Jump to content
SuicideSolution

Finally I have Windows 10 ... but need HELP! :(

Recommended Posts

Hello Trusted friends ...

 

After running XP for all my computing life I have finally inherited a Windows 10 laptop ...(I know ...its still only a laptop but hey ... it was free!)

 

This is handy as I can now run all sorts on it and still game on my quality XP desktop rig but ... my father warned me the laptop had some serious probs ... heres what I have found so far ...

 

HJT Log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:28:07, on 03/08/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Allens\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Users\Allens\Desktop\Loz\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [BingSvc] C:\Users\Allens\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe -update plugin
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\WINDOWS\System32\SUPDSvc.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 11452 bytes

 

 

 

 

 

I also ran a good ol' SpyBot scan:

 

Search results from Spybot - Search & Destroy

03/08/2019 19:12:19
Scan took 00:00:00.
0 items found.


--- Spybot - Search & Destroy version: 2.7.64.131  DLL (build: 20180214) ---

2018-04-20 blindman.exe (2.7.64.152)
2018-04-20 explorer.exe (2.7.64.191)
2018-02-06 SDBootCD.exe (2.7.64.109)
2018-04-20 SDCleaner.exe (2.7.64.110)
2018-04-20 SDDelFile.exe (2.7.64.94)
2018-04-20 SDFiles.exe (2.7.64.137)
2018-04-20 SDFileScanHelper.exe (2.7.64.7)
2018-04-20 SDFSSvc.exe (2.7.64.219)
2018-04-20 SDHelp.exe (2.7.64.1)
2018-02-06 SDHookHelper.exe (2.7.64.2)
2018-02-06 SDHookInst32.exe (2.7.64.2)
2018-02-06 SDHookInst64.exe (2.7.64.2)
2018-04-20 SDImmunize.exe (2.7.64.133)
2018-08-15 SDLicense.exe (2.7.65.3)
2018-04-20 SDLogReport.exe (2.7.64.107)
2018-04-20 SDOnAccess.exe (2.7.64.12)
2018-04-20 SDPESetup.exe (2.7.64.3)
2018-04-20 SDPEStart.exe (2.7.64.86)
2018-04-20 SDPhoneScan.exe (2.7.64.29)
2018-04-20 SDPRE.exe (2.7.64.22)
2018-02-06 SDPrepPos.exe (2.7.64.15)
2018-04-20 SDQuarantine.exe (2.7.64.103)
2018-02-06 SDRootAlyzer.exe (2.7.64.116)
2018-02-06 SDSBIEdit.exe (2.7.64.39)
2018-04-20 SDScan.exe (2.7.64.191)
2018-02-06 SDScript.exe (2.7.64.54)
2018-04-20 SDSettings.exe (2.7.64.139)
2018-04-20 SDShell.exe (2.7.64.2)
2018-02-06 SDShred.exe (2.7.64.108)
2018-02-06 SDSysRepair.exe (2.7.64.102)
2018-02-06 SDTools.exe (2.7.64.157)
2018-04-20 SDTray.exe (2.7.64.129)
2018-04-20 SDUpdate.exe (2.7.64.98)
2018-04-20 SDUpdSvc.exe (2.7.64.82)
2018-08-08 SDUpgrade.exe (2.7.65.0)
2018-08-15 SDWelcome.exe (2.7.65.131)
2018-02-06 SDWSCSvc.exe (2.7.64.3)
2018-09-03 Spybot3.LicenseInstaller.exe
2017-02-15 spybotsd2-install-bdupd-2017a.exe (2.6.52.0)
2018-10-24 spybotsd2-install-license-installer.exe (2.7.65.0)
2019-02-22 spybotsd2-SDLicense-websitev5.exe (2.7.65.0)
2019-08-03 unins000.exe (51.1052.0.0)
2017-11-28 xcacls.exe
2017-11-28 borlndmm.dll (10.0.2288.42451)
2018-01-29 DelZip190.dll (1.9.0.119)
2018-01-29 DelZip192.dll (1.9.2.136)
2018-01-29 libeay32.dll (1.0.2.14)
2017-11-28 libssl32.dll (1.0.0.4)
2018-02-06 NotificationSpreader.dll (2.7.64.4)
2018-04-20 SDAdvancedCheckLibrary.dll (2.7.64.98)
2018-04-20 SDAV.dll (2.4.40.7)
2018-02-06 SDECon32.dll (2.7.64.114)
2018-03-23 SDECon64.dll (2.7.64.113)
2018-02-06 SDEvents.dll (2.7.64.2)
2018-04-20 SDFileScanLibrary.dll (2.7.64.24)
2018-02-06 SDHook32.dll (2.7.64.2)
2018-02-06 SDHook64.dll (2.7.64.2)
2018-04-20 SDImmunizeLibrary.dll (2.7.64.3)
2018-04-20 SDLicense.dll (2.7.64.3)
2018-04-20 SDLists.dll (2.7.64.8)
2018-02-06 SDResources.dll (2.7.64.7)
2018-04-20 SDScanLibrary.dll (2.7.64.131)
2018-04-20 SDTasks.dll (2.7.64.15)
2018-02-06 SDWinLogon.dll (2.7.64.0)
2018-01-29 sqlite3.dll (3.22.0.0)
2018-01-29 ssleay32.dll (1.0.2.14)
2018-02-06 Tools.dll (2.7.64.36)
2019-07-03 Includes\Adware-000.sbi
2018-09-24 Includes\Adware-001.sbi
2018-09-24 Includes\Adware-002.sbi
2018-09-24 Includes\Adware-003.sbi
2019-07-31 Includes\Adware-C.sbi
2014-01-13 Includes\Adware.sbi
2014-01-13 Includes\AdwareC.sbi
2017-11-28 Includes\Cookies.sbi
2014-11-14 Includes\Dialer-000.sbi
2014-11-14 Includes\Dialer-001.sbi
2018-06-20 Includes\Dialer-C.sbi
2014-01-13 Includes\Dialer.sbi
2014-01-13 Includes\DialerC.sbi
2014-01-09 Includes\Fraud-000.sbi
2017-01-30 Includes\Fraud-001.sbi
2014-03-31 Includes\Fraud-002.sbi
2016-07-06 Includes\Fraud-003.sbi
2012-11-14 Includes\HeavyDuty.sbi
2014-11-14 Includes\Hijackers-000.sbi
2014-11-14 Includes\Hijackers-001.sbi
2018-04-04 Includes\Hijackers-C.sbi
2014-01-13 Includes\Hijackers.sbi
2014-01-13 Includes\HijackersC.sbi
2014-01-08 Includes\iPhone-000.sbi
2014-01-08 Includes\iPhone.sbi
2016-05-27 Includes\Keyloggers-000.sbi
2019-07-31 Includes\Keyloggers-C.sbi
2014-01-13 Includes\Keyloggers.sbi
2014-01-13 Includes\KeyloggersC.sbi
2015-06-25 Includes\Malware-000.sbi
2014-11-14 Includes\Malware-001.sbi
2018-04-12 Includes\Malware-002.sbi
2016-11-07 Includes\Malware-003.sbi
2014-11-14 Includes\Malware-004.sbi
2014-11-14 Includes\Malware-005.sbi
2014-02-26 Includes\Malware-006.sbi
2014-01-09 Includes\Malware-007.sbi
2019-07-24 Includes\Malware-C.sbi
2014-01-13 Includes\Malware.sbi
2014-01-13 Includes\MalwareC.sbi
2018-05-02 Includes\PUPS-000.sbi
2018-05-02 Includes\PUPS-001.sbi
2018-05-02 Includes\PUPS-002.sbi
2018-05-02 Includes\PUPS-003.sbi
2018-05-02 Includes\PUPS-004.sbi
2019-07-31 Includes\PUPS-C.sbi
2014-01-13 Includes\PUPS.sbi
2014-01-13 Includes\PUPSC.sbi
2014-01-08 Includes\Security-000.sbi
2018-08-01 Includes\Security-C.sbi
2014-01-21 Includes\Security.sbi
2014-01-21 Includes\SecurityC.sbi
2015-11-11 Includes\Spyware-000.sbi
2015-05-06 Includes\Spyware-001.sbi
2019-07-17 Includes\Spyware-C.sbi
2014-01-21 Includes\Spyware.sbi
2014-01-21 Includes\SpywareC.sbi
2011-06-07 Includes\Tracks.sbi
2012-11-19 Includes\Tracks.uti
2017-06-28 Includes\Trojans-000.sbi
2014-01-15 Includes\Trojans-001.sbi
2017-10-25 Includes\Trojans-002.sbi
2016-01-20 Includes\Trojans-003.sbi
2018-11-28 Includes\Trojans-004.sbi
2014-03-19 Includes\Trojans-005.sbi
2015-03-31 Includes\Trojans-006.sbi
2017-12-01 Includes\Trojans-007.sbi
2014-07-09 Includes\Trojans-008.sbi
2018-11-28 Includes\Trojans-009.sbi
2018-06-21 Includes\Trojans-010.sbi
2019-07-31 Includes\Trojans-C.sbi
2014-01-15 Includes\Trojans-OG-000.sbi
2014-01-15 Includes\Trojans-TD-000.sbi
2014-01-15 Includes\Trojans-VM-000.sbi
2014-01-15 Includes\Trojans-VM-001.sbi
2014-01-15 Includes\Trojans-VM-002.sbi
2014-01-15 Includes\Trojans-VM-003.sbi
2014-01-15 Includes\Trojans-VM-004.sbi
2014-01-15 Includes\Trojans-VM-005.sbi
2014-01-15 Includes\Trojans-VM-006.sbi
2014-01-15 Includes\Trojans-VM-007.sbi
2014-01-15 Includes\Trojans-VM-008.sbi
2014-01-15 Includes\Trojans-VM-009.sbi
2014-01-15 Includes\Trojans-VM-010.sbi
2014-01-15 Includes\Trojans-VM-011.sbi
2014-01-15 Includes\Trojans-VM-012.sbi
2014-01-15 Includes\Trojans-VM-013.sbi
2014-01-15 Includes\Trojans-VM-014.sbi
2014-01-15 Includes\Trojans-VM-015.sbi
2014-01-15 Includes\Trojans-VM-016.sbi
2014-01-15 Includes\Trojans-VM-017.sbi
2014-01-15 Includes\Trojans-VM-018.sbi
2014-01-15 Includes\Trojans-VM-019.sbi
2014-01-15 Includes\Trojans-VM-020.sbi
2014-01-15 Includes\Trojans-VM-021.sbi
2014-01-15 Includes\Trojans-VM-022.sbi
2014-01-15 Includes\Trojans-VM-023.sbi
2014-01-15 Includes\Trojans-VM-024.sbi
2014-01-15 Includes\Trojans-ZB-000.sbi
2016-02-03 Includes\Trojans-ZL-000.sbi
2014-01-09 Includes\Trojans.sbi
2014-01-16 Includes\TrojansC-01.sbi
2014-01-16 Includes\TrojansC-02.sbi
2014-01-16 Includes\TrojansC-03.sbi
2014-01-16 Includes\TrojansC-04.sbi
2014-01-16 Includes\TrojansC-05.sbi
2014-01-09 Includes\TrojansC.sbi

