In Progress Virus on vacation

Ken_RM

Thread Starter
Joined
Jul 6, 2005
Messages
197
Hi
I am currently on vacation at a coastal resort and using their WiFi. Soon after logging onto the resort's WiFi I started getting AVG reporting on a continous basis:
" Aborting connection on www.detectportal.firefox.com because it was infected with JS:infectedmicrotik-Q[TRJ] ".
Now impossible to use Browser and AVG error message keeps popping up even when off the WiFi, so suspect the virus is now also on my laptop. Checked with the resort and they are convinced that their server is not infected.
Please help
Ken
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
37,753
are you at a resort in brazil by chance?

Try a different browser as well and see if you get the same result.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
696
Hi, Ken.

I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

4. If your computer seems to start working normally, please don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.


================================

Let's check if there is a malware involvement.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply (or attach/upload).
 

Ken_RM

Thread Starter
Joined
Jul 6, 2005
Messages
197
Hi
Run FRST as requested. Both FRST.Txt and Addition.Txt are empty.
Thks
Ken
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
696
Hi, Ken.

Let's try to run FRST from Safe Mode.

1. Restart with Safe mode
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

2. Run FRST again
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 

Ken_RM

Thread Starter
Joined
Jul 6, 2005
Messages
197
Hi Having problem with login to Safe Mode.
Do I hold W icon and I down while system is booting or after it has booted?
This
Ken
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
696
Hi, Ken.

The above instructions were given with the assumption that the computer is running, you are already signed in Windows and you have the desktop's background in front of you. Pressing w + i together will send you to the computer's Settings.
 

Ken_RM

Thread Starter
Joined
Jul 6, 2005
Messages
197
Hi again
Sorry to be such a dummy
Hi, Ken.

The above instructions were given with the assumption that the computer is running, you are already signed in Windows and you have the desktop's background in front of you. Pressing w + i together will send you to the computer's Settings.
, but not getting anywhere. Did as you said , but no safe mode?
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
696
Did you manage to go to the Settings and from there follow all the other instructions?

Settings > Update and Security > Recovery ..... etc.?
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
696
Hi, Ken.

If you still have problems with starting the computer in Safe mode, please try this set of instructions:
  • Start by shutting down your computer.
  • Press on the power button on the case to turn it on.
  • After the computer is about 3 - 5 seconds into the boot-up process, hold down the power button to shut down the computer.
  • Repeat the above process once again.
  • For the third time, turn on the computer and allow it to boot up.
  • If you completed the process correctly, a message saying "Preparing Automatic Repair" should appear.
  • In a few seconds, another message will appear stating "Diagnosing your PC" and Automatic Repair will open.
  • When you reach the Automatic Repair screen, click on "Advanced Options."
  • At the next screen, select "Troubleshoot."
  • When you see the next screen, select "Advanced Options."
  • Select "Startup Settings", then "Restart".
  • After the Startup Settings window appears, hit the "4" key on the keyboard (Safe mode with networking).
  • At the next login prompt screen, enter your password for your computer.
  • If the Safe Mode opens properly, the desktop should appear with "Safe Mode" in each corner of the desktop.
Let me know if you were able to access Safe Mode.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
696
Hi, Ken.

Any progress here? Do you still need assistance?
 

Ken_RM

Thread Starter
Joined
Jul 6, 2005
Messages
197
Hi, Ken.

Any progress here? Do you still need assistance?
Hi
Seem to be making slow progress. Now beginning to think my PC does not have Safe Mode. Your last method did not work.
Anyway rerun FRST and now have files as below:

.FRST.txt
==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-08] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-07] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] (STMicroelectronics -> )
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd) [File not signed]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] (Sonic Solutions -> )
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft) [File not signed]
HKLM\...\Run: [PE2CKFNT SE] => c:\ken\Programs\Ulead\ChkFont.exe [25088 1998-07-03] () [File not signed]
HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) [File not signed]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) [File not signed]
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [ROC_ROC_NT] => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM\...\Run: [CheckNDISPort54ac17] => C:\Program Files\MTN ShareLink\MTN ShareLink\CheckNDISPort_df.exe [476368 2016-08-15] (ZTE CORPORATION -> )
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\MTN ShareLink\MTN ShareLink\CancelAutoPlay_df.exe [448208 2016-08-15] (ZTE CORPORATION -> )
HKLM\...\Run: [DSATray] => C:\Program Files\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-05] (Intel(R) Driver & Support Assistant -> Intel)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [7932928 2020-10-20] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink -> CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink -> CyberLink Corp.)
HKLM\...\Run: [Norton Ghost 12.0] => C:\Program Files\Norton Ghost\Agent\VProTray.exe [2037352 2007-03-28] (Symantec Corporation -> Symantec Corporation)
HKLM\...\Run: [MobileBroadband] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [279552 2011-07-14] (Vodafone) [File not signed]
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-04-04] (Google Inc -> Google)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [146056 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-04-13] (Sony Mobile Communications AB -> Sony) [File not signed]
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\Run: [NokiaPCInternetAccess] => C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [663552 2009-09-17] (Nokia) [File not signed]
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe [2146536 2019-04-26] (TomTom International BV -> TomTom)
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\Run: [GarminExpress] => C:\Program Files\Garmin\Express\express.exe [30871536 2019-09-18] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG) [File not signed]
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\MountPoints2: {00a77d0c-7a57-11e5-99f0-782bcbcc0a3c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\MountPoints2: {114d9fe4-a3b5-11e8-847b-889ffab75ecf} - F:\SetupVMB.exe
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\MountPoints2: {2f34be9e-2f6f-11e7-b7fa-889ffab75ecf} - G:\AutoRun.exe
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\MountPoints2: {79b65557-d99f-11e8-8201-889ffab75ecf} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\MountPoints2: {a5edfd8e-9ca1-11e6-82e8-889ffab75ecf} - F:\AutoRun.exe
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\MountPoints2: {f8d96153-7be7-11e5-890e-782bcbcc0a3c} - F:\AutoRun.exe
HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\MountPoints2: {fb79320e-8829-11e5-942a-782bcbcc0a3c} - F:\AutoRun.exe
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files\Garmin\Express\express.exe [30871536 2019-09-18] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.183\Installer\chrmstp.exe [2020-11-03] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> c:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2009-10-20] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-04-04] (Google) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-02-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk [2011-03-26]
ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Ken\Programs\Ulead\CalCheck.exe (Ulead Systems, Inc.) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0397CF5D-E488-45C2-A1B9-3CFC4ACB36A7} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe
Task: {11625377-9741-4A1D-BC13-F08027B8E9B1} - System32\Tasks\{F0B14A4C-5B56-4C47-8CBF-B310CDEE0589} => C:\Windows\system32\pcalua.exe -a C:\Users\Ken\Downloads\jxpiinstall.exe -d C:\Users\Ken\Downloads
Task: {15C2042F-D2C0-46D0-A9E7-AE5D4FB08051} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3966088 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {24DA4B56-1779-4B2A-8D1D-240A614ED4B6} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
Task: {27722A50-C9ED-43BF-AA1D-209C4112628C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {31480B0C-71BD-4D51-A8D3-C1D0B8622B69} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Ken\Downloads\esetonlinescanner_enu.exe
Task: {3E044BAD-6708-4F65-833D-CFE3B62EC8F9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3869300609-3146229085-1361341603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {3E84EAE4-723B-4662-97A0-5FBD83767817} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Ken\Downloads\esetonlinescanner_enu.exe
Task: {45C69936-431B-4256-AAD3-7DC7455F16BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B452B34-9450-42BF-AE5B-73E2BE7BA1CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {58121F2B-A411-4CD1-AA77-F423CE08241F} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\Update\realsched.exe
Task: {6608143A-66BF-4BDE-865D-B6A7678A0C15} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-09-18] (Garmin International, Inc. -> )
Task: {7A9276F6-70EE-4908-AA45-1F1BEE7030FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {7C1BD2C7-BB53-4431-825F-CBEBD0363EC2} - System32\Tasks\RealDownloader Update Check => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
Task: {8513A3BA-C077-4279-880F-900C067047D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-22] (Adobe Inc. -> Adobe)
Task: {8CC1FDD2-0ABB-4230-B32B-4B1F4B74CE51} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe
Task: {9F961952-8BA0-425C-88A3-4B8FACEA1BFD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [610000 2020-10-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {AB093CC3-A46B-454E-822F-D255D6052F10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {AD5DAE26-1EE2-4A42-9456-37F5052B2CDD} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1531016 2020-09-24] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {C279F86B-EBE9-470F-AD04-9E6AAB1C736B} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe
Task: {CB896546-8587-44DF-AC1A-F9CCA340B5C8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {D3F71446-45E0-42E4-BFA6-3F0431BE3BF9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3869300609-3146229085-1361341603-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DBB83595-F903-42EF-B1FD-8E0F805E686B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-22] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\..\Interfaces\{3BB85141-E139-40E6-9D3B-E4BD6091134D}: [NameServer] 41.50.20.29 41.50.20.61
Tcpip\..\Interfaces\{4F642940-65DA-4242-B6DF-7637D2A4A55A}: [NameServer] 41.48.23.29 41.48.23.61
Tcpip\..\Interfaces\{6CA7C97B-3D5E-4149-82C9-62046E1C2052}: [NameServer] 41.1.239.253 41.1.240.29
Tcpip\..\Interfaces\{7913CA66-4773-4F0C-A43A-89ADCA03E2FD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{871D3B60-2A59-40F4-B0F4-B55563E103B6}: [NameServer] 41.48.23.29 41.48.23.61
Tcpip\..\Interfaces\{87F21249-8F06-4BC8-9914-2AB0445699FE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AAA2EA54-5275-4816-9DC1-F3667D2DCD8C}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{BE6522DA-469F-4541-8D2F-104F1CF34EFD}: [NameServer] 41.50.20.29 41.50.20.61

