Faulting application start time: 0x01d51fdc5c5029e7
    Faulting application path: C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
    Faulting module path: C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
    Report Id: af34d839-8bcf-11e9-86c9-00219b40049e

    Error: (06/09/2019 01:08:20 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2.
    Invalid Xml syntax.

    Error: (06/07/2019 04:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
    Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
    Exception code: 0xc0000005
    Fault offset: 0x0052854b
    Faulting process id: 0xcc0
    Faulting application start time: 0x01d51d88cf6a349d
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\system32\MSHTML.dll
    Report Id: 8e746542-897c-11e9-bf64-00219b40049e

    Error: (06/07/2019 04:32:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
    Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
    Exception code: 0xc0000005
    Fault offset: 0x0052854b
    Faulting process id: 0x918
    Faulting application start time: 0x01d51d88c5116ef4
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\system32\MSHTML.dll
    Report Id: 8495da73-897c-11e9-bf64-00219b40049e

    Error: (06/07/2019 04:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
    Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
    Exception code: 0xc0000005
    Fault offset: 0x0052854b
    Faulting process id: 0x176c
    Faulting application start time: 0x01d51b6cb729c3ba
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\system32\MSHTML.dll
    Report Id: 0a343dd6-897c-11e9-bf64-00219b40049e


    System errors:
    =============
    Error: (06/10/2019 01:55:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (06/10/2019 01:55:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (06/10/2019 01:55:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (06/10/2019 01:16:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (06/10/2019 01:16:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (06/09/2019 12:45:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Conexant Polaris IR Transceiver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (06/09/2019 12:45:33 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:42:51 PM on ‎6/‎9/‎2019 was unexpected.

    Error: (06/08/2019 12:59:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.


    Windows Defender:
    ===================================
    Date: 2011-04-12 08:50:45.433
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version:
    Update Source:User
    Signature Type:
    Update Type:
    Current Engine Version:
    Previous Engine Version:1.1.6702.0
    Error code:0x8050a003
    Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

    ==================== Memory info ===========================

    BIOS: Dell Inc. A22 06/11/2012
    Motherboard: Dell Inc. 0GM819
    Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
    Percentage of memory in use: 79%
    Total physical RAM: 3325.61 MB
    Available physical RAM: 691.91 MB
    Total Virtual: 6649.51 MB
    Available Virtual: 3534.27 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.73 GB) (Free:89.57 GB) NTFS

    \\?\Volume{8c20c15a-6518-11e0-a4a5-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 41AB2316)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  7. tvc15

    tvc15 Established Techie7 Member

    Fix result of Farbar Recovery Scan Tool (x86) Version: 10-06-2019 01
    Ran by Administrator (11-06-2019 14:25:34) Run:1
    Running from C:\Users\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: User1 & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-1391915818-2398657177-1676357084-500\...\CurrentVersion\Windows: [Load] C:\SKW\remind.exe <==== ATTENTION
    C:\SKW\remind.exe
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    FirewallRules: [{205AC393-64C2-4581-80A8-8A1FFE8CBCC0}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe No File
    FirewallRules: [{8C3035D0-E5B2-4DE6-AA35-85B827D4FB01}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe No File
    FirewallRules: [{1F9F1668-D4DF-4FF9-BC67-9032B14D0FAF}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe No File
    FirewallRules: [{BCE5A181-4067-4CC6-B21E-CD1D695EE588}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe No File
    FirewallRules: [TCP Query User{D318E768-AEC3-4E1B-9610-B0BC45F20C86}C:\program files\swannview link\mydvr.exe] => (Allow) C:\program files\swannview link\mydvr.exe No File
    FirewallRules: [UDP Query User{9D193BA7-7618-48C9-BABB-3B1D73FF61A3}C:\program files\swannview link\mydvr.exe] => (Allow) C:\program files\swannview link\mydvr.exe No File