 

Spybot has ... allegedly cleared all that was found but I am not sure

 

Since running the scan on SpyBot and fixing all selected, the desktop background image has disappeared on the laptop and I am now running a simple black background ... I havent seen that for some years 

 

As always, pleading for help and am eternally grateful to all of you :)

 

Regards

 

Loz

Share this post


Link to post
Share on other sites

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BingSvc] C:\Users\Allens\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

 

Reboot the computer to set the registry.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32)or Farbar Recovery Scan Tool (x64)andsave the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Share this post


Link to post
Share on other sites

Hello again Juliet and again thank you for the assistance in resolving this

 

FRST.txt details:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 4-08-2019
Ran by Allens (administrator) on JANUS (SAMSUNG ELECTRONICS CO., LTD. RV410/RV510/S3510/E3510) (04-08-2019 17:59:08)
Running from C:\Users\Allens\Desktop
Loaded Profiles: Allens (Available Profiles: Allens & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Eyeo GmbH -> Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.881_none_eada7c8e1d8131a8\TiWorker.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics CO., LTD. -> SAMSUNG Electronics) [File not signed] C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [316848 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-08-03] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2014-07-17] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{c35ca2f1-3a8a-49e3-9f5d-cae4448a6b8c}] -> C:\WINDOWS\SYSTEM32\unlock64.dll [2019-07-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] ->
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A64F01F-F98D-44CD-B825-20A0A77C65A4} - System32\Tasks\EasySpeedUpManager => Command(1): "%programfiles(x86)%\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe" -> /s
Task: {0A64F01F-F98D-44CD-B825-20A0A77C65A4} - System32\Tasks\EasySpeedUpManager => Command(2): C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360  [719360 2010-02-10]] (Samsung Electronics Co., Ltd.) [File not signed]
Task: {10A5C249-28A7-4612-8E38-9E3FB5B53C9C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1371A3CB-C82B-4AF7-901D-2D9B47AE2DD8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {140C840B-5621-4993-B039-B49B7E1B04F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {14565BB2-4D48-4D94-8AB6-B3C5F2182BC9} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3987888 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {1E977CC7-98F1-4ADB-B027-E22466E68ABE} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe
Task: {27AC3DF3-B330-4054-B0FE-A8AF180FD727} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2E7A6375-3434-4402-A397-1C2A0301A53C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {33CB0FE4-08DA-4CFD-BC4E-756435AEBF3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3562ED90-4D10-4061-93D4-DFCFFB88264D} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2314008 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {366D72DD-A426-4E2C-AB87-AF5C1D4361D2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {39BB7A78-6098-40BB-BCCC-45FD913D1882} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A92\EPM.exe
Task: {39CB2F8D-7BE5-4267-9A81-F212BEA72B89} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [1752680 2010-07-30] (Samsung Electronics CO., LTD. -> SAMSUNG Electronics) [File not signed]
Task: {42CD5DB3-813F-4A06-B627-D569C66611B3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {42D7247A-52F6-47FF-A529-F8AAD98D50EE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {437FED8E-CAA8-44F3-ADAE-070D1F078316} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {467AB06B-8B3A-4281-A41C-811F99402204} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {51BDDEB9-176E-4BD2-AB83-946722546A4F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {52392F6A-ED77-4132-83DB-4D664792B6E7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {547AF9CA-7BCB-493B-A4F4-B27EAA948E78} - System32\Tasks\{BE55B3D4-8675-4D9A-B8D3-A76E681BE672} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?LastError=1601
Task: {555829E4-754A-4413-AC3E-ADE060569F72} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Windows\TEMP\IHU702F.tmp.exe <==== ATTENTION
Task: {5635187F-24D4-4B05-A7F4-122D0ED75113} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {5799702C-09AC-4550-B44F-E9C012303284} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-04] (Adobe Inc. -> Adobe)
Task: {5ADE2454-1416-4628-94AB-F878EA120291} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D9BAA4C-2850-4716-8874-ADD963617A83} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [136618864 2019-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EDE9C97-26E2-43A7-AE28-492C575E00B2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {61DEFD2E-3862-4EB1-98EC-0A2B0143F044} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6879E4BF-AB28-4AF1-859A-629302F83473} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {6C038E6D-2718-470B-9363-32CDB647A923} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6D309302-F5CB-4FD8-9A71-7B145317B25C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6F8D65AF-3331-45D0-91AB-DBABBF632734} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {71B40479-F7BC-48A1-AFBB-5DD6D2DE2F4A} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {72186717-B323-4073-A342-DF3266AF3A15} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {738E94BD-0144-4F54-B6BF-5C18AFA2A66F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {7890B45C-E089-4D33-A9CA-57C821021D0C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7FE4A016-DA9C-4BBB-B065-9AE76AE710FC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {840E70C2-2A48-495A-87ED-334A1655A803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {8D1E0BCA-5697-49A6-9202-BA01E0BDC331} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-08-04] (Adobe Inc. -> Adobe)
Task: {8FB127B6-7275-4218-8D4A-4508FA44C48A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {981B5BF0-3FE7-4C02-ADE3-1609CC0C57C8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9C41C3A9-9982-4F4A-80CA-9EC7C90851C7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A9562599-DD25-4AA1-B63E-E1F47A97BE21} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A96AF2E3-AE49-47F8-BAF3-6209B2406A92} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AA812FB4-6A02-4F02-AECD-EA41D375232A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ADE13313-A60A-4B5F-A345-B91573BD7C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE54AEFE-49DA-415F-8BA7-90538DD230F7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2047368 2019-08-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BAC05A22-B1A1-4BB1-8550-046225CFFB9B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {BE8DFC00-C33B-49F5-9726-16FF253ABC97} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {CC154A1E-331B-4B3E-B020-F77B67567BAC} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CF39884D-08A2-40AC-AC9B-C772846AC71C} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle America, Inc. -> Oracle Corporation)
Task: {CFA80596-9FDB-4F1A-AB58-5289E267092E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {CFE6987B-A424-4F30-9669-FA8695FF5F43} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2783312 2011-12-20] (Samsung Electronics CO., LTD. -> Samsung Electronics)
Task: {D63F0560-1F2F-49D2-A570-299864EF7C12} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D916F866-1C8D-4566-9133-5B83BC1AD4D1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {E1586E22-C3E2-4EB3-BF7C-24EB4869DD3D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E6000662-EB05-43E7-A949-A7190C9778E6} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [862064 2010-08-09] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {E7DDE8F1-7F37-4ACB-85B3-B200FDEC6B82} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2E5BD08-2E57-4031-A21F-593591B6CBBB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F3CA1DD2-0137-4298-AAF2-CEF68B6A280F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F5F4CEEF-FE06-439F-9981-AFE47515AC71} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [6644736 2010-08-12] (Samsung Electronics. Co. Ltd.) [File not signed]
Task: {F8AC07CB-1880-443C-8922-9F8D5A9DCC97} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F97AB2E9-80DA-49D3-9AD8-63CC116B3522} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [362352 2010-07-20] (Samsung Electronics CO., LTD. -> SAMSUNG Electronics co., LTD.)
Task: {FB6F8AA7-2667-4B52-A1E8-26BC375010AE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FDE934F5-8FB9-4BC0-BD0A-94C0D0EAC6A3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c321dc98-fca0-4b7a-a132-4bd99f967b6b}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com
HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] () [File not signed]
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-12] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://uk.hao123.com/?tn=sdkw_inner_hp_01_hao123_uk&guid=c37951540e15f9b004a4ff517b9bcf9c"
CHR NewTab: Default ->  Not-active:"chrome-extension://icbhbegbnafpiiaomogcddhhjpijpikp/newtabpage.html", Not-active:"chrome-extension://agijeemohccmknhbgdjokbeekmijlbee/newtab/quicktab.html", Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/newtabproduct.html", Not-active:"chrome-extension://nfkdkikledkdblnfjgmoclfacngdgbgf/newtabproduct.html", Not-active:"chrome-extension://dnflpnhpbffehddplcdlohealbgbbamk/product.html"
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&enableSearch=true&rdrct=no&redirect=CPC
CHR DefaultSearchKeyword: Default -> askweb
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}&enableSearch=true&rdrct=no
CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default [2019-08-03]
CHR Extension: (Slides) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (IBM Security Rapport) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-08-03]
CHR Extension: (YouTube) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-03]
CHR Extension: (Google Search) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (PDFConverterHQ) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk [2019-07-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-13]
CHR Extension: (Ask Web Search) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\eocnnoackodjagdbaoddhjbkpjabimed [2019-08-03]
CHR Extension: (Sheets) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Maps & Directions by MapsGalaxy) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\icbhbegbnafpiiaomogcddhhjpijpikp [2019-07-04]
CHR Extension: (MapsGalaxy) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkdkikledkdblnfjgmoclfacngdgbgf [2019-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-14]
CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-07-05]
CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-05]
CHR HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [njpedbdniajflhgfoipnjkednnlkngbj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [415032 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6845400 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110048 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
S4 LMIRescueUA_2944869; C:\Program Files (x86)\LogMeIn Rescue Unattended\LMIR0DB6B001.tmp\unattended_srv.exe [5557776 2019-07-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5274560 2019-04-15] (IBM -> IBM Corp.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-03] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37368 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [209304 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [263784 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [206624 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61736 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15280 2019-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [168944 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112568 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88208 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1030832 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [477336 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [225864 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [387952 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [503000 2019-04-15] (IBM -> IBM Corp.)
R1 RapportCerberus_1930415; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930415.sys [1659544 2019-06-13] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [727000 2019-04-15] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [463408 2019-04-15] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [610648 2019-04-15] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [766616 2019-04-15] (IBM -> IBM Corp.)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-12-23] (Realtek Semiconductor Corp -> Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\Windows\system32\Drivers\SABI.sys [13824 2009-05-28] (Microsoft Windows Hardware Compatibility Publisher -> SAMSUNG ELECTRONICS)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2016-12-25] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-08-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-08-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-03] (Microsoft Windows -> Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2018-04-12] (Microsoft Windows -> Marvell)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-04 17:59 - 2019-08-04 18:05 - 000039678 _____ C:\Users\Allens\Desktop\FRST.txt
2019-08-04 17:58 - 2019-08-04 17:59 - 000000000 ____D C:\FRST
2019-08-04 17:56 - 2019-08-04 17:56 - 002096640 _____ (Farbar) C:\Users\Allens\Desktop\FRST64.exe
2019-08-04 17:51 - 2019-08-04 17:51 - 000000000 ___HD C:\OneDriveTemp
2019-08-04 17:26 - 2019-08-04 17:26 - 000000000 ____D C:\Users\Allens\AppData\Roaming\AVG
2019-08-04 17:25 - 2019-08-04 17:25 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2019-08-04 17:25 - 2019-08-04 17:25 - 000002063 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2019-08-04 17:22 - 2019-08-04 17:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
2019-08-04 17:21 - 2019-08-04 17:21 - 000003992 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2019-08-04 17:20 - 2019-08-04 17:21 - 001030832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2019-08-04 17:20 - 2019-08-04 17:21 - 000387952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2019-08-04 17:20 - 2019-08-04 17:21 - 000168944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000477336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000363440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2019-08-04 17:20 - 2019-08-04 17:20 - 000263784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000225864 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000209304 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000206624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000112568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000088208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000061736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000015280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2019-08-04 17:20 - 2019-08-04 17:20 - 000000000 ____D C:\Program Files\Common Files\AVG
2019-08-04 17:19 - 2019-08-04 17:19 - 000000000 ____D C:\Program Files\AVG
2019-08-03 19:12 - 2019-08-03 19:28 - 000000000 ____D C:\Users\Allens\Desktop\Loz
2019-08-03 17:24 - 2019-07-04 10:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-08-03 17:24 - 2019-07-04 10:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-03 17:24 - 2019-07-04 10:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-03 17:24 - 2019-07-04 10:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-08-03 17:24 - 2019-07-04 10:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-03 17:24 - 2019-07-04 09:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-03 17:24 - 2019-07-04 05:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-03 17:24 - 2019-07-04 05:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-08-03 17:24 - 2019-07-04 05:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-03 17:24 - 2019-07-04 05:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-08-03 17:24 - 2019-07-04 05:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-08-03 17:24 - 2019-07-04 05:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-03 17:24 - 2019-07-04 05:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-03 17:24 - 2019-07-04 05:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-03 17:24 - 2019-07-04 05:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-08-03 17:24 - 2019-07-04 05:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-08-03 17:24 - 2019-07-04 05:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-03 17:24 - 2019-07-04 05:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-08-03 17:24 - 2019-07-04 05:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-03 17:24 - 2019-07-04 05:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-03 17:24 - 2019-07-04 05:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-03 17:24 - 2019-07-04 05:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-03 17:24 - 2019-07-04 05:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-03 17:24 - 2019-07-04 05:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-08-03 17:24 - 2019-07-04 05:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-08-03 17:24 - 2019-07-04 05:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-08-03 17:24 - 2019-07-04 05:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-08-03 17:24 - 2019-07-04 05:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-08-03 17:24 - 2019-07-04 05:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-03 17:24 - 2019-07-04 05:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-08-03 17:24 - 2019-07-04 05:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-03 17:24 - 2019-07-04 05:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-08-03 17:24 - 2019-07-04 05:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-03 17:24 - 2019-07-04 05:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-03 17:24 - 2019-07-04 05:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-03 17:24 - 2019-07-04 05:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-08-03 17:24 - 2019-07-04 05:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-08-03 17:24 - 2019-07-04 05:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-08-03 17:24 - 2019-07-04 05:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-03 17:24 - 2019-07-04 05:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-03 17:24 - 2019-07-04 05:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-08-03 17:24 - 2019-07-04 05:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-03 17:24 - 2019-07-04 05:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-08-03 17:24 - 2019-07-04 05:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-08-03 17:24 - 2019-07-04 05:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-08-03 17:24 - 2019-07-04 05:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-03 17:24 - 2019-07-04 05:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-08-03 17:24 - 2019-07-04 05:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-03 17:24 - 2019-07-04 05:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-08-03 17:24 - 2019-07-04 05:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-03 17:24 - 2019-07-04 05:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-03 17:24 - 2019-07-04 05:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-03 17:24 - 2019-07-04 05:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-08-03 17:24 - 2019-07-04 05:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-08-03 17:24 - 2019-07-04 05:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-08-03 17:24 - 2019-07-04 05:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-03 17:24 - 2019-07-04 04:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-03 17:24 - 2019-06-13 12:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-08-03 17:24 - 2019-06-13 12:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-08-03 17:24 - 2019-06-13 12:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-08-03 17:24 - 2019-06-13 12:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-08-03 17:24 - 2019-06-13 12:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-08-03 17:24 - 2019-06-13 12:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-08-03 17:24 - 2019-06-13 12:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-08-03 17:24 - 2019-06-13 12:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-08-03 17:24 - 2019-06-13 12:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-08-03 17:24 - 2019-06-13 12:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-08-03 17:24 - 2019-06-13 12:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-08-03 17:24 - 2019-06-13 12:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-08-03 17:24 - 2019-06-13 12:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-08-03 17:24 - 2019-06-13 12:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-08-03 17:24 - 2019-06-13 08:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-08-03 17:24 - 2019-06-13 08:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-08-03 17:24 - 2019-06-13 08:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-08-03 17:24 - 2019-06-13 07:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-08-03 17:24 - 2019-06-13 07:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-03 17:24 - 2019-06-13 07:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-08-03 17:24 - 2019-06-13 07:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-08-03 17:24 - 2019-06-13 07:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-03 17:24 - 2019-06-13 07:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-08-03 17:24 - 2019-06-13 07:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-08-03 17:24 - 2019-06-13 07:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-08-03 17:24 - 2019-06-13 07:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-03 17:24 - 2019-06-13 07:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-08-03 17:24 - 2019-06-13 07:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-08-03 17:24 - 2019-06-13 07:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-08-03 17:24 - 2019-06-13 07:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-03 17:24 - 2019-06-13 07:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-08-03 17:24 - 2019-06-13 07:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-08-03 17:24 - 2019-06-13 07:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-08-03 17:24 - 2019-06-13 07:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-08-03 17:24 - 2019-06-13 07:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-08-03 17:24 - 2019-06-13 07:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-08-03 17:24 - 2019-06-13 07:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-03 17:24 - 2019-06-13 07:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-08-03 17:24 - 2019-06-13 07:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-03 17:24 - 2019-06-13 07:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-03 17:24 - 2019-06-13 07:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-08-03 17:24 - 2019-06-13 07:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-08-03 17:24 - 2019-06-13 07:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-08-03 17:24 - 2019-06-13 07:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-03 17:24 - 2019-06-13 07:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-03 17:24 - 2019-06-13 07:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-08-03 17:24 - 2019-06-13 07:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-03 17:24 - 2019-06-13 07:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-03 17:24 - 2019-06-13 07:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-08-03 17:24 - 2019-06-13 06:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-08-03 17:24 - 2019-06-13 06:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-03 17:24 - 2019-06-13 05:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-08-03 17:23 - 2019-07-04 10:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-03 17:23 - 2019-07-04 10:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-03 17:23 - 2019-07-04 10:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-08-03 17:23 - 2019-07-04 10:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-08-03 17:23 - 2019-07-04 10:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-03 17:23 - 2019-07-04 10:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-03 17:23 - 2019-07-04 09:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-03 17:23 - 2019-07-04 09:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-03 17:23 - 2019-07-04 09:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-03 17:23 - 2019-07-04 09:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-03 17:23 - 2019-07-04 09:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-03 17:23 - 2019-07-04 06:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-03 17:23 - 2019-07-04 05:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-03 17:23 - 2019-07-04 05:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-08-03 17:23 - 2019-07-04 05:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-03 17:23 - 2019-07-04 05:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-03 17:23 - 2019-07-04 05:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-03 17:23 - 2019-07-04 05:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-08-03 17:23 - 2019-07-04 05:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-03 17:23 - 2019-07-04 05:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-03 17:23 - 2019-07-04 05:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-03 17:23 - 2019-07-04 05:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-03 17:23 - 2019-07-04 05:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-03 17:23 - 2019-07-04 05:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-03 17:23 - 2019-07-04 05:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-08-03 17:23 - 2019-07-04 05:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-08-03 17:23 - 2019-07-04 05:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-08-03 17:23 - 2019-07-04 05:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-03 17:23 - 2019-07-04 05:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-03 17:23 - 2019-07-04 05:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-08-03 17:23 - 2019-07-04 05:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-03 17:23 - 2019-07-04 05:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-03 17:23 - 2019-07-04 05:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-08-03 17:23 - 2019-07-04 05:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-03 17:23 - 2019-07-04 05:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-03 17:23 - 2019-07-04 05:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-03 17:23 - 2019-07-04 05:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-03 17:23 - 2019-07-04 05:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-08-03 17:23 - 2019-07-04 05:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-03 17:23 - 2019-07-04 05:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-03 17:23 - 2019-07-04 05:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-03 17:23 - 2019-07-04 05:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-03 17:23 - 2019-07-04 05:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-03 17:23 - 2019-07-04 05:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-03 17:23 - 2019-07-04 05:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-08-03 17:23 - 2019-07-04 05:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-03 17:23 - 2019-07-04 05:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-03 17:23 - 2019-07-04 05:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-03 17:23 - 2019-07-04 05:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-08-03 17:23 - 2019-07-04 05:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-08-03 17:23 - 2019-07-04 05:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-03 17:23 - 2019-07-04 05:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-03 17:23 - 2019-07-04 05:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-08-03 17:23 - 2019-07-04 05:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-03 17:23 - 2019-07-04 05:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-08-03 17:23 - 2019-07-04 05:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-03 17:23 - 2019-06-21 09:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-08-03 17:23 - 2019-06-13 13:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-08-03 17:23 - 2019-06-13 13:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-08-03 17:23 - 2019-06-13 13:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-08-03 17:23 - 2019-06-13 13:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-08-03 17:23 - 2019-06-13 13:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-08-03 17:23 - 2019-06-13 12:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-08-03 17:23 - 2019-06-13 12:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-08-03 17:23 - 2019-06-13 12:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-08-03 17:23 - 2019-06-13 12:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-08-03 17:23 - 2019-06-13 12:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-08-03 17:23 - 2019-06-13 12:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-08-03 17:23 - 2019-06-13 12:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-08-03 17:23 - 2019-06-13 12:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-08-03 17:23 - 2019-06-13 12:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-08-03 17:23 - 2019-06-13 12:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-03 17:23 - 2019-06-13 12:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-08-03 17:23 - 2019-06-13 12:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-08-03 17:23 - 2019-06-13 12:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-08-03 17:23 - 2019-06-13 12:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-03 17:23 - 2019-06-13 12:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-08-03 17:23 - 2019-06-13 12:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-08-03 17:23 - 2019-06-13 12:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-08-03 17:23 - 2019-06-13 12:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-08-03 17:23 - 2019-06-13 12:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-08-03 17:23 - 2019-06-13 11:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-08-03 17:23 - 2019-06-13 11:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-08-03 17:23 - 2019-06-13 11:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-08-03 17:23 - 2019-06-13 11:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-08-03 17:23 - 2019-06-13 10:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-08-03 17:23 - 2019-06-13 10:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-03 17:23 - 2019-06-13 10:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-08-03 17:23 - 2019-06-13 10:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-08-03 17:23 - 2019-06-13 10:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-08-03 17:23 - 2019-06-13 10:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-08-03 17:23 - 2019-06-13 10:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-08-03 17:23 - 2019-06-13 10:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-08-03 17:23 - 2019-06-13 08:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-08-03 17:23 - 2019-06-13 08:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-08-03 17:23 - 2019-06-13 07:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-08-03 17:23 - 2019-06-13 07:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-08-03 17:23 - 2019-06-13 07:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-03 17:23 - 2019-06-13 07:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-08-03 17:23 - 2019-06-13 07:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-03 17:23 - 2019-06-13 07:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-03 17:23 - 2019-06-13 07:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-08-03 17:23 - 2019-06-13 07:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-08-03 17:23 - 2019-06-13 07:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-08-03 17:23 - 2019-06-13 07:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-03 17:23 - 2019-06-13 07:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-03 17:23 - 2019-06-13 07:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-03 17:23 - 2019-06-13 07:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-03 17:23 - 2019-06-13 07:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-03 17:23 - 2019-06-13 07:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-08-03 17:23 - 2019-06-13 07:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-08-03 17:23 - 2019-06-13 07:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-08-03 17:23 - 2019-06-13 07:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-08-03 17:23 - 2019-06-13 06:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-08-03 17:23 - 2019-06-13 06:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-03 17:23 - 2019-06-13 06:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-03 17:23 - 2019-06-13 05:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-08-03 17:23 - 2019-06-13 05:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-08-03 17:23 - 2019-06-13 05:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-08-03 17:23 - 2019-06-13 05:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-08-03 17:23 - 2019-06-13 05:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-03 17:23 - 2019-06-13 05:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-08-03 17:23 - 2019-06-13 05:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-08-03 17:23 - 2019-06-13 05:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-03 17:23 - 2019-06-13 05:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-03 17:23 - 2019-06-13 05:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-08-03 17:23 - 2019-06-13 05:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-08-03 17:23 - 2019-06-13 05:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-08-03 17:23 - 2019-06-13 05:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-08-03 17:23 - 2019-06-13 05:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-03 17:23 - 2019-06-13 05:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-08-03 17:23 - 2019-06-13 05:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-08-03 17:22 - 2019-07-04 10:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-08-03 17:22 - 2019-07-04 05:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-03 17:22 - 2019-07-04 05:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-03 17:22 - 2019-06-13 12:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-08-03 17:22 - 2019-06-13 12:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-08-03 17:22 - 2019-06-13 07:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-03 17:22 - 2019-06-13 06:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-08-03 17:22 - 2019-06-13 06:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-08-03 17:00 - 2019-08-03 17:00 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2019-08-03 17:00 - 2019-08-03 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2019-08-03 17:00 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2019-07-06 16:35 - 2019-07-06 16:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2019-07-06 16:14 - 2019-07-06 16:14 - 000000000 ____D C:\Users\Allens\Documents\OneNote Notebooks
2019-07-06 16:02 - 2019-07-06 16:02 - 000000000 ____D C:\Users\Allens\AppData\Roaming\Greenshot
2019-07-06 16:02 - 2019-07-06 16:02 - 000000000 ____D C:\Users\Allens\AppData\Local\Greenshot
2019-07-05 17:58 - 2019-08-04 17:17 - 000000000 ____D C:\Users\Allens\AppData\LocalLow\Adblock Plus for IE
2019-07-05 17:58 - 2019-07-05 17:58 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2019-07-05 17:49 - 2019-07-05 17:49 - 000000000 ____D C:\Users\Allens\AppData\Local\TeamViewer
2019-07-05 15:38 - 2019-07-05 15:38 - 000000000 ____D C:\Users\Allens\AppData\Roaming\TeamViewer
2019-07-05 15:36 - 2019-07-05 15:36 - 000000000 ____D C:\Users\Allens\AppData\Local\LogMeIn Rescue Unattended
2019-07-05 15:36 - 2019-07-05 15:36 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Unattended
2019-07-05 15:36 - 2019-07-05 15:30 - 000145960 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\unlock64.dll
2019-07-05 15:34 - 2019-07-07 10:02 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-05 15:13 - 2019-07-05 15:13 - 000000000 ____D C:\Users\Allens\AppData\Roaming\ADNPR
2019-07-05 15:12 - 2019-07-05 17:27 - 000000000 ____D C:\Users\Allens\AppData\Local\Systweak
2019-07-05 15:12 - 2019-07-05 15:12 - 000000000 ____D C:\Users\Allens\AppData\Roaming\Advanced Identity Protector
2019-07-05 15:12 - 2019-07-05 15:12 - 000000000 ____D C:\ProgramData\Systweak Software
2019-07-05 14:57 - 2019-07-05 14:57 - 000000000 ____D C:\Users\Allens\AppData\Local\GoToAssist Remote Support Customer