FireFox:
========
FF DefaultProfile: 77vtkylk.default
FF ProfilePath: C:\Users\Ken\AppData\Roaming\TomTom\HOME\Profiles\2rgpweus.default [2019-04-10]
FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\[email protected] [2019-04-10] [Legacy] [not signed]
FF ProfilePath: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\77vtkylk.default [2020-11-04]
FF DownloadDir: C:\Users\Ken\Downloads
FF Notifications: Mozilla\Firefox\Profiles\77vtkylk.default -> hxxps://www.cnet.com; hxxps://www.gomelo.co.za
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-22] (Adobe Inc. -> )
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (Garmin International, Inc. -> GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-12-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-12-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default [2020-10-31]
CHR DownloadDir: C:\Users\Ken\Desktop
CHR Notifications: Default -> hxxps://freemusicdownloads.world
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.co.za/"
CHR Extension: (Tampermonkey) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-10-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-20]
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-22] (Adobe Inc. -> Adobe)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [81920 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation -> Symantec Corporation)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [332928 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [2512008 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7569344 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2015-09-25] (508 Software, LLC -> CleverFiles)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [5032848 2018-07-02] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-26] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [37384 2020-10-20] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files\Intel Driver and Support Assistant\DSAService.exe [22304 2017-12-05] (Intel(R) Driver & Support Assistant -> Intel)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-04-04] (Google Inc -> Google)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-10-28] (Huawei Technologies Co., Ltd. -> )
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation -> Symantec Corporation)
R3 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [3290728 2007-03-28] (Symantec Corporation -> Symantec Corporation)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions -> Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions -> Sonic Solutions)
R3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-23] (Nokia.) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Sony Mobile Communications AB -> Avanquest Software) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe [229458 2010-04-07] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-07-14] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1710464 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [1431424 2017-04-13] (Sony Mobile Communications AB -> Sony) [File not signed]
S2 Avg; "C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc [X]
S3 avgm; "C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-09-29] (STMicroelectronics -> ST Microelectronics)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35112 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [175848 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [189584 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [154768 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [56464 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [40800 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [147776 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [375272 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [28408 2020-06-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [94264 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [72912 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [691128 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [396688 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [163376 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [278032 2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [2661368 2011-02-18] (Broadcom Corporation -> Broadcom Corporation)
S3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [86056 2009-10-03] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [108072 2009-08-29] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-04-08] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18472 2009-08-29] (Broadcom Corporation -> Broadcom Corporation.)
S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [146528 2010-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [163616 2013-10-11] (Digiarty, Inc. -> Digiarty Software, Inc.)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [95232 2013-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11904 2012-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (Garmin International -> GARMIN Corp.)
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [77696 2015-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [199296 2013-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [108032 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [316544 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [7936 2015-03-04] (Microsoft Windows Hardware Compatibility Publisher -> MBB Incorporated)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18176 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [22528 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137344 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [171520 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (STMicroelectronics -> ST Microelectronics)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [423936 2010-04-07] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [131944 2007-03-28] (Symantec Corporation -> StorageCraft)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [37864 2007-03-28] (Symantec Corporation -> Symantec Corporation)
R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Vodafone)
R3 vodafone_zte_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_acm.sys [67968 2011-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Vodafone)
R3 vodafone_zte_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_ecm.sys [52224 2011-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Vodafone)
S3 vodafone_zte_cpo; C:\Windows\System32\DRIVERS\vodafone_zte_cpo.sys [9984 2011-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Vodafone)
R3 vodafone_zte_ecm_enum; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum.sys [47488 2011-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Vodafone)
R3 vodafone_zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [47488 2011-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Vodafone)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [14072 2007-03-28] (Symantec Corporation -> Symantec Corporation)
S3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [107392 2015-03-04] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [134144 2015-03-04] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Corporation)
