Kaelkitty
Posts: 84 +0
Here are my FRST.logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by Dell (administrator) on DELL-PC (22-09-2018 02:42:41)
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell (Available Profiles: Dell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(RaMMicHaeL) C:\Users\Dell\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(CrispyBytes Software) C:\Program Files (x86)\DateInTray\DateInTray.exe
(Facebook) C:\Users\Dell\AppData\Local\Facebook\Games\FacebookGameroom.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(FSL) C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Duality Software) C:\Program Files (x86)\DS Clock\dsetime.exe
(Microsoft) C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(The CefSharp Authors) C:\Users\Dell\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\bfgclient\bfggameservices.exe
() C:\Program Files (x86)\Gummy Drop!\GummyDrop.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291056 2018-08-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-12-22] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.)
HKLM-x32\...\Run: [WMUAgent.exe] => C:\Program Files (x86)\WakeMeUp\WMUAgent.exe [592384 2007-02-15] (highspheres.com)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\Dell\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [447488 2018-05-20] (RaMMicHaeL)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [DateInTray] => C:\Program Files (x86)\DateInTray\DateInTray.exe [95744 2010-03-05] (CrispyBytes Software)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2018-09-21] (Siber Systems)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [1449472 2018-09-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\MountPoints2: {bc61dcd2-7345-11e7-8872-001aa0419180} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\driversupport.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\freefileviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\g2minstaller.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pcchrono.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sidebar.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wakemeup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2016-06-14]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7+ Taskbar Tweaker.lnk [2017-07-28]
ShortcutTarget: 7+ Taskbar Tweaker.lnk -> C:\Users\Dell\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (RaMMicHaeL)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DateInTray.lnk [2017-07-29]
ShortcutTarget: DateInTray.lnk -> C:\Program Files (x86)\DateInTray\DateInTray.exe (CrispyBytes Software)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-03-21]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Dell\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare.lnk [2017-07-29]
ShortcutTarget: Kodak EasyShare.lnk -> C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk [2016-05-03]
ShortcutTarget: Super Finder XT.lnk -> C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe (FSL)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DBC6179-CB64-4C52-822A-0DEEBFEDCFE4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7BCFCF5C20-E14B-4F7C-97DA-E707D953A141%7D&mid=0340cd93399647cc8168d153e6afe49d-bedeb04c32ee1ac935d3d85898546a8263f90d25&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216pi&pr=fr&d=2016-04-21%2016:22:28&v=4.2.9.726&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-1400945040-2960571981-3055813832-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CFCF5C20-E14B-4F7C-97DA-E707D953A141}&mid=0340cd93399647cc8168d153e6afe49d-bedeb04c32ee1ac935d3d85898546a8263f90d25&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216pi&pr=fr&d=2016-04-21 16:22:28&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-09-21] (Siber Systems Inc.)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2018-09-10] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-09-21] (Siber Systems Inc.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.605\AVG Web TuneUp.dll [2017-12-22] (AVG)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-09-21] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-09-21] (Siber Systems Inc.)
FireFox:
========
FF DefaultProfile: oi853qa9.default
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default [2018-09-22]
FF user.js: detected! => C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\user.js [2017-07-28]
FF Session Restore: Mozilla\Firefox\Profiles\oi853qa9.default -> is enabled.
FF Extension: (About sessionstore) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\aboutsessionstore@dt.xpi [2016-10-10] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-08-04] [Legacy]
FF Extension: (Colour That Site!) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\ColourThatSite@einspeiser.de.xpi [2016-06-08] [Legacy]
FF Extension: (English (Australian) Dictionary) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\en-AU@dictionaries.addons.mozilla.org [2016-04-28] [Legacy] [not signed]
FF Extension: (Pinterest Save Button) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2018-07-25]
FF Extension: (RoboForm Password Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\rf-firefox@siber.com.xpi [2018-07-27]
FF Extension: (SQLite Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-04-28] [Legacy]
FF Extension: (Tab Groups) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\tabgroups@quicksaver.xpi [2017-01-28] [Legacy]
FF Extension: (Session Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (FEBE) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-17] [Legacy]
FF Extension: (ScrapBook) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2016-09-01] [Legacy]
FF Extension: (NoUn Buttons) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}.xpi [2016-04-28] [Legacy]
FF Extension: (ReminderFox) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2018-05-30] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-09-10] ()
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2018-09-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2018-09-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-09-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1400945040-2960571981-3055813832-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-09] (Citrix Online)
Chrome:
=======
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2018-06-27]
CHR Extension: (Slides) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-26]
CHR Extension: (Google Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-27]
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-27]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-27]
CHR Extension: (Google Sheets) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-27]
CHR Extension: (Google Docs Offline) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-27]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-25]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [323512 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [432592 2018-08-31] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8043904 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Technologies CZ, s.r.o.)