    *****************

    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
    "HKU\S-1-5-21-1391915818-2398657177-1676357084-500\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load" => removed successfully.
    C:\SKW\remind.exe => moved successfully
    HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
    HKLM\System\CurrentControlSet\Services\ACDaemon => removed successfully.
    ACDaemon => service removed successfully.
    HKLM\System\CurrentControlSet\Services\rpcapd => removed successfully.
    rpcapd => service removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{205AC393-64C2-4581-80A8-8A1FFE8CBCC0}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C3035D0-E5B2-4DE6-AA35-85B827D4FB01}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F9F1668-D4DF-4FF9-BC67-9032B14D0FAF}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCE5A181-4067-4CC6-B21E-CD1D695EE588}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D318E768-AEC3-4E1B-9610-B0BC45F20C86}C:\program files\swannview link\mydvr.exe" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9D193BA7-7618-48C9-BABB-3B1D73FF61A3}C:\program files\swannview link\mydvr.exe" => removed successfully.


    The system needed a reboot.

    ==== End of Fixlog 14:25:40 ====
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  9. tvc15

    tvc15 Established Techie7 Member

    Results of screen317's Security Check version 1.014 --- 12/23/15
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Antivirus
    Malwarebytes
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 24
    Java version 32-bit out of Date!
    Google Chrome (74.0.3729.169)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    AVG Antivirus AVGSvc.exe
    AVG Antivirus aswidsagent.exe
    AVG Antivirus AVGUI.exe
    Malwarebytes Anti-Malware mbamtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````



    Farbar Service Scanner Version: 27-01-2016
    Ran by Administrator (administrator) on 12-06-2019 at 00:12:24
    Running from "C:\Users\Administrator\Desktop"
    Microsoft Windows 7 Enterprise Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcore.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****


    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: Administrator
    ->Temp folder emptied: 378123464 bytes
    ->Temporary Internet Files folder emptied: 3125817177 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 377522177 bytes
    ->Flash cache emptied: 27575 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JoeBruin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: User1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2615452 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 3,704.00 mb


    Sophos to follow
     
  10. tvc15

    tvc15 Established Techie7 Member

    Sophos has a registration page that requires name and contact email and says:

    By submitting this form, you consent to be contacted about Sophos products and services from members of the Sophos group of companies and selected companies who partner with us to provide our products and services. Sophos is committed to safeguarding your privacy. If you want more information on how we collect and use your personal data, please read our privacy policy and cookie information page.

    Below is result of currently installed Sophos Free VRT version 2.5.6


    /No threats found/
     
  11. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Update your Java version here: https://www.java.com/en/download/manual.jsp
    Alternate download: https://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    ====================================

    Your computer is clean [img=[URL]https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg][/URL]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

    7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    9. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    10. Please, let me know, how your computer is doing.
     
  12. tvc15

    tvc15 Established Techie7 Member

    Thanks for your help.

    I have a question about the Java update.

    Where is it supposed to go, Program Files?

    For the recent downloads for computer virus and malware checks I changed my download process to send all files to the desktop by default. I did not pay attention to where the computer previously sent downloads.

    My current version of Java has the path: Computer/C/Program Files. Should I use that?

    And, should I delete the older version of Java before installing the new one? Or, will the new version overwrite the older Java?

    Thanks
     
  13. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Java will know where to install. No need to worry about it.
    Current Java should uninstall older version. If for any reason it won't happen uninstall it yourself.
     
