Solved Two problems: tinny music everyday at 4pm, AND a scareware pop-up

Hi Broni,
Sorry I didn't answer your question in my last post - As far as I can tell, the scareware pop-up is gone. I can't tell you yet about the music virus, because I haven't been at the computer at 4pm to see if the music starts up or not. Hopefully I will be able to check that tomorrow, and I will let you know. I have been doing the manual Windows updates this evening - it is a bit slow, but I'll get there eventually.

The medical stuff is going to be fairly protracted - I don't go in for the procedure until mid October, but I have a few things to do first - path tests and x-rays etc, so it looks like we will be able to get finished up before my hospital date. I may not be able to spend much time on the computer tomorrow because my support worker is coming to see me, and I have to prepare some plants to sell at a club meeting tomorrow night.
Ciao, KK.
 
Hi Broni,
Not the best news - the irritating rendition of "We wish you a merry Christmas" is still resounding from my monitor speakers at 4.03 pm - Blast! I missed it yesterday, because I was asleep from 1.30pm to 5pm.

What to do now?

The behavior of this thing is very similar to the worm discussed here: https://www.pandasecurity.com/cyprus/homeusers/security-info/30169/information/Music.E - it is the same music but I don't get any images with it, and I am hoping it can't find my E-mail address book, because it isn't in the same place as most peoples. Anyway if you know about this I would appreciate any help.

I'll check back later this evening,

Ciao, KK.
 
I think so, but I'm not completely sure. Given that my browser is nearly always open when I am at the computer, odds are that it is. I've never used IE - I was a Netscape fan originally, and went to Firefox when Netscape ceased development. Also I have never tried Chrome as it doesn't seem to suit me from what I have seen and read about it.

I have VERY specific requirements for my visual environment as I have extreme myopia and Keratoconus (which causes a form of double vision). My eyes are also extremely light sensitive and don't cope with bright backgrounds and large areas of red orange or yellow. Finally, I can't handle 3D effects or lots of movements like gifs etc, as they give me headaches.

Because if all this I am currently stuck with Firefox 56.0.2 (64-bit) which is the last version which will accept my Add-Ons (picture enclosed)Firefox Add-ons.jpg
You can see what the problem is! I can't really do without any of these, and with one decision Mozilla has removed my ability to preserve my visual and working environment. I have similar problems with Windows, which is why I am sticking with Win 7.

At the moment my current working session consists of two FF windows, One with 36 tab groups and the other with 13 tab groups; altogether I currently have 351 tabs open. The whole thing is so intricate I don't know how I could ever recreate it.
I just need a way to preserve my environment AND protect my system from Malware at the same time.

I probably won't be at home at 4pm today as I have to go into the CBD to do some messages, but I'll try switching the browser off at 4pm tomorrow afternoon and I'll report back. I've just thought of one odd thing though. I've had this music thing for a while - when we were in Daylight Savings it used to happen at 5.03pm, and now that we are in regular time it happens at 4.03pm? Does that seem significant to you?

I think I have burdened you with enough information at the moment, so I'll say bye for now and look forward to hear from you,

Ciao, KK.
 
PS: I've just checked - I wasn't feeling well enough to go into the city. It still happens when the browser is closed!

Ciao Again, KK.
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
When I went to use the FRST tool after downloading it (Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01) I get an error message "Failed to update (4)". I don't know if this is significant. Once you click on OK the scans appear to run normally.

Here are the FRST.txt results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by Dell (administrator) on DELL-PC (29-09-2018 10:08:45)
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell (Available Profiles: Dell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(RaMMicHaeL) C:\Users\Dell\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(CrispyBytes Software) C:\Program Files (x86)\DateInTray\DateInTray.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Facebook) C:\Users\Dell\AppData\Local\Facebook\Games\FacebookGameroom.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(FSL) C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe
(Duality Software) C:\Program Files (x86)\DS Clock\dsetime.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft) C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(The CefSharp Authors) C:\Users\Dell\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
() C:\Program Files (x86)\bfgclient\bfggameservices.exe
() C:\Program Files (x86)\Gummy Drop!\GummyDrop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Eastman Kodak Company) C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291056 2018-08-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.)
HKLM-x32\...\Run: [WMUAgent.exe] => C:\Program Files (x86)\WakeMeUp\WMUAgent.exe [592384 2007-02-15] (highspheres.com)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\Dell\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [447488 2018-05-20] (RaMMicHaeL)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [DateInTray] => C:\Program Files (x86)\DateInTray\DateInTray.exe [95744 2010-03-05] (CrispyBytes Software)
HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2018-09-21] (Siber Systems)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2016-06-14]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DateInTray.lnk [2017-07-29]
ShortcutTarget: DateInTray.lnk -> C:\Program Files (x86)\DateInTray\DateInTray.exe (CrispyBytes Software)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-03-21]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Dell\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare.lnk [2017-07-29]
ShortcutTarget: Kodak EasyShare.lnk -> C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk [2016-05-03]
ShortcutTarget: Super Finder XT.lnk -> C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe (FSL)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DBC6179-CB64-4C52-822A-0DEEBFEDCFE4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-09-21] (Siber Systems Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2018-09-10] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-09-21] (Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-09-21] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-09-21] (Siber Systems Inc.)