S4 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-23] (PC Drivers HeadQuarters LP)
R2 DSClockSyncTime; C:\Program Files (x86)\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
R2 NovaPdf9Server; C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe [52664 2018-07-18] (Microsoft)
S4 svcWMU; C:\Program Files (x86)\WakeMeUp\WMUSvc.exe [808448 2007-02-15] (Highspheres.com) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6593536 2018-07-26] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48640 2018-07-26] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [41472 2018-07-26] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-12-22] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [192104 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [222288 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [194224 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [339048 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51952 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [155664 2018-09-12] (AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2018-01-03] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\System32\drivers\avgNetSec.sys [653928 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [104256 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78864 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [459624 2018-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [208216 2018-09-13] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-22 02:42 - 2018-09-22 02:45 - 000020906 _____ C:\Users\Dell\Desktop\FRST.txt
2018-09-22 02:38 - 2018-09-22 02:38 - 002404864 _____ (Farbar) C:\Users\Dell\Desktop\FRST64.exe
2018-09-21 13:51 - 2018-09-21 13:51 - 000012962 _____ C:\Users\Dell\Downloads\This computer is BLOCKED
2018-09-20 18:27 - 2018-09-20 18:27 - 000000000 ____D C:\Users\Dell\Desktop\PHOTO FOLDERS (OLD) - Copy
2018-09-17 12:10 - 2018-09-17 12:11 - 000011874 _____ C:\Users\Dell\Downloads\Income Statement
2018-09-15 01:10 - 2018-09-15 01:10 - 000000000 _____ C:\Users\Dell\Desktop\exiftool
2018-09-10 17:42 - 2018-09-10 17:42 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Sun
2018-09-10 17:41 - 2018-09-21 13:56 - 000003668 _____ C:\Windows\System32\Tasks\JavaUpdateSched
2018-09-10 17:40 - 2018-09-10 17:40 - 000145272 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-09-10 17:40 - 2018-09-10 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-09-10 17:38 - 2018-09-10 17:38 - 000000000 ____D C:\Program Files\Java
2018-09-10 16:34 - 2018-09-10 16:36 - 105455992 _____ (Oracle Corporation) C:\Users\Dell\Downloads\jre-10.0.2_windows-x64_bin.exe
2018-09-10 16:07 - 2018-09-10 16:07 - 000001444 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-09-10 16:07 - 2018-09-10 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-09-10 16:06 - 2018-09-10 16:07 - 000000000 ____D C:\Program Files\LibreOffice
2018-09-10 13:47 - 2018-09-10 13:57 - 274317312 _____ C:\Users\Dell\Downloads\LibreOffice_6.0.6_Win_x64.msi
2018-09-10 13:45 - 2018-09-10 13:46 - 000018999 _____ C:\Users\Dell\Downloads\LibreOffice_6.0.6_Win_x64_helppack_en-GB.msi.torrent
2018-09-10 13:01 - 2018-09-10 13:01 - 001211216 _____ (Oracle Corporation) C:\Users\Dell\Downloads\JavaUninstallTool.exe
2018-09-10 12:54 - 2018-09-21 13:56 - 000003144 _____ C:\Windows\System32\Tasks\{9034CCE8-0529-402D-83F5-07AA22336ADA}
2018-09-10 12:51 - 2018-09-10 12:51 - 000001995 _____ C:\Users\Dell\Desktop\7+ Taskbar Tweaker.lnk
2018-08-31 04:56 - 2018-08-31 04:54 - 000380656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-22 02:42 - 2017-12-19 12:34 - 000000000 ____D C:\FRST
2018-09-21 16:02 - 2016-09-21 00:28 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2018-09-21 14:02 - 2009-07-14 14:15 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-21 14:02 - 2009-07-14 14:15 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-21 13:56 - 2018-08-18 17:07 - 000003560 _____ C:\Windows\System32\Tasks\doPDF 9 Update
2018-09-21 13:56 - 2018-08-18 17:07 - 000003540 _____ C:\Windows\System32\Tasks\doPDF 9 Telemetry
2018-09-21 13:56 - 2018-05-19 16:05 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-21 13:56 - 2018-05-16 13:30 - 000004310 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2018-09-21 13:56 - 2018-01-14 10:13 - 000003214 _____ C:\Windows\System32\Tasks\klcp_update