S3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [107392 2015-03-04] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [107392 2015-03-04] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [107392 2015-03-04] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-04 09:33 - 2020-11-04 09:35 - 000000000 ____D C:\FRST
2020-11-04 09:33 - 2020-11-04 09:33 - 000000000 ____D C:\Users\Ken\Desktop\FRST-OlderVersion
2020-11-04 08:02 - 2020-11-04 08:02 - 000006576 ____N C:\bootsqm.dat
2020-11-04 07:11 - 2020-11-04 07:11 - 000000004 ____H C:\ProgramData\cm-lock
2020-10-31 11:35 - 2020-10-31 11:35 - 000143560 _____ C:\Windows\Minidump\103120-27783-01.dmp
2020-10-31 07:38 - 2020-11-04 09:36 - 000029772 _____ C:\Users\Ken\Desktop\FRST.txt
2020-10-31 07:36 - 2020-10-31 07:36 - 000000000 _____ C:\Users\Ken\Desktop\Addition.txt
2020-10-31 07:10 - 2020-11-04 09:33 - 002012672 _____ (Farbar) C:\Users\Ken\Desktop\FRST.exe
2020-10-29 10:04 - 2020-10-29 10:04 - 000000000 ____D C:\Users\Ken\AppData\Local\{745AD0AA-9F26-43E4-82C7-35D5033F3546}
2020-10-29 08:56 - 2020-10-29 08:56 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-29 08:42 - 2020-10-29 08:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-10-29 08:17 - 2020-10-29 09:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-28 13:11 - 2020-10-28 13:10 - 000285832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2020-10-28 13:11 - 2020-10-28 13:10 - 000163376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2020-10-28 13:11 - 2020-10-28 13:10 - 000147776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2020-10-28 12:56 - 2020-10-28 12:56 - 000148144 _____ C:\Windows\Minidump\102820-21434-01.dmp
2020-10-20 23:12 - 2020-10-20 23:12 - 000037384 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2020-10-20 23:12 - 2020-10-20 23:12 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2020-10-20 23:12 - 2020-10-20 23:12 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2020-10-20 23:12 - 2020-10-20 23:12 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2020-10-05 08:55 - 2020-10-05 08:55 - 000148144 _____ C:\Windows\Minidump\100520-31200-01.dmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-04 09:32 - 2009-07-14 06:34 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-04 09:32 - 2009-07-14 06:34 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-04 09:30 - 2011-03-24 19:02 - 000000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2020-11-04 09:29 - 2018-12-28 08:08 - 000000068 __RSH C:\Windows\system32\Drivers\usbohci.winsecurity
2020-11-04 09:28 - 2019-01-26 09:08 - 000000886 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2020-11-04 09:27 - 2020-06-11 09:41 - 000004162 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2020-11-04 09:26 - 2018-12-28 08:08 - 000000068 __RSH C:\Windows\system32\Drivers\ZTEusbnet.winsecurity
2020-11-04 09:24 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-04 08:24 - 2011-02-18 20:48 - 000000000 ____D C:\ProgramData\Sonic
2020-11-04 08:08 - 2016-11-21 16:35 - 000000000 ____D C:\Users\Ken\AppData\LocalLow\Mozilla
2020-11-04 07:22 - 2016-03-08 12:12 - 000000000 ____D C:\ProgramData\Avg
2020-11-03 10:48 - 2019-01-26 09:08 - 000000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2020-11-03 08:47 - 2012-09-13 12:11 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-03 08:43 - 2019-01-26 09:08 - 000003886 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2020-11-03 08:43 - 2019-01-26 09:08 - 000003634 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2020-11-03 08:31 - 2011-02-18 20:38 - 000786598 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-03 08:31 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2020-11-01 12:34 - 2011-03-26 09:58 - 000000000 ___RD C:\Ken
2020-11-01 10:42 - 2020-10-04 07:07 - 000000000 ____D C:\Users\Ken\Desktop\Mug Pud
2020-11-01 09:21 - 2015-04-07 19:18 - 001463868 _____ C:\Windows\ntbtlog.txt
2020-10-31 11:35 - 2015-10-21 00:37 - 000000000 ____D C:\Windows\Minidump
2020-10-29 09:02 - 2015-05-19 15:13 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2020-10-29 08:42 - 2019-01-26 09:08 - 000000000 ____D C:\Program Files\Dropbox
2020-10-28 13:19 - 2020-06-11 09:41 - 000375272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000691128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000396688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000278032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000189584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000175848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000154768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000094264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000072912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000056464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000040800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2020-10-28 13:10 - 2020-06-11 09:41 - 000035112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2020-10-22 09:48 - 2018-03-19 19:48 - 000004454 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-10-22 09:48 - 2012-06-19 09:32 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-10-22 09:48 - 2012-06-02 10:04 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-10-22 09:48 - 2011-08-29 01:16 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-10-22 09:48 - 2011-02-18 20:32 - 000000000 ____D C:\Windows\system32\Macromed
2020-10-20 07:25 - 2012-09-13 12:10 - 000003320 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-20 07:25 - 2012-09-13 12:10 - 000003192 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2013-05-17 01:45 - 2013-05-17 01:45 - 004167680 _____ () C:\Program Files\GUTF2D7.tmp
2015-04-20 19:48 - 2015-04-20 19:49 - 003545552 _____ (Paramount Software UK Ltd) C:\Program Files\ReflectDL.exe
2017-05-05 16:28 - 2017-05-05 16:28 - 000681720 _____ (NCH Software) C:\Program Files\switchsetup.exe
2013-03-16 17:31 - 2019-10-06 09:45 - 000000040 _____ () C:\Users\Ken\AppData\Roaming\cdr.ini
2018-01-08 17:35 - 2018-01-08 17:35 - 000002038 _____ () C:\Users\Ken\AppData\Roaming\Shortcut to InfoSlipsForMe (2).lnk
2018-01-08 17:35 - 2018-01-08 17:35 - 000002038 _____ () C:\Users\Ken\AppData\Roaming\Shortcut to InfoSlipsForMe.lnk
2011-11-21 21:18 - 2011-11-21 21:19 - 000003584 _____ () C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-06-26 09:35 - 2020-06-26 09:36 - 000000000 _____ () C:\Users\Ken\AppData\Local\{C3930E17-1B47-4130-BD18-90E001BDFE74}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2020
Ran by Ken (04-11-2020 09:39:33)
Running from C:\Users\Ken\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-03-24 16:59:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3869300609-3146229085-1361341603-500 - Administrator - Disabled)
Guest (S-1-5-21-3869300609-3146229085-1361341603-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869300609-3146229085-1361341603-1004 - Limited - Enabled)
Ken (S-1-5-21-3869300609-3146229085-1361341603-1000 - Administrator - Enabled) => C:\Users\Ken