  14. tvc15

    tvc15 Established Techie7 Member

    I just ran adwCleaner and it came up with something:

    # -------------------------------
    # Malwarebytes AdwCleaner 7.3.0.0
    # -------------------------------
    # Build: 04-04-2019
    # Database: 2019-05-27.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 06-12-2019
    # Duration: 00:00:29
    # OS: Windows 7 Enterprise
    # Scanned: 27501
    # Detected: 10
    ***** [ Services ] *****
    No malicious services found.
    ***** [ Folders ] *****
    No malicious folders found.
    ***** [ Files ] *****
    No malicious files found.
    ***** [ DLL ] *****
    No malicious DLLs found.
    ***** [ WMI ] *****
    No malicious WMI found.
    ***** [ Shortcuts ] *****
    No malicious shortcuts found.
    ***** [ Tasks ] *****
    No malicious tasks found.
    ***** [ Registry ] *****
    PUP.Optional.Banggood HKCU\Software\Microsoft\Internet Explorer\DOMStorage\banggood.com
    PUP.Optional.Banggood HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.banggood.com
    PUP.Optional.DriverPack HKCU\Software\Microsoft\Internet Explorer\DOMStorage\devid.drp.su
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\homes.trovit.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\peoplesearchnow.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\trovit.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.peoplesearchnow.com
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{92730B47-E351-4877-9865-5935FDF271CA}C:\program files\swann\homesafe view\homesafe view.exe
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{3A2436FE-1ADE-4A49-B9D8-0B91751B8118}C:\program files\swann\homesafe view\homesafe view.exe
    PUP.Optional.TheBrightTag HKCU\Software\Microsoft\Internet Explorer\DOMStorage\thebrighttag.com
    ***** [ Chromium (and derivatives) ] *****
    No malicious Chromium entries found.
    ***** [ Chromium URLs ] *****
    No malicious Chromium URLs found.
    ***** [ Firefox (and derivatives) ] *****
    No malicious Firefox entries found.
    ***** [ Firefox URLs ] *****
    No malicious Firefox URLs found.
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
     
  15. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    10. Please, let me know, how your computer is doing.
     
  16. tvc15

    tvc15 Established Techie7 Member

    Seems to be running OK, ran adwCleaner that revealed issues in the previous log, cleaned it, new log file :

    # -------------------------------
    # Malwarebytes AdwCleaner 7.3.0.0
    # -------------------------------
    # Build: 04-04-2019
    # Database: 2019-05-27.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 06-13-2019
    # Duration: 00:00:04
    # OS: Windows 7 Enterprise
    # Cleaned: 10
    # Failed: 0
    ***** [ Services ] *****
    No malicious services cleaned.
    ***** [ Folders ] *****
    No malicious folders cleaned.
    ***** [ Files ] *****
    No malicious files cleaned.
    ***** [ DLL ] *****
    No malicious DLLs cleaned.
    ***** [ WMI ] *****
    No malicious WMI cleaned.
    ***** [ Shortcuts ] *****
    No malicious shortcuts cleaned.
    ***** [ Tasks ] *****
    No malicious tasks cleaned.
    ***** [ Registry ] *****
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\banggood.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\devid.drp.su
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\homes.trovit.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\peoplesearchnow.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\thebrighttag.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\trovit.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.banggood.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.peoplesearchnow.com
    Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{92730B47-E351-4877-9865-5935FDF271CA}C:\program files\swann\homesafe view\homesafe view.exe
    Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{3A2436FE-1ADE-4A49-B9D8-0B91751B8118}C:\program files\swann\homesafe view\homesafe view.exe
    ***** [ Chromium (and derivatives) ] *****
    No malicious Chromium entries cleaned.
    ***** [ Chromium URLs ] *****
    No malicious Chromium URLs cleaned.
    ***** [ Firefox (and derivatives) ] *****
    No malicious Firefox entries cleaned.
    ***** [ Firefox URLs ] *****
    No malicious Firefox URLs cleaned.
    *************************
    [+] Delete Tracing Keys
    [+] Reset Winsock
    *************************
    AdwCleaner[S00].txt - [2502 octets] - [12/06/2019 14:31:17]
    AdwCleaner[S01].txt - [2563 octets] - [13/06/2019 00:13:17]
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
     
  17. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Way to go!! [​IMG]
    Good luck and stay safe :)