2018-09-21 13:56 - 2017-12-20 06:01 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-09-21 13:56 - 2017-07-27 22:02 - 000002962 _____ C:\Windows\System32\Tasks\{0E59508C-BE36-4B2B-A14A-00D56A47BAC3}
2018-09-21 13:56 - 2017-04-25 08:11 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-09-21 13:56 - 2017-01-02 15:03 - 000003132 _____ C:\Windows\System32\Tasks\{29D149EF-EC65-40D7-B7D7-2190A79A460C}
2018-09-21 13:56 - 2016-06-12 14:59 - 000003002 _____ C:\Windows\System32\Tasks\{CEDEAF75-B7F1-419A-9967-BC6FE3751283}
2018-09-21 13:56 - 2016-06-12 14:28 - 000003002 _____ C:\Windows\System32\Tasks\{0469D58A-F4AC-4FFE-87C3-63DE0C613505}
2018-09-21 13:56 - 2016-06-12 14:27 - 000003002 _____ C:\Windows\System32\Tasks\{E8293F52-06BD-4F09-A0BE-35F2B8AAB023}
2018-09-21 13:56 - 2016-05-21 02:01 - 000003134 _____ C:\Windows\System32\Tasks\{45FBBD5F-F88A-49D4-A283-B4F373E77EB0}
2018-09-21 13:56 - 2016-05-05 16:51 - 000003124 _____ C:\Windows\System32\Tasks\{122501A7-1579-4F3C-9980-D73CC72456D6}
2018-09-21 13:56 - 2016-04-29 10:06 - 000003696 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-09-21 13:56 - 2016-04-28 11:42 - 000003222 _____ C:\Windows\System32\Tasks\{3F1240AA-27E5-491C-8839-0A7C8598CF0A}
2018-09-21 13:56 - 2016-04-21 16:37 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-21 10:38 - 2016-04-29 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2018-09-20 19:02 - 2017-06-19 18:13 - 000000000 ____D C:\ProgramData\TEMP
2018-09-20 18:06 - 2016-05-21 02:52 - 254389248 ____R C:\Users\Public\Documents\ESBK.mb
2018-09-20 18:06 - 2016-05-21 02:52 - 212474880 ____R C:\Users\Public\Documents\ESBK.mbb
2018-09-20 09:03 - 2016-05-03 06:35 - 000000000 ____D C:\Users\Dell\Desktop\PROGRAM SETUPS
2018-09-20 01:03 - 2016-04-21 16:36 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-19 03:47 - 2016-04-21 14:56 - 000000000 ____D C:\Users\Dell
2018-09-19 03:44 - 2017-06-18 11:46 - 000000000 ____D C:\Program Files\Recuva
2018-09-19 00:26 - 2017-07-08 07:45 - 000000000 ___RD C:\Users\Dell\Desktop\2013 PHOTOS
2018-09-18 16:35 - 2016-05-06 12:33 - 000000000 ____D C:\Users\Dell\AppData\Roaming\MailWasherPro
2018-09-13 04:57 - 2017-04-25 08:11 - 000208216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-09-12 00:57 - 2017-04-25 08:11 - 000155664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-09-10 20:01 - 2016-04-29 14:56 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-10 20:01 - 2016-04-29 14:56 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-10 20:01 - 2016-04-29 14:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-10 20:01 - 2016-04-29 14:56 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-10 20:01 - 2016-04-29 14:55 - 000000000 ____D C:\Users\Dell\AppData\Local\Adobe
2018-09-10 19:58 - 2016-04-22 15:46 - 000094584 _____ C:\Users\Dell\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-10 19:54 - 2017-07-28 13:05 - 000416576 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-10 19:54 - 2016-04-21 15:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-10 19:54 - 2009-07-14 14:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-10 17:26 - 2009-07-14 12:50 - 000000000 ____D C:\Windows\system32\NDF
2018-09-10 16:55 - 2009-07-14 12:50 - 000000000 ____D C:\Windows\inf
2018-09-10 16:45 - 2016-05-03 06:31 - 000000000 ____D C:\Users\Dell\Desktop\OLD PROGRAM SETUPS
2018-09-10 16:20 - 2017-10-13 12:07 - 000000000 ____D C:\Users\Dell\AppData\Local\RoboForm
2018-09-10 16:17 - 2017-06-07 12:58 - 000000000 ____D C:\Users\Dell\Desktop\COLES POINTS
2018-09-10 16:16 - 2018-02-21 07:53 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-10 13:03 - 2016-04-21 16:24 - 000000000 ____D C:\ProgramData\Oracle
2018-09-10 12:29 - 2008-07-24 03:11 - 000000000 ____D C:\Users\Dell\Desktop\BANK AND FINANCIAL
2018-09-05 00:57 - 2017-04-25 08:11 - 000459624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-08-31 04:58 - 2017-04-25 08:11 - 000078864 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-08-31 04:54 - 2017-11-28 18:00 - 000192104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-08-31 04:53 - 2018-01-03 11:28 - 000653928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
2018-08-31 04:53 - 2017-04-25 08:11 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
==================== Files in the root of some directories =======
2017-12-17 16:19 - 2017-12-17 16:19 - 000000036 _____ () C:\Users\Dell\AppData\Local\housecall.guid.cache
2016-07-30 09:31 - 2016-07-30 09:31 - 000000022 _____ () C:\Users\Dell\AppData\Local\kodakpcd.ini