FireFox:
========
FF DefaultProfile: oi853qa9.default
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default [2018-09-29]
FF user.js: detected! => C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\user.js [2017-07-28]
FF Session Restore: Mozilla\Firefox\Profiles\oi853qa9.default -> is enabled.
FF Extension: (About sessionstore) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\aboutsessionstore@dt.xpi [2016-10-10] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-08-04] [Legacy]
FF Extension: (Colour That Site!) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\ColourThatSite@einspeiser.de.xpi [2016-06-08] [Legacy]
FF Extension: (English (Australian) Dictionary) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\en-AU@dictionaries.addons.mozilla.org [2016-04-28] [Legacy] [not signed]
FF Extension: (Pinterest Save Button) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2018-09-25]
FF Extension: (RoboForm Password Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\rf-firefox@siber.com.xpi [2018-07-27]
FF Extension: (SQLite Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-04-28] [Legacy]
FF Extension: (Tab Groups) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\tabgroups@quicksaver.xpi [2017-01-28] [Legacy]
FF Extension: (Session Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (FEBE) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-17] [Legacy]
FF Extension: (ScrapBook) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2016-09-01] [Legacy]
FF Extension: (NoUn Buttons) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}.xpi [2016-04-28] [Legacy]
FF Extension: (ReminderFox) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oi853qa9.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2018-05-30] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-09-10] ()
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2018-09-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2018-09-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-09-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1400945040-2960571981-3055813832-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-09] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2018-09-27]
CHR Extension: (Slides) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-26]
CHR Extension: (Google Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-27]
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-27]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-27]
CHR Extension: (Google Sheets) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-27]
CHR Extension: (Google Docs Offline) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-27]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [323512 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [432592 2018-08-31] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8043904 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 DSClockSyncTime; C:\Program Files (x86)\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NovaPdf9Server; C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe [52664 2018-07-18] (Microsoft)
S4 svcWMU; C:\Program Files (x86)\WakeMeUp\WMUSvc.exe [808448 2007-02-15] (Highspheres.com) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6593536 2018-07-26] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48640 2018-07-26] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [41472 2018-07-26] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [192104 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [222288 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [194224 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [339048 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51952 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-08-31] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [155664 2018-09-12] (AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2018-01-03] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\System32\drivers\avgNetSec.sys [653928 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [104256 2018-08-31] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78864 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-08-31] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [459624 2018-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [208216 2018-09-13] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-08-31] (AVG Technologies CZ, s.r.o.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-29 10:08 - 2018-09-29 10:11 - 000018084 _____ C:\Users\Dell\Desktop\FRST.txt
2018-09-29 10:07 - 2018-09-29 10:08 - 000000000 ____D C:\FRST
2018-09-29 10:03 - 2018-09-29 10:03 - 002404864 _____ (Farbar) C:\Users\Dell\Desktop\FRST64.exe
2018-09-27 12:06 - 2018-09-27 12:06 - 008963861 _____ C:\Users\Dell\Desktop\Aeonium Classification 198904.pdf
2018-09-27 11:38 - 2018-09-27 22:34 - 000005388 _____ C:\Users\Dell\Desktop\Aeonium Names in Systemic Order.txt
2018-09-27 11:25 - 2018-09-27 22:34 - 000023229 _____ C:\Users\Dell\Desktop\Aeonium Names in IPNI.txt
2018-09-25 10:07 - 2018-09-27 09:15 - 000000000 ____D C:\Users\Dell\AppData\Local\CrashDumps