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{870E5275-5457-4BBC-98C9-BFF4B70AA5D3}) (Version: 3.1.0.12 - Intel) Hidden
4K Video Downloader 4.12 (HKLM\...\{CED11484-7D52-43BE-A778-6CC2C9F1C473}) (Version: 4.12.3.3650 - Open Media LLC)
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.17 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.445 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ANT Drivers Installer x86 (HKLM\...\{03319BC1-B8C3-4CF0-B037-7BB8E442D4CA}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 20.8.3147 - AVG Technologies)
CintaNotes 3.8.1 (HKLM\...\CintaNotes_is1) (Version: - Cinta Software)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (HKLM\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Disk Drill 2.0.0.339 (HKLM\...\{A1DC45F5-8C37-4FC7-8300-F8F60E21A1E8}) (Version: 2.0.339 - CleverFiles)
Dropbox (HKLM\...\Dropbox) (Version: 108.4.453 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.377.1 - Dropbox, Inc.) Hidden
Duplicate Filter (HKLM\...\Duplicate Filter_is1) (Version: - )
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.18.34 - Dell Inc.)
Elevated Installer (HKLM\...\{4E108B93-9865-45BF-A565-865AE20AC7FC}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Hidden
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 8.00 - NCH Software)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - Eusing Software)
FreeRIP MP3 Converter 5.7.1.2 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 5.7.1.2 - GreenTree Applications SRL)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{D646C2CC-7782-4B95-B1C8-D9503409A40A}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{ffecb7df-db17-4a27-9f6b-d61ba2d7bcff}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 86.0.4240.183 - Google LLC)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
InfoSlips ForMe Viewer (HKLM\...\{F24E7D25-ADD9-46BB-977B-6F0743EEB327}) (Version: 5.2.15 - InfoSlips)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM\...\{2550a40e-aac6-4d21-9361-744d33bec573}) (Version: 3.1.0.12 - Intel)
Java 8 Update 231 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Legacy 7.5 (HKLM\...\Legacy 7.5) (Version: 7.5 - Millennia Corporation)
Legacy Charting 7.5 (HKLM\...\LegacyChart7_is1) (Version: - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Mesh Runtime (HKLM\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Power Data Recovery 8.1 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 8.1 - MiniTool Software Limited)
Mozilla Firefox 30.0 (x86 en-US) (HKU\S-1-5-21-3869300609-3146229085-1361341603-1000\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Firefox 8.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 8.0.1 (x86 en-US)) (Version: 8.0.1 - Mozilla)
Mozilla Firefox 82.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 82.0.2 (x86 en-GB)) (Version: 82.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.2.7605 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTN Online (HKLM\...\MTN [email protected]) (Version: 23.015.02.02.697 - Huawei Technologies Co.,Ltd)
MTN [email protected] (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation)
Nero 7 Essentials (HKLM\...\{7FBD6DC1-919F-45EB-A4FD-C032DD121033}) (Version: 7.02.4750 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{47A0A80F-8DC0-43EB-B9B4-36FD86979DF7}) (Version: 7.1.28.1 - Nokia)
Nokia PC Internet Access (HKLM\...\{9652B1F8-F795-46D5-A23F-9C3C41647E51}) (Version: 2.0.1.5 - Nokia) Hidden
Nokia PC Internet Access (HKLM\...\Nokia PC Internet Access) (Version: 2.0.1.5 - Nokia)
Norton Ghost (HKLM\...\{B0255743-165B-4BD5-8DA8-37DFB9930012}) (Version: 12.0.0.20352 - Symantec Corporation)
PC Connectivity Solution Lite (HKLM\...\{2997ABF5-E5F6-4E9C-9717-26F208D9ED5E}) (Version: 5.8.33.6 - Nokia)
PhotoShowExpress (HKLM\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Pipe Flow Advisor v1.11 (HKLM\...\Pipe Flow Advisor_is1) (Version: - PipeFlow.co.uk)
Pipe Flow Wizard v1.12 (HKLM\...\Pipe Flow Wizard_is1) (Version: - PipeFlow.co.uk)
PIXresizer 1.0.9 (HKLM\...\PIXresizer_is1) (Version: - Bluefive software)
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 1.3.3 - Dell Inc.)