2016-05-07 13:13 - 2017-07-27 23:34 - 000007608 _____ () C:\Users\Dell\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2018-09-10 12:41 - 2018-09-10 12:41 - 001906040 _____ (Oracle Corporation) C:\Users\Dell\AppData\Local\Temp\jre-8u181-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-09-15 07:46
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by Dell (administrator) on DELL-PC (22-09-2018 02:42:41)
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell (Available Profiles: Dell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(RaMMicHaeL) C:\Users\Dell\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(CrispyBytes Software) C:\Program Files (x86)\DateInTray\DateInTray.exe
(Facebook) C:\Users\Dell\AppData\Local\Facebook\Games\FacebookGameroom.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(FSL) C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Duality Software) C:\Program Files (x86)\DS Clock\dsetime.exe
(Microsoft) C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(The CefSharp Authors) C:\Users\Dell\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\bfgclient\bfggameservices.exe
() C:\Program Files (x86)\Gummy Drop!\GummyDrop.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291056 2018-08-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-12-22] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.)
HKLM-x32\...\Run: [WMUAgent.exe] => C:\Program Files (x86)\WakeMeUp\WMUAgent.exe [592384 2007-02-15] (highspheres.com)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\Dell\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [447488 2018-05-20] (RaMMicHaeL)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [DateInTray] => C:\Program Files (x86)\DateInTray\DateInTray.exe [95744 2010-03-05] (CrispyBytes Software)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2018-09-21] (Siber Systems)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [1449472 2018-09-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\MountPoints2: {bc61dcd2-7345-11e7-8872-001aa0419180} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\driversupport.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\freefileviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\g2minstaller.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pcchrono.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sidebar.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wakemeup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2016-06-14]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7+ Taskbar Tweaker.lnk [2017-07-28]
ShortcutTarget: 7+ Taskbar Tweaker.lnk -> C:\Users\Dell\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (RaMMicHaeL)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DateInTray.lnk [2017-07-29]
ShortcutTarget: DateInTray.lnk -> C:\Program Files (x86)\DateInTray\DateInTray.exe (CrispyBytes Software)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-03-21]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Dell\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare.lnk [2017-07-29]
ShortcutTarget: Kodak EasyShare.lnk -> C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk [2016-05-03]
ShortcutTarget: Super Finder XT.lnk -> C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe (FSL)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DBC6179-CB64-4C52-822A-0DEEBFEDCFE4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7BCFCF5C20-E14B-4F7C-97DA-E707D953A141%7D&mid=0340cd93399647cc8168d153e6afe49d-bedeb04c32ee1ac935d3d85898546a8263f90d25&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216pi&pr=fr&d=2016-04-21%2016:22:28&v=4.2.9.726&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-1400945040-2960571981-3055813832-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CFCF5C20-E14B-4F7C-97DA-E707D953A141}&mid=0340cd93399647cc8168d153e6afe49d-bedeb04c32ee1ac935d3d85898546a8263f90d25&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216pi&pr=fr&d=2016-04-21 16:22:28&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-09-21] (Siber Systems Inc.)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2018-09-10] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-09-21] (Siber Systems Inc.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.605\AVG Web TuneUp.dll [2017-12-22] (AVG)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-09-21] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-09-21] (Siber Systems Inc.)