2018-09-24 18:19 - 2018-09-29 04:36 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-09-24 18:19 - 2018-09-24 18:19 - 000000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-24 14:22 - 2018-09-24 14:25 - 000001974 _____ C:\DelFix.txt
2018-09-24 14:22 - 2018-09-24 14:22 - 000000000 ____D C:\Windows\ERUNT
2018-09-24 14:10 - 2018-09-24 14:10 - 000018209 _____ C:\Users\Dell\Desktop\E drive Report.txt
2018-09-23 13:16 - 2018-09-23 13:16 - 000000000 ____D C:\ProgramData\Sophos
2018-09-23 13:12 - 2018-09-23 13:12 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-09-23 13:12 - 2018-09-23 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-09-23 13:11 - 2018-09-23 13:11 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-09-23 12:55 - 2018-09-23 12:55 - 000000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2018-09-23 09:30 - 2018-09-23 09:50 - 000000000 ____D C:\AdwCleaner
2018-09-22 19:44 - 2018-09-23 09:08 - 000061451 _____ C:\Users\Dell\Desktop\Malwarebytes Report.txt
2018-09-22 18:52 - 2018-09-22 18:52 - 000000000 ____D C:\Users\Dell\AppData\Local\mbam
2018-09-22 18:51 - 2018-09-22 18:51 - 000000000 ____D C:\Users\Dell\AppData\Local\mbamtray
2018-09-22 18:50 - 2018-09-22 18:50 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-22 18:50 - 2018-09-22 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-22 18:50 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-22 18:49 - 2018-09-22 18:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-22 18:49 - 2018-09-22 18:49 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-22 15:51 - 2018-09-22 15:51 - 000091854 _____ C:\Users\Dell\Desktop\rk_FBFB.tmp.txt
2018-09-22 12:59 - 2018-09-22 12:59 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-09-22 12:44 - 2018-09-22 15:52 - 000000000 ____D C:\ProgramData\RogueKiller
2018-09-22 12:44 - 2018-09-22 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-09-22 12:44 - 2018-09-22 12:44 - 000000000 ____D C:\Program Files\RogueKiller
2018-09-22 11:12 - 2018-09-29 09:56 - 000003048 _____ C:\Users\Dell\Desktop\Exiftool Photo Fix Notes.txt
2018-09-22 11:11 - 2018-09-25 09:57 - 000017348 _____ C:\Users\Dell\Desktop\Virus Cleaning Notes - September 2018.txt
2018-09-21 13:51 - 2018-09-21 13:51 - 000012962 _____ C:\Users\Dell\Downloads\This computer is BLOCKED
2018-09-20 18:27 - 2018-09-20 18:27 - 000000000 ____D C:\Users\Dell\Desktop\PHOTO FOLDERS (OLD) - Copy
2018-09-17 12:10 - 2018-09-17 12:11 - 000011874 _____ C:\Users\Dell\Downloads\Income Statement
2018-09-15 01:10 - 2018-09-15 01:10 - 000000000 _____ C:\Users\Dell\Desktop\exiftool
2018-09-10 17:42 - 2018-09-10 17:42 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Sun
2018-09-10 17:41 - 2018-09-29 04:36 - 000003668 _____ C:\Windows\System32\Tasks\JavaUpdateSched
2018-09-10 17:40 - 2018-09-10 17:40 - 000145272 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-09-10 17:40 - 2018-09-10 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-09-10 17:38 - 2018-09-10 17:38 - 000000000 ____D C:\Program Files\Java
2018-09-10 16:34 - 2018-09-10 16:36 - 105455992 _____ (Oracle Corporation) C:\Users\Dell\Downloads\jre-10.0.2_windows-x64_bin.exe
2018-09-10 16:07 - 2018-09-10 16:07 - 000001444 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-09-10 16:07 - 2018-09-10 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-09-10 16:06 - 2018-09-10 16:07 - 000000000 ____D C:\Program Files\LibreOffice
2018-09-10 13:47 - 2018-09-10 13:57 - 274317312 _____ C:\Users\Dell\Downloads\LibreOffice_6.0.6_Win_x64.msi
2018-09-10 13:45 - 2018-09-10 13:46 - 000018999 _____ C:\Users\Dell\Downloads\LibreOffice_6.0.6_Win_x64_helppack_en-GB.msi.torrent
2018-09-10 13:01 - 2018-09-10 13:01 - 001211216 _____ (Oracle Corporation) C:\Users\Dell\Downloads\JavaUninstallTool.exe
2018-09-10 12:54 - 2018-09-29 04:37 - 000003144 _____ C:\Windows\System32\Tasks\{9034CCE8-0529-402D-83F5-07AA22336ADA}
2018-09-10 12:51 - 2018-09-10 12:51 - 000001995 _____ C:\Users\Dell\Desktop\7+ Taskbar Tweaker.lnk
2018-08-31 04:56 - 2018-08-31 04:54 - 000380656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-29 05:03 - 2016-05-21 02:52 - 254389248 ____R C:\Users\Public\Documents\ESBK.mb
2018-09-29 05:03 - 2016-05-21 02:52 - 212474880 ____R C:\Users\Public\Documents\ESBK.mbb
2018-09-29 05:01 - 2017-07-08 07:45 - 000000000 ___RD C:\Users\Dell\Desktop\2013 PHOTOS
2018-09-29 04:42 - 2009-07-14 14:15 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-29 04:42 - 2009-07-14 14:15 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-29 04:37 - 2017-12-20 06:01 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-09-29 04:37 - 2017-07-27 22:02 - 000002962 _____ C:\Windows\System32\Tasks\{0E59508C-BE36-4B2B-A14A-00D56A47BAC3}
2018-09-29 04:37 - 2017-01-02 15:03 - 000003132 _____ C:\Windows\System32\Tasks\{29D149EF-EC65-40D7-B7D7-2190A79A460C}
2018-09-29 04:37 - 2016-06-12 14:59 - 000003002 _____ C:\Windows\System32\Tasks\{CEDEAF75-B7F1-419A-9967-BC6FE3751283}
2018-09-29 04:37 - 2016-06-12 14:28 - 000003002 _____ C:\Windows\System32\Tasks\{0469D58A-F4AC-4FFE-87C3-63DE0C613505}