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-04 18:00 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-04 17:51 - 2015-12-14 15:56 - 000000000 ___RD C:\Users\Allens\OneDrive
2019-08-04 17:44 - 2018-06-10 19:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-04 17:43 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-04 17:20 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-04 16:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-04 16:50 - 2017-12-26 14:20 - 000000000 ____D C:\Users\Allens\AppData\Local\Packages
2019-08-04 16:48 - 2018-06-10 18:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-04 16:28 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-04 16:17 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-04 16:06 - 2017-12-18 12:59 - 000000000 ____D C:\Program Files\CCleaner
2019-08-04 16:01 - 2018-06-10 19:10 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D14688B3-B5DD-44C0-B6FB-644EEADAECF6}
2019-08-04 15:57 - 2018-06-10 18:34 - 000007080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-04 15:52 - 2018-06-10 19:10 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-04 15:52 - 2018-06-10 19:10 - 000004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-08-04 15:51 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-04 15:51 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-04 15:51 - 2017-12-26 18:53 - 000000000 ___RD C:\Users\Allens\3D Objects
2019-08-04 15:51 - 2015-12-14 15:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-04 15:48 - 2018-06-10 18:22 - 000413320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-04 15:48 - 2017-04-14 11:54 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-03 19:34 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-08-03 19:33 - 2018-06-10 18:39 - 000000000 ____D C:\Users\Allens
2019-08-03 19:10 - 2017-04-14 11:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-08-03 19:10 - 2014-10-10 21:35 - 000012879 _____ C:\WINDOWS\wininit.ini
2019-08-03 18:26 - 2017-08-09 22:15 - 000000000 ____D C:\Program Files\rempl
2019-08-03 18:03 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-03 16:33 - 2018-02-15 19:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-08-03 16:30 - 2015-10-22 14:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-03 16:20 - 2013-01-28 13:26 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-09 20:19 - 2013-08-15 09:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-09 20:19 - 2012-05-28 10:53 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-09 20:18 - 2009-07-14 03:34 - 000000478 _____ C:\WINDOWS\win.ini
2019-07-09 18:02 - 2018-04-12 10:18 - 000000000 ____D C:\WINDOWS\OCR
2019-07-07 10:02 - 2018-09-14 08:23 - 000000000 ____D C:\Users\Allens\AppData\Local\AVAST Software
2019-07-07 10:02 - 2018-09-14 08:16 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-06 16:18 - 2018-10-03 22:26 - 000000000 ____D C:\Users\Allens\AppData\Local\D3DSCache
2019-07-06 15:12 - 2018-06-10 19:10 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2052373595-2782729040-2076756327-1001
2019-07-06 15:12 - 2018-06-10 18:39 - 000002405 _____ C:\Users\Allens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-05 17:40 - 2018-09-30 09:18 - 000000000 ____D C:\Program Files\WebDiscoverBrowser
2019-07-05 17:39 - 2019-02-12 12:15 - 000014793 _____ C:\WINDOWS\SysWOW64\view.txt
2019-07-05 17:39 - 2018-08-28 10:55 - 000000000 ____D C:\Users\Allens\AppData\Roaming\pctonics.com
2019-07-05 17:39 - 2018-08-28 10:55 - 000000000 ____D C:\ProgramData\pctonics.com
2019-07-05 15:14 - 2017-09-18 12:21 - 000007018 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2019-07-05 15:14 - 2013-03-07 13:44 - 000000000 ____D C:\Users\Allens\Documents\Outlook Files