FireFox:
========
FF DefaultProfile: oi853qa9.default
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default [2018-09-22]
FF user.js: detected! => C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\user.js [2017-07-28]
FF Session Restore: Mozilla\Firefox\Profiles\oi853qa9.default -> is enabled.
FF Extension: (About sessionstore) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\aboutsessionstore@dt.xpi [2016-10-10] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-08-04] [Legacy]
FF Extension: (Colour That Site!) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\ColourThatSite@einspeiser.de.xpi [2016-06-08] [Legacy]
FF Extension: (English (Australian) Dictionary) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\en-AU@dictionaries.addons.mozilla.org [2016-04-28] [Legacy] [not signed]
FF Extension: (Pinterest Save Button) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2018-07-25]
FF Extension: (RoboForm Password Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\rf-firefox@siber.com.xpi [2018-07-27]
FF Extension: (SQLite Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-04-28] [Legacy]
FF Extension: (Tab Groups) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\tabgroups@quicksaver.xpi [2017-01-28] [Legacy]
FF Extension: (Session Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (FEBE) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-17] [Legacy]
FF Extension: (ScrapBook) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2016-09-01] [Legacy]
FF Extension: (NoUn Buttons) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}.xpi [2016-04-28] [Legacy]
FF Extension: (ReminderFox) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2018-05-30] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-09-10] ()
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2018-09-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2018-09-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-09-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1400945040-2960571981-3055813832-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-09] (Citrix Online)
Chrome:
=======
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2018-06-27]
CHR Extension: (Slides) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-26]
CHR Extension: (Google Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-27]
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-27]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-27]
CHR Extension: (Google Sheets) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-27]
CHR Extension: (Google Docs Offline) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-27]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-25]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [323512 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [432592 2018-08-31] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8043904 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Technologies CZ, s.r.o.)
S4 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-23] (PC Drivers HeadQuarters LP)
R2 DSClockSyncTime; C:\Program Files (x86)\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
R2 NovaPdf9Server; C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe [52664 2018-07-18] (Microsoft)
S4 svcWMU; C:\Program Files (x86)\WakeMeUp\WMUSvc.exe [808448 2007-02-15] (Highspheres.com) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6593536 2018-07-26] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48640 2018-07-26] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [41472 2018-07-26] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-12-22] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [192104 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [222288 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [194224 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [339048 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51952 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [155664 2018-09-12] (AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2018-01-03] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\System32\drivers\avgNetSec.sys [653928 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [104256 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78864 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [459624 2018-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [208216 2018-09-13] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-22 02:42 - 2018-09-22 02:45 - 000020906 _____ C:\Users\Dell\Desktop\FRST.txt