2018-09-29 04:37 - 2016-06-12 14:27 - 000003002 _____ C:\Windows\System32\Tasks\{E8293F52-06BD-4F09-A0BE-35F2B8AAB023}
2018-09-29 04:37 - 2016-05-21 02:01 - 000003134 _____ C:\Windows\System32\Tasks\{45FBBD5F-F88A-49D4-A283-B4F373E77EB0}
2018-09-29 04:37 - 2016-05-05 16:51 - 000003124 _____ C:\Windows\System32\Tasks\{122501A7-1579-4F3C-9980-D73CC72456D6}
2018-09-29 04:37 - 2016-04-28 11:42 - 000003222 _____ C:\Windows\System32\Tasks\{3F1240AA-27E5-491C-8839-0A7C8598CF0A}
2018-09-29 04:36 - 2018-08-18 17:07 - 000003560 _____ C:\Windows\System32\Tasks\doPDF 9 Update
2018-09-29 04:36 - 2018-08-18 17:07 - 000003540 _____ C:\Windows\System32\Tasks\doPDF 9 Telemetry
2018-09-29 04:36 - 2018-05-19 16:05 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-29 04:36 - 2018-05-16 13:30 - 000004310 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2018-09-29 04:36 - 2018-01-14 10:13 - 000003214 _____ C:\Windows\System32\Tasks\klcp_update
2018-09-29 04:36 - 2017-06-18 11:46 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-09-29 04:36 - 2017-04-25 08:11 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-09-29 04:36 - 2016-04-29 10:06 - 000003696 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-09-29 04:36 - 2016-04-21 16:37 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-28 23:58 - 2016-09-21 00:28 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2018-09-27 09:14 - 2017-06-19 18:13 - 000000000 ____D C:\ProgramData\TEMP
2018-09-27 02:55 - 2016-05-03 07:20 - 000000000 ___RD C:\Users\Dell\Desktop\UNUSED DESKTOP SHORTCUTS
2018-09-27 02:55 - 2009-07-14 12:50 - 000000000 ____D C:\Windows\inf
2018-09-25 21:20 - 2016-04-21 15:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-25 21:20 - 2009-07-14 14:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-25 10:48 - 2016-05-03 06:35 - 000000000 ____D C:\Users\Dell\Desktop\PROGRAM SETUPS
2018-09-25 10:00 - 2017-06-18 11:46 - 000000000 ____D C:\Program Files\CCleaner
2018-09-25 00:13 - 2016-05-06 12:33 - 000000000 ____D C:\Users\Dell\AppData\Roaming\MailWasherPro
2018-09-24 18:23 - 2017-06-18 03:13 - 000001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-09-24 18:23 - 2016-04-21 16:27 - 000001128 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-09-24 18:23 - 2016-04-21 16:27 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-24 18:23 - 2016-04-21 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-24 18:23 - 2016-04-21 16:27 - 000000000 ____D C:\Program Files\WinRAR
2018-09-24 18:22 - 2016-04-21 16:28 - 000000887 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-09-24 07:14 - 2009-07-14 14:43 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-22 11:09 - 2007-09-21 15:02 - 000000000 ____D C:\Users\Dell\Desktop\PLANTS
2018-09-21 10:38 - 2016-04-29 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2018-09-20 01:03 - 2016-04-21 16:36 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-19 03:47 - 2016-04-21 14:56 - 000000000 ____D C:\Users\Dell
2018-09-19 03:44 - 2017-06-18 11:46 - 000000000 ____D C:\Program Files\Recuva
2018-09-13 04:57 - 2017-04-25 08:11 - 000208216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-09-12 00:57 - 2017-04-25 08:11 - 000155664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-09-10 20:01 - 2016-04-29 14:56 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-10 20:01 - 2016-04-29 14:56 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-10 20:01 - 2016-04-29 14:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-10 20:01 - 2016-04-29 14:56 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-10 20:01 - 2016-04-29 14:55 - 000000000 ____D C:\Users\Dell\AppData\Local\Adobe
2018-09-10 19:58 - 2016-04-22 15:46 - 000094584 _____ C:\Users\Dell\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-10 19:54 - 2017-07-28 13:05 - 000416576 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-10 17:26 - 2009-07-14 12:50 - 000000000 ____D C:\Windows\system32\NDF
2018-09-10 16:45 - 2016-05-03 06:31 - 000000000 ____D C:\Users\Dell\Desktop\OLD PROGRAM SETUPS
2018-09-10 16:20 - 2017-10-13 12:07 - 000000000 ____D C:\Users\Dell\AppData\Local\RoboForm
2018-09-10 16:17 - 2017-06-07 12:58 - 000000000 ____D C:\Users\Dell\Desktop\COLES POINTS
2018-09-10 16:16 - 2018-02-21 07:53 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-10 13:03 - 2016-04-21 16:24 - 000000000 ____D C:\ProgramData\Oracle
2018-09-10 12:29 - 2008-07-24 03:11 - 000000000 ____D C:\Users\Dell\Desktop\BANK AND FINANCIAL
2018-09-05 00:57 - 2017-04-25 08:11 - 000459624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-08-31 04:58 - 2017-04-25 08:11 - 000078864 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-08-31 04:54 - 2017-11-28 18:00 - 000192104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-08-31 04:54 - 2017-04-25 08:11 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-08-31 04:53 - 2018-01-03 11:28 - 000653928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
2018-08-31 04:53 - 2017-04-25 08:11 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-08-31 04:52 - 2017-04-25 08:11 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-26 12:56