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

 

 

Addition.txt results:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 4-08-2019
Ran by Allens (04-08-2019 18:12:29)
Running from C:\Users\Allens\Desktop
Windows 10 Home Version 1803 17134.885 (X64) (2018-06-10 18:11:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2052373595-2782729040-2076756327-500 - Administrator - Disabled)
Allens (S-1-5-21-2052373595-2782729040-2076756327-1001 - Administrator - Enabled) => C:\Users\Allens
DefaultAccount (S-1-5-21-2052373595-2782729040-2076756327-503 - Limited - Disabled)
Guest (S-1-5-21-2052373595-2782729040-2076756327-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2052373595-2782729040-2076756327-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2052373595-2782729040-2076756327-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Messenger“ pagalbinė priemonė (HKLM-x32\...\{7E274911-32ED-4489-9B04-4EF100D0E4D3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (HKLM-x32\...\{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (HKLM-x32\...\{2720009D-9566-45A7-A370-0E6DAC313F3F}) (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (HKLM-x32\...\{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}) (Version: 15.4.5722.2 - Microsoft Corporation)
„Windows Live Messenger“ (HKLM-x32\...\{122800FE-3AAF-4974-9FBD-54B023FA756A}) (Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (HKLM-x32\...\{C877E454-FA36-409A-A00E-1240CEC61BBD}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.44892 - Ask.com) <==== ATTENTION
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.6.3098 - AVG Technologies)
BatteryLifeExtender (HKLM-x32\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
Brother Port Driver (HKLM-x32\...\{6768BCF7-474C-4428-9FC1-3C46969819D6}) (Version: 1.1.4.4 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{0648F446-BAE9-402F-9BEC-8B333959D8FB}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{48F75879-6C29-4149-AFC4-B9F1CBA8528D}) (Version: 1.0.6.2 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\{E4B48349-A165-4097-8D78-AC950BD8638E}) (Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Complément Messenger (HKLM-x32\...\{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (HKLM-x32\...\{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDetect (HKLM-x32\...\{CEF07BDC-47F1-4477-8F3C-0E7132AF88C5}) (Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
Doplnok programu Messenger (HKLM-x32\...\{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{556EAB35-CD1F-4E94-83CA-D5C9FA2CDA5B}) (Version: 4.4.1 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (HKLM-x32\...\{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{082E37F5-3924-4168-A69A-1B6B1FEA587C}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{3889988F-762B-4B85-AB17-71C9CC3AE445}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{6DD3B54B-F0D0-4A69-8344-F52033225A02}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{8142D25E-028A-4563-86ED-5755783C8029}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{847C879C-1467-4924-A491-1302B4C58F70}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{939C80FA-96C9-44A6-B318-8E7D8BD8481B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{96403552-88D1-429F-9C92-388B814B885E}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{B44F3823-52DD-45CA-A916-8B320778715D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{C7DAD22D-29D4-438F-B986-03B9ED582EA4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{D4F81B27-4054-4AD6-A588-265508BAA17C}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{D58E381C-DE02-46A9-B9D1-A2CB807D2676}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (HKLM-x32\...\{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (HKLM-x32\...\{902585EB-8FA3-43A5-AD1C-5C9821A77114}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (HKLM-x32\...\{3FD1CB9F-807F-451B-926C-9D19C84CFC61}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (HKLM-x32\...\{AB067785-9646-456B-91C3-E71228132A4C}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (HKLM-x32\...\{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (HKLM-x32\...\{7F061FA8-5A87-4758-876B-17EE28B358D0}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (HKLM-x32\...\{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (HKLM-x32\...\{BD8DA595-F501-4ABE-85A0-5C23E82472A0}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (HKLM-x32\...\{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.429 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM-x32\...\{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.18 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.1.17 - Samsung Electronics Co., Ltd.)
SamsungMovie (HKLM-x32\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Spremljevalec Messenger (HKLM-x32\...\{F14F9EE9-9B68-42B4-90F7-0924F7619281}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.429 - Trusteer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX kontrola za daljinske veze (HKLM-x32\...\{8985AE5E-622A-4980-8BF8-0A1830643220}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (HKLM-x32\...\{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (HKLM-x32\...\{3705D53F-BB01-4BEE-8585-289E71CAC4B4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (HKLM-x32\...\{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (HKLM-x32\...\{CE929F09-3853-4180-BD90-30764BFF7136}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (HKLM-x32\...\{AB5977C5-11AE-4003-BA7D-261C48F2BC35}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (HKLM-x32\...\{0A4C4B29-5A9D-4910-A13C-B920D5758744}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤 (HKLM-x32\...\{61920449-0393-4707-B7DD-E6C0013C8B2C}) (Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1806.3.0_x64__8wekyb3d8bbwe [2018-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1806.4.0_x64__8wekyb3d8bbwe [2018-06-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1806.5.0_x64__8wekyb3d8bbwe [2018-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.1.0_x64__8wekyb3d8bbwe [2018-07-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.7.0_x64__8wekyb3d8bbwe [2018-07-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.8.0_x64__8wekyb3d8bbwe [2018-08-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.9.0_x64__8wekyb3d8bbwe [2018-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-07-03] (Random Salad Games LLC) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-12-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Allens\Desktop\Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=coobgpohoikkiipiblmjeljniedjpjpf

==================== Loaded Modules (Whitelisted) ==============

2009-02-27 17:38 - 2009-02-27 17:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-11-12 06:05 - 2006-08-12 04:48 - 000049152 _____ () [File not signed] C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2008-08-18 19:27 - 2008-08-18 19:27 - 000122880 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2014-11-13 19:55 - 2014-11-13 19:55 - 000461824 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2011-02-28 12:32 - 2011-02-28 12:32 - 000208896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2014-11-11 18:44 - 2014-11-11 18:44 - 004517376 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2013-10-10 22:55 - 2013-10-10 22:55 - 002040320 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2014-10-23 15:21 - 2014-10-23 15:21 - 000289792 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2015-01-29 17:46 - 2015-01-29 17:46 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2014-09-09 10:38 - 2014-09-09 10:38 - 000083968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2014-09-09 10:38 - 2014-09-09 10:38 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2014-09-09 10:39 - 2014-09-09 10:39 - 000080896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLEng.dll
2015-01-29 18:01 - 2015-01-29 18:01 - 001542656 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
2015-01-29 18:03 - 2015-01-29 18:03 - 000583168 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
2010-07-30 09:20 - 2010-07-30 09:20 - 001752680 _____ (Samsung Electronics CO., LTD. -> SAMSUNG Electronics) [File not signed] C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
2010-11-12 06:05 - 2010-02-10 15:29 - 000719360 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
2015-02-04 12:53 - 2009-07-14 02:40 - 000038912 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\EP0NPP01.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescueUA_2944869 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\PROGRAM FILES\BROADCOM\BROADCOM 802.11 NETWORK ADAPTER\DRIVER;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;;C:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\100\TOOLS\BINN\;C:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\100\DTS\BINN\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WebDiscoverBrowser"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9886AE5E-0023-4FCE-B692-AE96A0083D64}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
FirewallRules: [{5F61423D-406F-4D85-A0E3-AC3B1FC81B06}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
FirewallRules: [{BB3D79D9-0127-47BC-91FF-E722C8341D8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A80EEE-E3AD-4B39-A216-7964122E8E13}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF58F4D8-BB16-47EB-9E37-72345BE0D2FC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D49BAE15-DD8F-4A8B-BAB1-41664C908B8D}] => (Allow) LPort=1900
FirewallRules: [{80D3BB5F-4412-4038-88F6-0EB943FCC4E9}] => (Allow) LPort=2869
FirewallRules: [{7277DCC7-03ED-429D-9677-873C9EC633AB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E5AE94E-6234-44B2-A670-57E32C8AD0B4}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
FirewallRules: [{15DBC0E2-FE59-4933-9419-E2E64CBC9EF6}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
FirewallRules: [{DBE44718-ED98-45A9-9396-7A1E14403517}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

03-07-2019 12:49:33 Windows Update
05-07-2019 16:42:41 Service05072019
09-07-2019 20:07:38 Windows Update
03-08-2019 15:58:19 Windows Update
04-08-2019 16:27:14 Removed Jasc Paint Shop Pro 9

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2019 05:45:03 PM) (Source: MSSQLServerADHelper100) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (08/04/2019 05:35:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 117c

Start Time: 01d54ae2610ee87a

Termination Time: 42

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: d0149a98-e371-41b0-bac0-8bc7fe7ddea2

Faulting package full name:

Faulting package-relative application ID:

Error: (08/04/2019 03:57:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/04/2019 03:57:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/04/2019 03:48:22 PM) (Source: MSSQLServerADHelper100) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (08/03/2019 07:14:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HijackThis (1).exe version 2.0.0.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2508

Start Time: 01d54a27282e0a5c

Termination Time: 86

Application Path: C:\Users\Allens\Downloads\HijackThis (1).exe

Report Id: cd78d338-e8d8-47e1-a2db-af4062d6f7ff

Faulting package full name:

Faulting package-relative application ID:

Error: (08/03/2019 04:51:05 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL SQLAgent$MSSMLBIZ. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/03/2019 04:51:03 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL MSSQL$MSSMLBIZ. The first four bytes (DWORD) of the Data section contains the Windows error code.