2018-09-22 02:38 - 2018-09-22 02:38 - 002404864 _____ (Farbar) C:\Users\Dell\Desktop\FRST64.exe
2018-09-21 13:51 - 2018-09-21 13:51 - 000012962 _____ C:\Users\Dell\Downloads\This computer is BLOCKED
2018-09-20 18:27 - 2018-09-20 18:27 - 000000000 ____D C:\Users\Dell\Desktop\PHOTO FOLDERS (OLD) - Copy
2018-09-17 12:10 - 2018-09-17 12:11 - 000011874 _____ C:\Users\Dell\Downloads\Income Statement
2018-09-15 01:10 - 2018-09-15 01:10 - 000000000 _____ C:\Users\Dell\Desktop\exiftool
2018-09-10 17:42 - 2018-09-10 17:42 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Sun
2018-09-10 17:41 - 2018-09-21 13:56 - 000003668 _____ C:\Windows\System32\Tasks\JavaUpdateSched
2018-09-10 17:40 - 2018-09-10 17:40 - 000145272 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-09-10 17:40 - 2018-09-10 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-09-10 17:38 - 2018-09-10 17:38 - 000000000 ____D C:\Program Files\Java
2018-09-10 16:34 - 2018-09-10 16:36 - 105455992 _____ (Oracle Corporation) C:\Users\Dell\Downloads\jre-10.0.2_windows-x64_bin.exe
2018-09-10 16:07 - 2018-09-10 16:07 - 000001444 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-09-10 16:07 - 2018-09-10 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-09-10 16:06 - 2018-09-10 16:07 - 000000000 ____D C:\Program Files\LibreOffice
2018-09-10 13:47 - 2018-09-10 13:57 - 274317312 _____ C:\Users\Dell\Downloads\LibreOffice_6.0.6_Win_x64.msi
2018-09-10 13:45 - 2018-09-10 13:46 - 000018999 _____ C:\Users\Dell\Downloads\LibreOffice_6.0.6_Win_x64_helppack_en-GB.msi.torrent
2018-09-10 13:01 - 2018-09-10 13:01 - 001211216 _____ (Oracle Corporation) C:\Users\Dell\Downloads\JavaUninstallTool.exe
2018-09-10 12:54 - 2018-09-21 13:56 - 000003144 _____ C:\Windows\System32\Tasks\{9034CCE8-0529-402D-83F5-07AA22336ADA}
2018-09-10 12:51 - 2018-09-10 12:51 - 000001995 _____ C:\Users\Dell\Desktop\7+ Taskbar Tweaker.lnk
2018-08-31 04:56 - 2018-08-31 04:54 - 000380656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-22 02:42 - 2017-12-19 12:34 - 000000000 ____D C:\FRST
2018-09-21 16:02 - 2016-09-21 00:28 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2018-09-21 14:02 - 2009-07-14 14:15 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-21 14:02 - 2009-07-14 14:15 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-21 13:56 - 2018-08-18 17:07 - 000003560 _____ C:\Windows\System32\Tasks\doPDF 9 Update
2018-09-21 13:56 - 2018-08-18 17:07 - 000003540 _____ C:\Windows\System32\Tasks\doPDF 9 Telemetry
2018-09-21 13:56 - 2018-05-19 16:05 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-21 13:56 - 2018-05-16 13:30 - 000004310 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2018-09-21 13:56 - 2018-01-14 10:13 - 000003214 _____ C:\Windows\System32\Tasks\klcp_update
2018-09-21 13:56 - 2017-12-20 06:01 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-09-21 13:56 - 2017-07-27 22:02 - 000002962 _____ C:\Windows\System32\Tasks\{0E59508C-BE36-4B2B-A14A-00D56A47BAC3}
2018-09-21 13:56 - 2017-04-25 08:11 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-09-21 13:56 - 2017-01-02 15:03 - 000003132 _____ C:\Windows\System32\Tasks\{29D149EF-EC65-40D7-B7D7-2190A79A460C}
2018-09-21 13:56 - 2016-06-12 14:59 - 000003002 _____ C:\Windows\System32\Tasks\{CEDEAF75-B7F1-419A-9967-BC6FE3751283}
2018-09-21 13:56 - 2016-06-12 14:28 - 000003002 _____ C:\Windows\System32\Tasks\{0469D58A-F4AC-4FFE-87C3-63DE0C613505}
2018-09-21 13:56 - 2016-06-12 14:27 - 000003002 _____ C:\Windows\System32\Tasks\{E8293F52-06BD-4F09-A0BE-35F2B8AAB023}
2018-09-21 13:56 - 2016-05-21 02:01 - 000003134 _____ C:\Windows\System32\Tasks\{45FBBD5F-F88A-49D4-A283-B4F373E77EB0}