==================== End of FRST.txt ============================
 
And here is the Additions file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by Dell (29-09-2018 10:12:18)
Running from C:\Users\Dell\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-04-21 05:26:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1400945040-2960571981-3055813832-500 - Administrator - Disabled)
Dell (S-1-5-21-1400945040-2960571981-3055813832-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-1400945040-2960571981-3055813832-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Antivirus (Enabled) {FD3E91FB-7C15-3254-D603-FC5F31625538}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-abc.net Duplicate Finder (Remove only) (HKLM-x32\...\1-abc.net Duplicate Finder) (Version: - )
7+ Taskbar Tweaker v5.5 (HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\7 Taskbar Tweaker) (Version: 5.5 - RaMMicHaeL)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Attribute Changer 8.20a (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 8.20 - Romain Petges)
AVG (HKLM\...\{136B57DF-DA9E-4361-A165-09AB4422BCD1}) (Version: 1.231.3 - AVG Technologies) Hidden
AVG Driver Updater (HKLM-x32\...\{BAAB946F-7E00-41F4-BEC7-B8CCF758E012}) (Version: 2.3.0 - AVG Netherlands B.V) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 18.6.3066 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{F0A7F6FC-97BC-4D27-B33B-6E1EFE1BB42D}) (Version: 16.78.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.78.3.33194 - AVG Technologies)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CardRecovery 6.10 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
DateInTray 1.6 (HKLM-x32\...\DateInTray) (Version: 1.6 - CrispyBytes Software)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version: - )
Desktop Restore version 1.6.4 (HKLM\...\{DBD4F07A-7607-4A4F-A46C-6AA399E06E38}_is1) (Version: 1.6.4 - Jamie O'Connell)
doPDF (HKLM\...\{F80F7F88-4DD9-4674-8F84-AB97F3C594F0}) (Version: 9.4.241 - Softland) Hidden
doPDF 9 (HKLM-x32\...\{338841ea-b7de-412c-8a44-2bd4fb9d761a}) (Version: 9.4.241 - Softland)
doPDF 9 add-in for Microsoft Office (x64) (HKLM\...\{CA14C18F-8F65-4258-A1CF-ECFB17891B59}) (Version: 9.1.232 - Softland)
doPDF 9 add-in for Microsoft Office (x86) (HKLM-x32\...\{93476622-206D-4957-B751-1B9E7E5A9324}) (Version: 9.1.232 - Softland)
doPDF 9 Printer Driver (HKLM\...\{8339CCC0-9EAE-43E2-90C9-487EE55403FA}) (Version: 9.4.241 - Softland)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)
DS Clock (HKLM-x32\...\DS Clock_is1) (Version: 2.6.3 - Duality Software)
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Eudora (HKLM-x32\...\{6BCDFA1F-A5AC-4C01-8448-1D70FC79329A}) (Version: 7.0 - )
EXIF Date Changer v3.3.6 (HKLM-x32\...\{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version: - Rellik Software)
Express Uninstaller v3.0 (HKLM-x32\...\Express Uninstaller_is1) (Version: 3.0 - Smart PC Solutions)
Facebook Gameroom 1.20.6618.42311 (HKLM-x32\...\{CF2C7CB9-1009-4EAA-9033-317F4C4C9DA2}) (Version: 1.20.6618.42311 - Facebook)
FastStone Photo Resizer 3.8 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.8 - FastStone Soft.)
fflink (HKLM-x32\...\{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}) (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
File Repair (HKLM-x32\...\File Repair_is1) (Version: - File Repair)
Flip Words (HKLM-x32\...\BFG-Flip Words) (Version: - )
Flip Words v2.3 (HKLM-x32\...\Flip Words_is1) (Version: - HipSoft LLC)
FMW 1 (HKLM\...\{4CC5FB14-3F4D-4FA8-B921-00A9B40145C4}) (Version: 1.227.45 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\{22773B3E-818C-3DE5-8CBD-2FF73D97A2F4}) (Version: 63.0.3239.132 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToMeeting 8.19.0.8126 (HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\GoToMeeting) (Version: 8.19.0.8126 - LogMeIn, Inc.)
Gummy Drop! (HKLM-x32\...\BFG-Gummy Drop!) (Version: - )
Icon Restore 1.0 (HKLM-x32\...\Icon Restore_is1) (Version: - Tim Taylor)
IconRestorer 2.0.8.1 SR1 (HKLM-x32\...\IconRestorer Supporters Edition_is1) (Version: - FSL - FreeSoftLand)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 10.0.2 (64-bit) (HKLM\...\{EECB2736-D013-5AC5-9917-7656712F6931}) (Version: 10.0.2.0 - Oracle Corporation)
K-Lite Codec Pack 13.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
LibreOffice 6.0.6.2 (HKLM\...\{982E3D14-3F50-412B-A1C2-BC9262E8810F}) (Version: 6.0.6.2 - The Document Foundation)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Pro Photo Tools (HKLM-x32\...\{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}) (Version: 2.2 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NirSoft SysExporter (HKLM-x32\...\NirSoft SysExporter) (Version: - )
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RoboForm 8-5-4-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-5-4-4 - Siber Systems)
RogueKiller version 12.13.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.1.0 - Adlice Software)
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shorter Oxford English Dictionary (Sixth Edition) (HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\...\Shorter Oxford English Dictionary (Sixth Edition)) (Version: - )
skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Super Finder XT 2.6.3.2 (HKLM-x32\...\Super Finder XT Supporters Edition_is1) (Version: - FSL - FreeSoftLand)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Seeds Program (HKLM-x32\...\The Seeds Program) (Version: 3.0 - CyberNiche Software)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.10.20.0 - File.org)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WakeMeUp! (HKLM-x32\...\{DFA8FEE4-109C-43D4-84CF-4AC724AD1D4E}_is1) (Version: 1.8.5.34 - Highspheres.com)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-08-31] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1-x32: [RmgShellExtModule] -> {EA31839B-63AA-4550-92CD-D9EEDE3127A9} => C:\Program Files (x86)\Microsoft Pro Photo Tools\MSImgShellExt.dll [2008-09-12] (Microsoft Corp.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-25] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-25] (Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files (x86)\Attribute Changer\acshell.dll [2016-04-19] (Romain Petges)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files (x86)\Attribute Changer\acshell.dll [2016-04-19] (Romain Petges)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [DeskMenu] -> {7E74422F-2393-11D4-98E0-444553540000} => C:\Program Files\Desktop Restore\dkticnsr.dll [2014-07-14] (Jamie O'Connell)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation)