Recover My Files (HKLM\...\Recover My Files v6_is1) (Version: 6.3.2.2553 - GetData Pty Ltd)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Sonic CinePlayer Decoder Pack (HKLM\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Sony PC Companion 2.10.275 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
Stellar Data Recovery Professional (HKLM\...\Stellar Data Recovery Professional_is1) (Version: 8.0.0.0 - Stellar Information Technology Pvt Ltd.)
Striata Reader (32-bit) (HKLM\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.19-3 - Striata Communication Solutions)
Switch Sound File Converter (HKLM\...\Switch) (Version: 5.20 - NCH Software)
TEC-IT QR-Code Studio 1.0 (HKLM\...\{1C58A486-2B59-448F-9D8A-97844535087B}) (Version: 1.0.2.20600 - TEC-IT Datenverarbeitung GmbH)
TomTom HOME (HKLM\...\{0E778C56-3A87-497E-BEF0-EF0D3EE4871C}) (Version: 2.10.3 - TomTom)
TomTom HOME (HKLM\...\{C51F55EC-477D-4385-B951-BDEFA5DFC90B}) (Version: 2.11.6 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.2.5.3770 (HKLM\...\MyDriveConnect) (Version: 4.2.5.3770 - TomTom)
Ulead Photo Express 2.0 SE (HKLM\...\Ulead Photo Express 2.0 SE) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.6 (HKLM\...\VLC media player) (Version: 1.1.6 - VideoLAN)
Vodafone Mobile Broadband Lite (HKLM\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.302.33178 - Vodafone)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 7.02 - NCH Software)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinX DVD Copy Pro 3.4.7 (HKLM\...\WinX DVD Copy Pro_is1) (Version: - Digiarty Software,Inc.)
WonderFox DVD Ripper (HKLM\...\WonderFoxDVDRipper) (Version: - WonderFox Soft, Inc. All Rights Reserved.)
Xirrus Wi-Fi Inspector (HKLM\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
Xperia Companion (HKLM\...\{27b15812-304d-4fc2-80b7-55a920f30a28}) (Version: 1.6.5.0 - Sony)
Xperia Companion (HKLM\...\{9D56F227-FC8D-419D-ADEB-41E5734025BD}) (Version: 1.6.5.0 - Sony) Hidden
Xperia Companion Service (HKLM\...\{941E0B86-5EC0-43BC-9DA9-9BC596150B4B}) (Version: 1.6.5.0 - Sony) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3869300609-3146229085-1361341603-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google) [File not signed]
CustomCLSID: HKU\S-1-5-21-3869300609-3146229085-1361341603-1000_Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}\localserver32 -> C:\Program Files\TotalAV\TotalAV.exe => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ISOWINDOWMENU] -> {3A05F453-60CA-4311-9DA3-FE348CB76056} => C:\Program Files\Digiarty\WinX_DVD_Copy_Pro\IsoWindowMenu.dll [2011-10-10] (Digiarty, Inc. -> TODO: <Company name>)
ContextMenuHandlers1: [RXDCExtSvr12] -> {FC485060-84D6-4098-AA14-9C67783B4852} => C:\Program Files\Roxio\OEM\Virtual Drive 12\DC_ShellExt.dll [2010-11-22] (Sonic Solutions -> Sonic Solutions)
ContextMenuHandlers2: [RXDCExtSvr12] -> {FC485060-84D6-4098-AA14-9C67783B4852} => C:\Program Files\Roxio\OEM\Virtual Drive 12\DC_ShellExt.dll [2010-11-22] (Sonic Solutions -> Sonic Solutions)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [2011-07-08] (Malwarebytes Corporation -> Malwarebytes Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-10-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [2011-07-08] (Malwarebytes Corporation -> Malwarebytes Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [RXDCExtSvr12] -> {FC485060-84D6-4098-AA14-9C67783B4852} => C:\Program Files\Roxio\OEM\Virtual Drive 12\DC_ShellExt.dll [2010-11-22] (Sonic Solutions -> Sonic Solutions)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.msaudio1] => C:\Windows\system32\msaud32.acm [282896 2000-08-08] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.sl_anet] => C:\Windows\system32\sl_anet.acm [86016 2000-05-27] (Sipro Lab Telecom Inc.) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\MTN [email protected] -> C:\Program Files\MTN ShareLink\MTN ShareLink\LaunchWebUI.exe () -> hxxp://192.168.1.1

==================== Loaded Modules (Whitelisted) =============
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
696
Hi, Ken.

The logs are not completed.

Please follow this path C:\FRST\Logs, find there the most recent FRST.txt and Addition.txt and attach them in your next reply (by pressing the Attach files button below).
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top