2018-09-21 13:56 - 2016-05-05 16:51 - 000003124 _____ C:\Windows\System32\Tasks\{122501A7-1579-4F3C-9980-D73CC72456D6}
2018-09-21 13:56 - 2016-04-29 10:06 - 000003696 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-09-21 13:56 - 2016-04-28 11:42 - 000003222 _____ C:\Windows\System32\Tasks\{3F1240AA-27E5-491C-8839-0A7C8598CF0A}
2018-09-21 13:56 - 2016-04-21 16:37 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-21 10:38 - 2016-04-29 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2018-09-20 19:02 - 2017-06-19 18:13 - 000000000 ____D C:\ProgramData\TEMP
2018-09-20 18:06 - 2016-05-21 02:52 - 254389248 ____R C:\Users\Public\Documents\ESBK.mb
2018-09-20 18:06 - 2016-05-21 02:52 - 212474880 ____R C:\Users\Public\Documents\ESBK.mbb
2018-09-20 09:03 - 2016-05-03 06:35 - 000000000 ____D C:\Users\Dell\Desktop\PROGRAM SETUPS
2018-09-20 01:03 - 2016-04-21 16:36 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-19 03:47 - 2016-04-21 14:56 - 000000000 ____D C:\Users\Dell
2018-09-19 03:44 - 2017-06-18 11:46 - 000000000 ____D C:\Program Files\Recuva
2018-09-19 00:26 - 2017-07-08 07:45 - 000000000 ___RD C:\Users\Dell\Desktop\2013 PHOTOS
2018-09-18 16:35 - 2016-05-06 12:33 - 000000000 ____D C:\Users\Dell\AppData\Roaming\MailWasherPro
2018-09-13 04:57 - 2017-04-25 08:11 - 000208216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-09-12 00:57 - 2017-04-25 08:11 - 000155664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-09-10 20:01 - 2016-04-29 14:56 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-10 20:01 - 2016-04-29 14:56 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-10 20:01 - 2016-04-29 14:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-10 20:01 - 2016-04-29 14:56 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-10 20:01 - 2016-04-29 14:55 - 000000000 ____D C:\Users\Dell\AppData\Local\Adobe
2018-09-10 19:58 - 2016-04-22 15:46 - 000094584 _____ C:\Users\Dell\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-10 19:54 - 2017-07-28 13:05 - 000416576 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-10 19:54 - 2016-04-21 15:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-10 19:54 - 2009-07-14 14:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-10 17:26 - 2009-07-14 12:50 - 000000000 ____D C:\Windows\system32\NDF
2018-09-10 16:55 - 2009-07-14 12:50 - 000000000 ____D C:\Windows\inf
2018-09-10 16:45 - 2016-05-03 06:31 - 000000000 ____D C:\Users\Dell\Desktop\OLD PROGRAM SETUPS
2018-09-10 16:20 - 2017-10-13 12:07 - 000000000 ____D C:\Users\Dell\AppData\Local\RoboForm
2018-09-10 16:17 - 2017-06-07 12:58 - 000000000 ____D C:\Users\Dell\Desktop\COLES POINTS
2018-09-10 16:16 - 2018-02-21 07:53 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-10 13:03 - 2016-04-21 16:24 - 000000000 ____D C:\ProgramData\Oracle
2018-09-10 12:29 - 2008-07-24 03:11 - 000000000 ____D C:\Users\Dell\Desktop\BANK AND FINANCIAL
2018-09-05 00:57 - 2017-04-25 08:11 - 000459624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-08-31 04:58 - 2017-04-25 08:11 - 000078864 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-08-31 04:54 - 2017-11-28 18:00 - 000192104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-08-31 04:53 - 2018-01-03 11:28 - 000653928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
2018-08-31 04:53 - 2017-04-25 08:11 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
==================== Files in the root of some directories =======
2017-12-17 16:19 - 2017-12-17 16:19 - 000000036 _____ () C:\Users\Dell\AppData\Local\housecall.guid.cache
2016-07-30 09:31 - 2016-07-30 09:31 - 000000022 _____ () C:\Users\Dell\AppData\Local\kodakpcd.ini
2016-05-07 13:13 - 2017-07-27 23:34 - 000007608 _____ () C:\Users\Dell\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2018-09-10 12:41 - 2018-09-10 12:41 - 001906040 _____ (Oracle Corporation) C:\Users\Dell\AppData\Local\Temp\jre-8u181-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-09-15 07:46
==================== End of FRST.txt ============================