ContextMenuHandlers5-x32: [RmgShellExtModule] -> {EA31839B-63AA-4550-92CD-D9EEDE3127A9} => C:\Program Files (x86)\Microsoft Pro Photo Tools\MSImgShellExt.dll [2008-09-12] (Microsoft Corp.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-08-31] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6-x32: [IconLayout] -> {19F500E0-9964-11cf-B63D-08002B317C03} => C:\Windows\SysWOW64\Layout.dll [2001-05-26] (Microsoft)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-25] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-25] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09CFF0EE-00D3-471D-96F1-5FAC8A525B33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-21] (Google Inc.)
Task: {0B9B42AB-0272-4F5D-A350-4434B19BF628} - System32\Tasks\{0469D58A-F4AC-4FFE-87C3-63DE0C613505} => C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe [2011-02-23] (Eastman Kodak Company)
Task: {0CF4F649-6E06-49CF-BE8E-75FD82CC78A4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-08-31] (AVG Technologies CZ, s.r.o.)
Task: {0E400F79-2C2E-4290-A6C1-4220B234E30F} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-07-26] (AVG Technologies CZ, s.r.o.)
Task: {1A9556A6-E49E-4C88-B982-2DB0E4D4C499} - System32\Tasks\{CEDEAF75-B7F1-419A-9967-BC6FE3751283} => C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe [2011-02-23] (Eastman Kodak Company)
Task: {318E1C3F-F925-42C0-9893-3E3FAE3D4706} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMJJJJNJNJNJNJOJOMCNMJJJNMGMCNLMPMGMJJCNGMKMOMNJCNJJJJMJOJNMNJJJLMMMIMGMMJJNJICMHMCNKMCNLMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMMMKMPMJNHICMCJFJHJKJLIJNBJCMLLKJDJDJJNKJCMFJOJMJOIJJKJDJGJMIPLGJPINIG (the data entry has 92 more characters).
Task: {3DBCE8AE-B626-44F8-BE38-3EF7F4EEAB7C} - System32\Tasks\{9034CCE8-0529-402D-83F5-07AA22336ADA} => C:\Windows\system32\pcalua.exe -a C:\Users\Dell\Downloads\jre-8u181-windows-i586.exe -d C:\Users\Dell\Downloads
Task: {58FB34D6-9791-4A56-8ECC-FC3A80F6695E} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {5C846CDD-B1F0-43C9-8761-8B0CF50077B7} - System32\Tasks\doPDF 9 Telemetry => C:\Program Files\Softland\novaPDF 9\Driver\GoogleAnalytics.exe [2018-07-18] ()
Task: {60858FC5-C8A1-4E5E-808A-043A56F617EC} - System32\Tasks\{29D149EF-EC65-40D7-B7D7-2190A79A460C} => C:\Windows\system32\pcalua.exe -a C:\Users\Dell\Downloads\FacebookGameroom.exe -d C:\Users\Dell\Downloads
Task: {7121162F-BC9E-4C66-9939-294E66F1046A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-09-10] (Adobe Systems Incorporated)
Task: {7F79AB50-37D5-485E-986E-2EA604E2BBF5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-23] (AVG Technologies CZ, s.r.o.)
Task: {8B80E63A-F386-48FD-96F4-513A960436D6} - System32\Tasks\{0E59508C-BE36-4B2B-A14A-00D56A47BAC3} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {8BAD118F-802F-4D4F-B311-5598C07764F4} - System32\Tasks\{45FBBD5F-F88A-49D4-A283-B4F373E77EB0} => C:\Windows\system32\pcalua.exe -a C:\Users\Dell\Downloads\install_easyshare.exe -d C:\Users\Dell\Downloads
Task: {8D93E98E-BE62-4DFB-8A7A-06EC0F2C1119} - System32\Tasks\{48F7E6B4-D004-47F3-A1BF-4FBBE2604F19} => C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe [2010-06-13] (Firetrust Ltd)
Task: {98B33931-C937-4487-BE2D-695E6FDE9296} - System32\Tasks\{E8293F52-06BD-4F09-A0BE-35F2B8AAB023} => C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe [2011-02-23] (Eastman Kodak Company)
Task: {9C318BB5-D249-4395-BE69-73F60711DBD4} - System32\Tasks\doPDF 9 Update => C:\Program Files\Softland\novaPDF 9\Driver\UpdateApplication.exe [2018-07-18] ()
Task: {9C8C8189-263A-4E6B-9549-2F3E46721281} - System32\Tasks\G2MUploadTask-S-1-5-21-1400945040-2960571981-3055813832-1000 => C:\Users\Dell\AppData\Local\GoToMeeting\8126\g2mupload.exe [2017-12-22] (LogMeIn, Inc.)
Task: {9E1BCBAC-CB55-447D-A114-9378945C3E05} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2018-09-21] (Siber Systems)
Task: {A5303677-8364-495C-A233-C77CD8C645F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-24] (Piriform Ltd)
Task: {AA59CDD8-00EC-4974-97B3-6D9585222E27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-21] (Google Inc.)
Task: {B36FE3C1-DA28-470A-AAE2-222A800A8B51} - System32\Tasks\{3F1240AA-27E5-491C-8839-0A7C8598CF0A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Dell\Desktop\Old Documents\Desktop\install_easyshare.exe" -d "C:\Users\Dell\Desktop\Old Documents\Desktop"
Task: {C8666C15-E88A-4273-8B50-D876575EAC8A} - System32\Tasks\G2MUpdateTask-S-1-5-21-1400945040-2960571981-3055813832-1000 => C:\Users\Dell\AppData\Local\GoToMeeting\8126\g2mupdate.exe [2017-12-22] (LogMeIn, Inc.)
Task: {C87DFB08-C15A-4B00-B91A-8EDB8D33B5A8} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-23] (AVG Technologies CZ, s.r.o.)
Task: {D8035EDB-849A-4550-B60A-C428F7C35949} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-12-20] ()
Task: {E4B4DE7B-E12B-4B31-84C8-96D9A97A9EAE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E7363191-CDA9-4E4D-873D-D264674A949B} - System32\Tasks\{122501A7-1579-4F3C-9980-D73CC72456D6} => C:\Windows\system32\pcalua.exe -a C:\Users\Dell\Downloads\icon_restore.exe -d C:\Users\Dell\Downloads
Task: {F308AE71-BBC5-4D71-8130-344622D6C01E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {F4C3CCB6-DBBE-4D61-A734-C4DC90CD49F0} - System32\Tasks\EasyShare Registration Task => C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16
Task: {F8323B26-F8D7-4558-9DD8-A24FF14D3096} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EasyShare Registration Task.job => rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1400945040-2960571981-3055813832-1000.job => C:\Users\Dell\AppData\Local\GoToMeeting\8126\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1400945040-2960571981-3055813832-1000.job => C:\Users\Dell\AppData\Local\GoToMeeting\8126\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Dell\Desktop\OLD UNUSED DESKTOP SHORTCUTS\CrossLoop.lnk -> E:\Program Files\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.CrossLoop.com -startup=server
ShortcutWithArgument: C:\Users\Dell\Desktop\Old Documents\Desktop\OLD UNUSED DESKTOP SHORTCUTS\CrossLoop.lnk -> E:\Program Files\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.CrossLoop.com -startup=server