System errors:
=============
Error: (08/04/2019 05:52:02 PM) (Source: DCOM) (EventID: 10000) (User: JANUS)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy!CortanaPlaces.PlaceStore. The error:
"0"
Happened while starting this command:
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe" -ServerName:PlacesServer

Error: (08/04/2019 05:52:02 PM) (Source: DCOM) (EventID: 10000) (User: JANUS)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy!CortanaPlaces.PlaceStore. The error:
"0"
Happened while starting this command:
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe" -ServerName:PlacesServer

Error: (08/04/2019 05:51:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgbIDSAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/04/2019 05:51:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the avgbIDSAgent service to connect.

Error: (08/04/2019 05:51:13 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/04/2019 05:50:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.

Error: (08/04/2019 05:49:50 PM) (Source: DCOM) (EventID: 10001) (User: JANUS)
Description: Unable to start a DCOM Server: microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error:
"298"
Happened while starting this command:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (08/04/2019 05:46:43 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Windows Defender:
===================================
Date: 2019-08-04 16:03:49.048
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.299.1238.0, AS: 1.299.1238.0, NIS: 1.299.1238.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-04 16:00:29.081
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.299.1170.0, AS: 1.299.1170.0, NIS: 1.299.1170.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-03 16:57:41.234
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.299.1170.0, AS: 1.299.1170.0, NIS: 1.299.1170.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-03 16:49:56.093
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.299.1169.0, AS: 1.299.1169.0, NIS: 1.299.1169.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-03 16:32:51.479
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.299.1169.0, AS: 1.299.1169.0, NIS: 1.299.1169.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-04 17:17:54.277
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Action: Remove
Action Status:  No additional actions required
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature Version: AV: 1.299.1238.0, AS: 1.299.1238.0, NIS: 1.299.1238.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-04 16:03:46.681
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature Version: AV: 1.299.1238.0, AS: 1.299.1238.0, NIS: 1.299.1238.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-03 16:57:38.392
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature Version: AV: 1.299.1170.0, AS: 1.299.1170.0, NIS: 1.299.1170.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-03 16:32:44.486
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature Version: AV: 1.299.1169.0, AS: 1.299.1169.0, NIS: 1.299.1169.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-03 16:10:50.643
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0
Name: Trojan:Win32/AccessibilityEscalation.A
ID: 2147728981
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Utilman.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature Version: AV: 1.297.751.0, AS: 1.297.751.0, NIS: 1.297.751.0
Engine Version: AM: 1.1.16100.4, NIS: 1.1.16100.4

==================== Memory info ===========================

BIOS: Phoenix Technologies Ltd. 03UC.P026.20101027.LX 10/27/2010
Motherboard: SAMSUNG ELECTRONICS CO., LTD. RV410/RV510/S3510/E3510
Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 75%
Total physical RAM: 4028.61 MB
Available physical RAM: 1000.22 MB
Total Virtual: 11452.61 MB
Available Virtual: 8150.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.65 GB) (Free:362.54 GB) NTFS

\\?\Volume{eaea754d-eea6-11df-917f-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
\\?\Volume{bcf3b704-0000-0000-0000-e06f6f000000}\ () (Fixed) (Total:0.9 GB) (Free:0.47 GB) NTFS
\\?\Volume{64bc484d-0ec2-11e0-b278-806e6f6e6963}\ (SAMSUNG_REC) (Fixed) (Total:19.11 GB) (Free:0.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BCF3B704)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=926 MB) - (Type=27)
Partition 4: (Not Active) - (Size=19.1 GB) - (Type=27)

==================== End of Addition.txt ===========================

 

 

I also carried out your instructions re HiJackThis and removed the detailed .  I then rebooted and completed a further scan so you can see the latest results (I did this prior to downloading and dealing with the Farbar stuff)

 

HJT log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:57:22, on 04/08/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Allens\Desktop\Loz\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\aswidsagent.exe
O23 - Service: AvgWscReporter - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\wsc_proxy.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\WINDOWS\System32\SUPDSvc.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 11481 bytes

 

Many thanks

 

Loz

Share this post


Link to post
Share on other sites

Sorry to be so late,  I did not receive a notice you had replied.

 

Need to uninstall Java 8 Update 144 <== very outdated.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Farbar Recovery Scan Tool  with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
    
highlight on the  text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.



Start::
CloseProcesses:
CreateRestorePoint:

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2E7A6375-3434-4402-A397-1C2A0301A53C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {437FED8E-CAA8-44F3-ADAE-070D1F078316} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {555829E4-754A-4413-AC3E-ADE060569F72} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Windows\TEMP\IHU702F.tmp.exe <==== ATTENTION
Task: {6C038E6D-2718-470B-9363-32CDB647A923} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6F8D65AF-3331-45D0-91AB-DBABBF632734} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8FB127B6-7275-4218-8D4A-4508FA44C48A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ADE13313-A60A-4B5F-A345-B91573BD7C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F3CA1DD2-0137-4298-AAF2-CEF68B6A280F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8AC07CB-1880-443C-8922-9F8D5A9DCC97} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FB6F8AA7-2667-4B52-A1E8-26BC375010AE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
CHR StartupUrls: Default -> "hxxp://uk.hao123.com/?tn=sdkw_inner_hp_01_hao123_uk&guid=c37951540e15f9b004a4ff517b9bcf9c"
CHR NewTab: Default ->  Not-active:"chrome-extension://icbhbegbnafpiiaomogcddhhjpijpikp/newtabpage.html", Not-active:"chrome-extension://agijeemohccmknhbgdjokbeekmijlbee/newtab/quicktab.html", Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/newtabproduct.html", Not-active:"chrome-extension://nfkdkikledkdblnfjgmoclfacngdgbgf/newtabproduct.html", Not-active:"chrome-extension://dnflpnhpbffehddplcdlohealbgbbamk/product.html"
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&enableSearch=true&rdrct=no&redirect=CPC
CHR DefaultSearchKeyword: Default -> askweb
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}&enableSearch=true&rdrct=no
CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default [2019-08-03]
U3 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ShortcutWithArgument: C:\Users\Allens\Desktop\Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=coobgpohoikkiipiblmjeljniedjpjpf

EmptyTemp:
C:\Windows\Temp\*.*
End::


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
 
Please post these 3 logs when finished.

Share this post


Link to post
Share on other sites

Hi

 

No need to apologise, I appreciate how busy you people are and the help you give so I am grateful no matter :

 

As requested …. results are:

 

FarBar:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by Allens (08-08-2019 11:21:13) Run:1
Running from C:\Users\Allens\Desktop\Loz
Loaded Profiles: Allens (Available Profiles: Allens & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2E7A6375-3434-4402-A397-1C2A0301A53C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {437FED8E-CAA8-44F3-ADAE-070D1F078316} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {555829E4-754A-4413-AC3E-ADE060569F72} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Windows\TEMP\IHU702F.tmp.exe <==== ATTENTION
Task: {6C038E6D-2718-470B-9363-32CDB647A923} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6F8D65AF-3331-45D0-91AB-DBABBF632734} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8FB127B6-7275-4218-8D4A-4508FA44C48A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ADE13313-A60A-4B5F-A345-B91573BD7C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F3CA1DD2-0137-4298-AAF2-CEF68B6A280F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8AC07CB-1880-443C-8922-9F8D5A9DCC97} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FB6F8AA7-2667-4B52-A1E8-26BC375010AE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation)
CHR StartupUrls: Default -> "hxxp://uk.hao123.com/?tn=sdkw_inner_hp_01_hao123_uk&guid=c37951540e15f9b004a4ff517b9bcf9c"
CHR NewTab: Default ->  Not-active:"chrome-extension://icbhbegbnafpiiaomogcddhhjpijpikp/newtabpage.html", Not-active:"chrome-extension://agijeemohccmknhbgdjokbeekmijlbee/newtab/quicktab.html", Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/newtabproduct.html", Not-active:"chrome-extension://nfkdkikledkdblnfjgmoclfacngdgbgf/newtabproduct.html", Not-active:"chrome-extension://dnflpnhpbffehddplcdlohealbgbbamk/product.html"
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&enableSearch=true&rdrct=no&redirect=CPC
CHR DefaultSearchKeyword: Default -> askweb
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}&enableSearch=true&rdrct=no
CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default [2019-08-03]
U3 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ShortcutWithArgument: C:\Users\Allens\Desktop\Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=coobgpohoikkiipiblmjeljniedjpjpf
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E7A6375-3434-4402-A397-1C2A0301A53C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E7A6375-3434-4402-A397-1C2A0301A53C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{437FED8E-CAA8-44F3-ADAE-070D1F078316}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{437FED8E-CAA8-44F3-ADAE-070D1F078316}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{555829E4-754A-4413-AC3E-ADE060569F72}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{555829E4-754A-4413-AC3E-ADE060569F72}" => removed successfully
C:\WINDOWS\System32\Tasks\IHUninstallTrackingTASK => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C038E6D-2718-470B-9363-32CDB647A923}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C038E6D-2718-470B-9363-32CDB647A923}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F8D65AF-3331-45D0-91AB-DBABBF632734}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F8D65AF-3331-45D0-91AB-DBABBF632734}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FB127B6-7275-4218-8D4A-4508FA44C48A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FB127B6-7275-4218-8D4A-4508FA44C48A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADE13313-A60A-4B5F-A345-B91573BD7C7F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADE13313-A60A-4B5F-A345-B91573BD7C7F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3CA1DD2-0137-4298-AAF2-CEF68B6A280F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3CA1DD2-0137-4298-AAF2-CEF68B6A280F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8AC07CB-1880-443C-8922-9F8D5A9DCC97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8AC07CB-1880-443C-8922-9F8D5A9DCC97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB6F8AA7-2667-4B52-A1E8-26BC375010AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB6F8AA7-2667-4B52-A1E8-26BC375010AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => removed successfully
HKLM\Software\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
"HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully
HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => not found
"HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle America, Inc." => not found
"C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle America, Inc." => not found
"C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll" => not found
"Chrome StartupUrls" => removed successfully
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => not found

"C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default" folder move:

Could not move "C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default" => Scheduled to move on reboot.

HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\Allens\Desktop\Google Search.lnk => Shortcut argument removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\AdobeARM_NotLocked.log => moved successfully
C:\Windows\Temp\APPX.0pueyls8mtmow3wzn0av0h95e.tmp => moved successfully
C:\Windows\Temp\APPX.6kx4nw1anr3entefmwgcks2yg.tmp => moved successfully
C:\Windows\Temp\APPX.6vqbp2_x53lt2yn8f9czxp38g.tmp => moved successfully
C:\Windows\Temp\APPX.7xk7win4mrxirfnaaq2pudwqc.tmp => moved successfully
C:\Windows\Temp\APPX.8qqeiqhz0qec6xzmc2r268seb.tmp => moved successfully
C:\Windows\Temp\APPX.945vr7qrumkif3p55mqofqr0g.tmp => moved successfully
C:\Windows\Temp\APPX.b2vnakr2t6sjkccjzl_n48uhb.tmp => moved successfully
C:\Windows\Temp\APPX.dc4oezs6nrh9p74oo5_niksif.tmp => moved successfully
C:\Windows\Temp\APPX.fcuqdiad4lq149orcqhoes52d.tmp => moved successfully
C:\Windows\Temp\APPX.fyf38dulp4czyfmxzec_7fv1c.tmp => moved successfully
C:\Windows\Temp\APPX.iicyhjdet2llh70bi503j0qpd.tmp => moved successfully
C:\Windows\Temp\APPX.kfnp_c70tw78r8knocb1veb8f.tmp => moved successfully
C:\Windows\Temp\APPX.m8bpyns6x7l8fqj_ltsrawh6f.tmp => moved successfully
C:\Windows\Temp\APPX.nug2zmglo90f10pj22oansxdb.tmp => moved successfully
C:\Windows\Temp\APPX.pnmlz72n4w7_8gieml9ooz_1.tmp => moved successfully
C:\Windows\Temp\APPX.tptjh7zr8nttbk5dznopli43h.tmp => moved successfully
C:\Windows\Temp\APPX.u00lwp63iu_g7u2ullrqmns4b.tmp => moved successfully
C:\Windows\Temp\APPX.u1lw_1lhd86svbwba19tysn7b.tmp => moved successfully
C:\Windows\Temp\APPX.ulcvy8070vtaz_4_05bjj9bsc.tmp => moved successfully
C:\Windows\Temp\APPX.vm11k6g_4v66xlszmooyl76cg.tmp => moved successfully
C:\Windows\Temp\APPX.yeu8vf88gwz6b2io1zvt81msh.tmp => moved successfully
C:\Windows\Temp\ArmUI.ini => moved successfully
C:\Windows\Temp\battery-report.html => moved successfully
C:\Windows\Temp\battery-report.xml => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\HighPerformancePlan.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\MSI42ae7.LOG => moved successfully
C:\Windows\Temp\MSI694a0.LOG => moved successfully
C:\Windows\Temp\MSI7228c.LOG => moved successfully
C:\Windows\Temp\MSI8d162.LOG => moved successfully
C:\Windows\Temp\MSI8d163.LOG => moved successfully
C:\Windows\Temp\MSI90dc2.LOG => moved successfully
C:\Windows\Temp\MSI90dc3.LOG => moved successfully
C:\Windows\Temp\MSIbcfc8.LOG => moved successfully
C:\Windows\Temp\PowerPlan.log => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
C:\Windows\Temp\TS_842B.tmp => moved successfully
C:\Windows\Temp\TS_CD9B.tmp => moved successfully
C:\Windows\Temp\UDD7529.tmp => moved successfully
C:\Windows\Temp\UsoStoreFile.xml => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 168935962 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 65493218 B
Edge => 19171897 B
Chrome => 185832578 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 23330 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 49182 B
LocalService => 0 B
NetworkService => 203532 B
NetworkService => 0 B
Allens => 138732712 B
DefaultAppPool => 39714 B

RecycleBin => 0 B
EmptyTemp: => 561.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-08-2019 11:43:41)

C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default => Is moved successfully

==== End of Fixlog 11:43:41 ====

 

 

 

 

AdwCleaner ::

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-07.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-08-2019
# Duration: 00:00:23
# OS:       Windows 10 Home
# Cleaned:  135
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files\Driver Updater
Deleted       C:\Program Files\WebDiscoverBrowser
Deleted       C:\ProgramData\AVG_UPDATE_0116AV
Deleted       C:\ProgramData\AVG_UPDATE_0814TB
Deleted       C:\ProgramData\AVG_UPDATE_1215AV
Deleted       C:\ProgramData\App-verifier
Deleted       C:\ProgramData\AppVerifier
Deleted       C:\ProgramData\Ask
Deleted       C:\ProgramData\ByteFence
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater
Deleted       C:\ProgramData\driverdetails.com
Deleted       C:\ProgramData\pctonics.com
Deleted       C:\Users\Allens\AppData\LocalLow\AVG Secure Search
Deleted       C:\Users\Allens\AppData\Local\Systweak
Deleted       C:\Users\Allens\AppData\Local\WebDiscoverBrowser
Deleted       C:\Users\Allens\AppData\Local\apn
Deleted       C:\Users\Allens\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Deleted       C:\Users\Allens\AppData\Roaming\efo
Deleted       C:\Users\Allens\AppData\Roaming\pctonics.com
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\Users\Public\Documents\Guid
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser

***** [ Files ] *****

Deleted       C:\Users\Allens\Desktop\Google Search.lnk
Deleted       C:\Windows\Reimage.ini
Deleted       C:\Windows\System32\drivers\swdumon.sys
Deleted       C:\appverifier.txt

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverAgent Plus
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted       HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted       HKCU\Software\WebDiscoverBrowser
Deleted       HKCU\Software\YahooPartnerToolbar
Deleted       HKCU\Software\csastats
Deleted       HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
Deleted       HKLM\Software\AVG Secure Search
Deleted       HKLM\Software\AppVerifier
Deleted       HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted       HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\Search.BrowserWndAPI
Deleted       HKLM\Software\Classes\Search.PugiObj
Deleted       HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced PC Care_logon
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted       HKLM\Software\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\Reimage
Deleted       HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\ScriptHelper.EXE
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\cGN0b25pY3MuY29t
Deleted       HKLM\Software\ddtdu-pr
Deleted       HKLM\Software\dtc-pr
Deleted       HKLM\Software\pcv-var
Deleted       HKLM\Software\pcv-vars
Deleted       HKLM\Software\scd-pr
Deleted       HKLM\Software\vSnapshotEncodeTools
Deleted       HKLM\Software\wtc-pr
Deleted       HKU\.DEFAULT\Software\AVG Secure Search
Deleted       HKU\.DEFAULT\Software\Advancedpccare.com
Deleted       HKU\.DEFAULT\Software\ByteFence
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\.DEFAULT\Software\WebDiscoverBrowser
Deleted       HKU\S-1-5-18\Software\AVG Secure Search
Deleted       HKU\S-1-5-18\Software\Advancedpccare.com
Deleted       HKU\S-1-5-18\Software\ByteFence
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-18\Software\WebDiscoverBrowser

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPMediaSmart
Deleted       Preinstalled.SamsungBatteryLifeExtender
Deleted       Preinstalled.SamsungEasyBatteryManager
Deleted       Preinstalled.SamsungEasyDisplayManager
Deleted       Preinstalled.SamsungSupportCenter1.0
Deleted       Preinstalled.SamsungUpdatePlus


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [11217 octets] - [08/08/2019 11:59:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

And finally … Rogue Killer:

 

RogueKiller Anti-Malware V13.4.1.0 (x64) [Aug  8 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Allens [Administrator]
Started from : C:\Users\Allens\Desktop\RogueKiller_portable64.exe
Signatures : 20190807_111511, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/08/08 16:57:51 (Duration : 04:09:22)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Slimware (Potentially Malicious)] SWDUMon -- %SystemRoot%\system32\DRIVERS\SWDUMon.sys -> Stopped
[PUP.Auslogics (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\Auslogics --  -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2052373595-2782729040-2076756327-1001\Software\eSupport.com --  -> Deleted
[PUP.Auslogics (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Auslogics --  -> Deleted
[PUP.Slimware (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- [%SystemRoot%\system32\DRIVERS\SWDUMon.sys] -> Deleted
[PUP.SysTweak (Potentially Malicious)] Advanced Identity Protector -- %_Allens_appdata%\Advanced Identity Protector -> Deleted
[Adw.TopTools (Malicious)] Tools -- %programfiles(x86)%\Tools -> Deleted

 

Many thanks

 

Loz

Share this post


Link to post
Share on other sites

…. I meant to add … I seem to have a rogue number imbedded on my tool bar … please see the attached image ...

 

It reads 'Help Line 0-189-271-0657'

 

I am assuming this is part if the malicious intrusion?

 

 

Desktop Image.png

Share this post


Link to post
Share on other sites

assuming this is part if the malicious intrusion?

I'm going to say yes.

 

If you're already running Malwarebytes 3 then open Malwarebytes and check for updates.
If you don't have Malwarebytes 3 installed yet please download it from here and install it from this location Here

 

Open Malwarebytes Anti-Malware (If it wants to update please allow it)
click the Settings tab,at the top  choose Protection and tick Scan for rootkits.
Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
  • Once the extraction is complete, the EEK folder will open. Right-click on G0tu5D9.pngstart emergency kit scanner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, open EEK again (in the C:\EEK folder);
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;


Please post these 2 logs when finished.

Also, tell me how the computer is now.

 

Share this post


Link to post
Share on other sites

HI

 

The computer itself seems to be a little quicker once loaded up but can lag a little on some applications - i.e Internet Explorer etc

 

The 'help line' number is still present in the taskbar and it would be somewhat reassuring if I could get rid of this … Im guessing its something in the HKLU or HKLM settings … I don't want to mess around in there with the little knowledge that I have!

 

Both scans completed as follows:

 

Malwarebytes:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 09/08/2019
Scan Time: 23:40
Log File: a2639932-baf6-11e9-b365-e8113208725e.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11940
Licence: Trial

-System Information-
OS: Windows 10 (Build 17134.885)
CPU: x64
File System: NTFS
User: JANUS\Allens

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 336047
Threats Detected: 68
Threats Quarantined: 68
Time Elapsed: 45 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 8
Adware.NeoBar, HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\ADNPR\ANTIMALWARE\key, Quarantined, [1344], [469679],1.0.11940
PUP.Optional.PCVARK, HKLM\SOFTWARE\QWR2YW5jZWRwY2NhcmUubmV0, Quarantined, [470], [547455],1.0.11940
PUP.Optional.PCVARK, HKLM\SOFTWARE\QWR2YW5jZWRwY2NhcmUuY29t, Quarantined, [470], [547455],1.0.11940
PUP.Optional.PCVARK, HKLM\SOFTWARE\UG93ZXIgU3BlZWR1cCAyMDE4, Quarantined, [470], [554980],1.0.11940
PUP.Optional.PCVARK, HKLM\SOFTWARE\ZHJpdmVyZGV0YWlscy5jb20=, Quarantined, [470], [706567],1.0.11940
Adware.NeoBar, HKLM\SOFTWARE\WOW6432NODE\ADNPR\ANTIMALWARE\key, Quarantined, [1344], [469673],1.0.11940
PUP.Optional.PCVARK, HKLM\SOFTWARE\Power Speedup 2018 For JANUS, Quarantined, [470], [556375],1.0.11940
PUP.Optional.PCVARK, HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Power Speedup 2018 for JANUS, Quarantined, [470], [556376],1.0.11940

Registry Value: 2
PUP.Optional.PCVARK, HKLM\SOFTWARE\Power Speedup 2018 For JANUS|AFFIRED, Quarantined, [470], [556375],1.0.11940
PUP.Optional.PCVARK, HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Power Speedup 2018 for JANUS|TELNO, Quarantined, [470], [556376],1.0.11940

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 9
PUP.Optional.PCVARK, C:\ProgramData\Power Speedup 2018 for JANUS\offers, Quarantined, [470], [556369],1.0.11940
PUP.Optional.PCVARK, C:\PROGRAMDATA\Power Speedup 2018 for JANUS, Quarantined, [470], [556369],1.0.11940
PUP.Optional.DesktopTool, C:\USERS\PUBLIC\DOCUMENTS\BAIDU\COMMON\I18N\IPCSUPDATECACHE\DesktopToolMini_globalUK, Quarantined, [2754], [182058],1.0.11940
PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\smico, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\USERS\ALLENS\APPDATA\ROAMING\Power Speedup 2018 For JANUS, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\x64, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\x86, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\PROGRAM FILES\Power Speedup 2018 for JANUS, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Power Speedup 2018 for JANUS, Quarantined, [470], [556370],1.0.11940

File: 49
PUP.Optional.PCVARK, C:\PROGRAMDATA\Power Speedup 2018 for JANUS\mdb.db, Quarantined, [470], [556369],1.0.11940
PUP.Optional.PCVARK, C:\ProgramData\Power Speedup 2018 for JANUS\offers\d_t_u.exe, Quarantined, [470], [556369],1.0.11940
PUP.Optional.PCVARK, C:\ProgramData\Power Speedup 2018 for JANUS\offers\tnpcsetup.exe, Quarantined, [470], [556369],1.0.11940
PUP.Optional.PCVARK, C:\ProgramData\Power Speedup 2018 for JANUS\pcspstartrepair_en.mp3, Quarantined, [470], [556369],1.0.11940
PUP.Optional.PCVARK, C:\USERS\ALLENS\APPDATA\ROAMING\Power Speedup 2018 For JANUS\Errorlog.txt, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\exlist.bin, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\notifier.xml, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\param.ini, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\pplan.xml, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\res.xml, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\update.xml, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\u_d_u_2.xml, Quarantined, [470], [556368],1.0.11940
PUP.Optional.PCVARK, C:\PROGRAM FILES\Power Speedup 2018 for JANUS\unins000.dat, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\x64\SQLite.Interop.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\x86\SQLite.Interop.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Microsoft.Win32.TaskScheduler.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\application.ico, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\danish_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Dutch_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\english_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\finish_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\French_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\german_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\gmtrs.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\HtmlRenderer.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\HtmlRenderer.WinForms.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Interop.IWshRuntimeLibrary.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Interop.SHDocVw.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\italian_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\japanese_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\langs.db, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\NAudio.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Newtonsoft.Json.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\norwegian_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\PaddleCheckoutSDK.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\portuguese_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\ptcr.exe.config, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\russian_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\spanish_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\swedish_iss.ini, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\System.Data.SQLite.DLL, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\TAFactory.IconPack.dll, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\unins000.exe, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\unins000.msg, Quarantined, [470], [556371],1.0.11940
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Speedup 2018 for JANUS\Uninstall Power Speedup 2018.lnk, Quarantined, [470], [556370],1.0.11940
PUP.Optional.TopTools, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\89A88766C275F6DC.VIR\UPDATE\CRASHUL.EXE, Quarantined, [686], [512674],1.0.11940
PUP.Optional.TopTools, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\89A88766C275F6DC.VIR\UPDATE\CRASHREPORT.EXE, Quarantined, [686], [512674],1.0.11940
PUP.Optional.TopTools, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\89A88766C275F6DC.VIR\UPDATE\CRASHREPORT64.EXE, Quarantined, [686], [512674],1.0.11940
Adware.TopTools, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\89A88766C275F6DC.VIR\UPDATE\TOOLS_UPDATE.EXE, Quarantined, [7577], [495713],1.0.11940

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

 

EEK:

Emsisoft Emergency Kit 2019.6.0.9501 stable [en-us]
OS: Windows 10 (Version 10.0, Build 17134, 64-bit Edition)

Forensics log

 Date Component Action Details 
10/08/2019 01:55:49 Scanner Scan finished Scanned 19431 objects and found nothing.  
10/08/2019 01:40:56 User JANUS\Allens Scan started Malware Scan  
10/08/2019 01:40:36 User JANUS\Allens Setting modified "Detect PUPs" has been changed to "Enabled".  
10/08/2019 01:40:15 User Update Finished successfully, all files are up-to-date (1 min. 24 sec.).  
10/08/2019 01:38:51 Core Notification "Recommended Reading:Why are so many US public entities being hit by ransomware?".  

 

 

The EEK scan didn't find anything to quarantine which I am taking as great news :)

Share this post


Link to post
Share on other sites
3 hours ago, SuicideSolution said:

The 'help line' number is still present in the taskbar and it would be somewhat reassuring if I could get rid of this … Im guessing its something in the HKLU or HKLM settings … I don't want to mess around in there with the little knowledge that I have!

 

Rgarding the above .... I have managed to get rid of this

 

I simply right clicked on the taskbar and then selected toolbars and removed the check tick next to the 'help Line' entry .... now it isnt on my tooldbar or as an option following the aforementioned clicking ... result! :)

Share this post


Link to post
Share on other sites

'help line' number <==I have managed to get rid of this

good deal

 

The computer itself seems to be a little quicker once loaded up but can lag a little on some applications

I think this will improve

 

I think we're at the point we can remove tools and quarantine folders

 

  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system.
    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can bedeleted manually (right-click the file + delete).


************

Share this post


Link to post
Share on other sites

Hi

 

The speed has improved vastly!

 

I am now using Firefox and IE was so slow and laggy ... FF is far better!

 

I have also updated Java now with the latest version

 

I had removed malwarebytes myself prior to knowing about your removal tool as I found it was running on start up and was on a 14 day trial ...

 

Regardless, I have now run DelFix as follows:

 

  # DelFix v1.010 - Logfile created 10/08/2019 at 16:26:24
# Updated 26/04/2015 by Xplode
# Username : Loz Laptop - JANUS
# Operating System : Windows 10 Home  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

 

 

I cannot thank you enough for all your help ... at last I now have Windows 10

 

Thank you

Thank you

Thank you

Thank you

 

:)

Share this post


Link to post
Share on other sites

Your very welcome

 

I would keep MalwareBytes after the trial as an on demand scanner....

 


 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...