==================== Loaded Modules (Whitelisted) ==============

2016-04-21 15:36 - 2015-02-04 11:51 - 000115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-07-18 19:47 - 2018-07-18 19:47 - 000146736 _____ () C:\Program Files\Softland\novaPDF 9\Server\AgileDotNetRT64.dll
2018-08-31 04:54 - 2018-08-31 04:54 - 000700144 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2014-03-06 07:14 - 2014-03-06 07:14 - 000274208 _____ () C:\Program Files (x86)\bfgclient\bfggameservices.exe
2017-01-27 09:25 - 2017-01-27 09:25 - 001143208 ____H () C:\Program Files (x86)\Gummy Drop!\GummyDrop.exe
2018-01-01 10:37 - 2018-01-01 10:37 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-08-31 04:54 - 2018-08-31 04:54 - 000574192 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2018-08-31 04:54 - 2018-08-31 04:54 - 000897264 _____ () C:\Program Files (x86)\AVG\Antivirus\anen.dll
2018-08-31 04:53 - 2018-08-31 04:53 - 000542448 _____ () C:\Program Files (x86)\AVG\Antivirus\gui_cache.dll
2018-08-31 04:53 - 2018-08-31 04:53 - 000987888 _____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll
2018-09-29 05:49 - 2018-09-29 05:49 - 005702344 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\18092804\algo.dll
2016-11-29 00:28 - 2016-11-29 00:28 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2018-02-11 09:20 - 2018-02-11 09:20 - 001184256 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-02-13 22:30 - 2018-02-13 22:30 - 071641088 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libcef.dll
2018-03-13 05:40 - 2018-03-13 05:40 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-02-11 09:20 - 2018-02-11 09:20 - 000774656 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-02-11 09:20 - 2018-02-11 09:20 - 003149824 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libglesv2.dll
2018-02-11 09:20 - 2018-02-11 09:20 - 000078848 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libegl.dll
2014-03-06 07:14 - 2014-03-06 07:14 - 001568032 _____ () C:\Program Files (x86)\bfgclient\bfgcommon.dll
2015-10-18 10:23 - 2015-10-18 10:23 - 000132608 _____ () C:\Program Files (x86)\Gummy Drop!\libEGL.dll
2015-10-18 10:23 - 2015-10-18 10:23 - 002612736 _____ () C:\Program Files (x86)\Gummy Drop!\libGLESv2.dll
2017-06-19 22:24 - 2016-04-20 09:37 - 022220288 _____ () C:\ProgramData\Big Fish\Cef\1.1180.832\libcef.dll
2015-10-18 10:23 - 2015-10-18 10:23 - 000249856 _____ () C:\Program Files (x86)\Gummy Drop!\Lemon.DLL
2017-06-19 22:24 - 2016-04-20 09:37 - 000628224 _____ () C:\ProgramData\Big Fish\Cef\1.1180.832\libglesv2.dll
2017-06-19 22:24 - 2016-04-20 09:37 - 000110592 _____ () C:\ProgramData\Big Fish\Cef\1.1180.832\libegl.dll
2011-02-23 17:24 - 2011-02-23 17:24 - 000406016 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\Kfx.dll
2011-02-23 17:23 - 2011-02-23 17:23 - 000264192 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\AppCore.dll
2011-02-23 17:21 - 2011-02-23 17:21 - 000356352 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\Atlas.dll
2011-02-23 17:19 - 2011-02-23 17:19 - 000237568 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SpiffyExt.dll
2011-02-23 17:38 - 2011-02-23 17:38 - 000234496 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\VistaControls.esx
2011-02-23 17:15 - 2011-02-23 17:15 - 000090112 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\LocAcqMod.dll
2011-02-23 17:39 - 2011-02-23 17:39 - 000078848 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2011-02-23 17:11 - 2011-02-23 17:11 - 000062464 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 10:05 - 2006-03-07 10:05 - 001564672 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\AreaIFDLL.dll
2011-02-23 17:37 - 2011-02-23 17:37 - 000761856 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2011-02-23 17:17 - 2011-02-23 17:17 - 000152576 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\IStorageMediaStore.esx
2011-02-23 18:00 - 2011-02-23 18:00 - 000684032 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\ESEmail.esx
2011-02-23 17:24 - 2011-02-23 17:24 - 000084480 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\keml40.dll
2011-02-23 17:15 - 2011-02-23 17:15 - 000129536 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\kpries40.dll
2011-02-23 18:55 - 2011-02-23 18:55 - 011503616 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\ESSkin.esx
2009-09-28 21:19 - 2009-09-28 21:19 - 000782336 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 21:19 - 2009-09-28 21:19 - 000868352 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 21:20 - 2009-09-28 21:20 - 000462848 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 21:19 - 2009-09-28 21:19 - 000155648 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SkinuxZipV.dll
2009-09-28 21:21 - 2009-09-28 21:21 - 000528384 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 21:20 - 2009-09-28 21:20 - 002236416 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 21:21 - 2009-09-28 21:21 - 000847872 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 21:21 - 2009-09-28 21:21 - 001396736 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\SkinuxCommonV.dll
2011-02-23 18:04 - 2011-02-23 18:04 - 000171520 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\Pcd.esx
2011-02-23 17:38 - 2011-02-23 17:38 - 000052224 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\KPCDInterface.dll
2011-02-23 17:36 - 2011-02-23 17:36 - 000143360 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2011-02-23 17:15 - 2011-02-23 17:15 - 000084480 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\UpdateChecker.esx
2011-02-23 15:25 - 2011-02-23 15:25 - 000010240 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\LocUpdateCheck.dll
2011-02-23 19:02 - 2011-02-23 19:02 - 000339968 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\VistaAdapter.esx
2011-02-23 18:01 - 2011-02-23 18:01 - 000098304 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\VistaCDBackup.esx
2011-02-23 18:05 - 2011-02-23 18:05 - 000315392 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\VistaPrintOnline.esx
2011-02-23 17:55 - 2011-02-23 17:55 - 000688128 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\VPrintOnline.dll
2011-02-23 19:00 - 2011-02-23 19:00 - 000471040 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\Escom.dll
2011-02-23 17:16 - 2011-02-23 17:16 - 000044544 _____ () C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\LocCamBack.dll
2016-06-14 00:46 - 2016-06-14 00:46 - 000442368 _____ () C:\Windows\assembly\GAC_32\WicFileFormat-PlatOpt\1.1.7323.4563__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [184]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2018-08-09 22:14 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1400945040-2960571981-3055813832-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: DS Clock => "C:\Program Files (x86)\DS Clock\DSClock.exe"
MSCONFIG\startupreg: GwxControlPanelMonitor => "C:\Users\Dell\Downloads\GWX_control_panel.exe" /traymode
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WMUAgent.exe => C:\Program Files (x86)\WakeMeUp\WMUAgent.exe
MSCONFIG\startupreg: WMUTray.exe => C:\Program Files (x86)\WakeMeUp\WMUTray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{61B32523-F297-498A-8C04-76CE04DC04FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59F98E38-97D5-4F97-91C1-53AFDF238061}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96FB0B6F-6FB7-4B82-8F82-2C399548C899}] => (Allow) C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe
FirewallRules: [{397D9B16-0813-4414-AA35-5126032E1A0E}] => (Allow) C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe
FirewallRules: [{099D5AA3-A011-4754-9F67-11DFAB6ADDFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97181567-08F6-434D-9599-E546E8B3DA25}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4016BB59-E041-4A44-B400-021CD6929D63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{04C452D4-A6B5-4722-A351-A3B441F62212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{07E13034-589E-4007-B819-C73F59624A63}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1B10D4F1-ED72-41F8-90D6-30BAA75D747A}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{FB8B430F-9D36-4C98-8B02-C0034304C074}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{06363EBF-C5B1-4963-BC13-2B8C971A7DC9}] => (Allow) LPort=8501
FirewallRules: [{E2D2B596-72F5-47DB-92FE-85A099AC5CA4}] => (Allow) LPort=8501
FirewallRules: [{44C398B5-0A88-406D-A397-757645A90F68}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{4DDBD175-31DB-4445-AF07-02636DDDE76A}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{EEE53B62-19F2-40FD-BBF2-B90A1BADC8FF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{99BDC558-0480-4E83-A6F2-2A757ECB7B31}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

24-09-2018 14:24:07 End of disinfection
25-09-2018 21:08:52 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2018 03:42:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EasyShare.exe version 8.30.62.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 138c

Start Time: 01d455257e758dd1

Termination Time: 282

Application Path: C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe

Report Id: e218c038-c349-11e8-b348-001aa0419180

Error: (09/27/2018 09:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23418, time stamp: 0x570898dc
Faulting module name: wucltux.dll, version: 7.6.7601.23806, time stamp: 0x591331fd
Exception code: 0xc0000005
Fault offset: 0x000000000009ff95
Faulting process id: 0x78c
Faulting application start time: 0x01d454c5f9100e95
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\wucltux.dll
Report Id: 36b0650a-c1e6-11e8-b348-001aa0419180

Error: (09/25/2018 09:23:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EasyShare.exe version 8.30.62.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8a0

Start Time: 01d454c5fafccb6d

Termination Time: 0

Application Path: C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe

Report Id: 51f3c476-c0b9-11e8-b348-001aa0419180

Error: (09/25/2018 09:17:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GummyDrop.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16e0

Start Time: 01d4546ecd5888f7

Termination Time: 208

Application Path: C:\Program Files (x86)\Gummy Drop!\GummyDrop.exe

Report Id:

Error: (09/25/2018 10:07:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: malwarebytes_assistant.exe, version: 3.1.0.1614, time stamp: 0x5b9bcc2c
Faulting module name: malwarebytes_assistant.exe, version: 3.1.0.1614, time stamp: 0x5b9bcc2c
Exception code: 0xc0000005
Fault offset: 0x0000bad2
Faulting process id: 0x274
Faulting application start time: 0x01d45467ec8c6755
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
Report Id: 2e65bc10-c05b-11e8-899e-001aa0419180

Error: (09/24/2018 06:04:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EasyShare.exe version 8.30.62.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 900

Start Time: 01d453e0f690c1b9

Termination Time: 32

Application Path: C:\Program Files (x86)\Koda\Kodak EasyShare software\bin\EasyShare.exe

Report Id: 8dc064e3-bfd4-11e8-90f0-001aa0419180

Error: (09/23/2018 01:15:59 PM) (Source: MsiInstaller) (EventID: 11606) (User: Dell-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (09/23/2018 01:15:53 PM) (Source: MsiInstaller) (EventID: 11606) (User: Dell-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.


System errors:
=============
Error: (09/27/2018 09:10:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (09/25/2018 10:43:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (09/25/2018 09:24:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/25/2018 09:24:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (09/25/2018 08:33:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (09/25/2018 10:04:13 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (09/25/2018 01:41:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (09/23/2018 01:04:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.


CodeIntegrity:
===================================

Date: 2018-09-24 21:49:53.841
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-24 21:49:53.159
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-24 21:49:52.478
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-24 21:49:51.765
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-24 21:49:49.922
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-24 21:49:49.232
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-24 21:49:48.548
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-09-24 21:49:47.680
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of memory in use: 75%
Total physical RAM: 4029.61 MB
Available physical RAM: 995.22 MB
Total Virtual: 8057.41 MB
Available Virtual: 4068.08 MB

==================== Drives ================================

Drive c: (DSK1_VOL1 Coeurl) (Fixed) (Total:465.76 GB) (Free:179.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (PRIMARY BACKUP DRIVE) (Fixed) (Total:1863.01 GB) (Free:1422.27 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EC8645A9)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0024A9D5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Unfortunately (?) I don't see anything malicious there.
We can try two things, so let's start with the easy one.

Let's try to reset your router.

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer.

Let me know tomorrow if you still have same problem.
 
OK, now this is WEIRD! I was a bit slow getting all my working programs closed and turning the computer off before 4pm, then resetting the modem; so the computer was still OFF when the tinny music started emanating from the screen's speakers. I was a bit stunned, so I didn't react very quickly, so when the music stopped when I pulled the power cord on the modem, I don't know if it stopped because I pulled the plug or if it just stopped because it was due to stop anyway? Regardless the music did not start again when I plugged the modem back in.

I feel like I have stuffed this up a bit but I hope it might prove enlightening for you as I am now completely confused!

Ciao, KK. :eek::dizzy:
 
Bad news I'm afraid; the music is still there! I think you must be just about ready to tear your hair out! You mentioned a second possible solution - I await your response.
Ciao, KK.
 
OK. You just disconnected your router/modem from the power source.
Normally, it won't do.

"Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer."
 
Dear Broni,
I did exactly that - Computer OFF, reset browser with the end of a paperclip, MUSIC STARTED IN SCREEN SPEAKERS, (the screen was on because I was rushing to get the router reset and forgot to turn it off); THEN, when the computer was back up I had all the trauma of trying to get back online so I could communicate the results to you, because it had been a long time since I had to reset a modem and I had forgotten that all the settings would be wiped and I spent ages trying to get going before I gave up and rang my ISP and then, it even took them three goes for some reason.

What I DON'T understand is how could the router communicate with the screen to initiate the music without the computer being on! I'm happy to try the whole process again.

Today is Wednesday so my support worker is coming in two hours and I'm not ready for her yet so I'll be back later on, after she's gone.

Ciao for now,
KK.

PS. I've just thought of a possible test to isolate the source of the music. If I pull the Ethernet and power cables on the router just before the music is due to start, and nothing happens, then it's the router that is suspect, if I still get the music in that configuration, then it's the computer. What do you think?
 
Last edited:
This is really weird. I've never seen anything like that.
I'll ask my colleagues what they think about it.
 
One of my friends said:
"Quite awhile ago I had a similar issue and it turned out in my case a nearby audio (radio?) signal was broadcasting through the computer speakers."
I Googled it a little and it's not that uncommon: https://www.google.com/search?num=5...Iy4MKHcCvBXgQ5t4CMA96BAgrEAk&biw=1920&bih=906
Your computer is definitely clean and I have no idea how to help you with that interference issue.
I suggest new topic in Windows (?) forum.
 
Thanks Broni, for all of your help. I shall see what further avenues I can follow regarding the music. You can stop watching this thread now.
Ciao, KK.:D
 
One of my friends said:
"The golden rule in audio repair pretty much applies to all types of electronic troubleshooting. Cut out the unnecessary stuff and see if the problem still occurs. I would begin with disconnecting all inputs to the monitor (except the power cord) and see if the problem remains. If it stops, then one by one, plug in the video cable, then the audio cable and see what happens. Also, I would ask the user to make sure they are absolutely certain that the sound is coming from the monitor and not some other device in the vicinity of the monitor."
 
Back