1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Virus

Discussion in 'Virus & Other Malware Removal' started by manicmoms, Jan 6, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. manicmoms

    manicmoms Thread Starter

    Joined:
    Mar 11, 2017
    Messages:
    17
    Virus I am pretty sure.
    Grandson got on my computer and now my Antivirus AVG is gone and/or not working.
    It keeps asking me to run a fix or whatever to 'Fix" my Laptop whenever I use it.
    Tried to run my AVG and it could not find it.
    Tried to download a new copy of the free AVG and it just kept trying to start the .exe .....never got it done.
    This is basically my only connection to the my family and world So...
    I am so very Thankful for any help you can give me
    Krys

    SysInfo log below:

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
    Processor Count: 4
    RAM: 3554 Mb
    Graphics Card: AMD Radeon HD 7640G, 512 Mb
    Hard Drives: C: 464 GB (365 GB Free);
    Motherboard: Hewlett-Packard, 1849
    Antivirus: AVG Antivirus, Enabled and Updated
     
  2. manicmoms

    manicmoms Thread Starter

    Joined:
    Mar 11, 2017
    Messages:
    17
    I am also afraid that someone will get my financial information as I pay my bills on my laptop. PLEASE help!
     
  3. manicmoms

    manicmoms Thread Starter

    Joined:
    Mar 11, 2017
    Messages:
    17
    PLEASE Help!
    I downloaded and ran Kaspersky Free and then deleted AVG.
    At this point things seems to be running ok but I would still appreciate someone looking through everything to make sure nothing is left behind from the virus if I even had one.
    Thanks
     
  4. manicmoms

    manicmoms Thread Starter

    Joined:
    Mar 11, 2017
    Messages:
    17
    Anyone????
    My computer is moving slow still and acting up and all jumpy and freezing even though I did the Kaspersky.
    PLEASE HELP!!!
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi manicmoms,
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  6. manicmoms

    manicmoms Thread Starter

    Joined:
    Mar 11, 2017
    Messages:
    17
    Thank you so much for responding to me.
    Here are the reports you requested.
    Krysta

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.01.2019 01
    Ran by User (administrator) on HP (11-01-2019 20:06:38)
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available Profiles: User)
    Platform: Windows 8.1 (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\Camera\Camera.exe
    (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
    HKLM-x32\...\Run: [AVGUI.exe] => "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
    HKU\S-1-5-21-1008330850-1795185431-1197428886-1001\...\Run: [HP ENVY 4510 series (NET)] => C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-08-10]
    ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\User\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.60.1
    Tcpip\..\Interfaces\{C6829FC8-7C38-466A-97A8-799FE672E6CF}: [DhcpNameServer] 192.168.60.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-1008330850-1795185431-1197428886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.pogo.com/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-01-07] (AO Kaspersky Lab)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-18] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-18] (Oracle Corporation)
    BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-01-07] (AO Kaspersky Lab)
    Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-01-07] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-01-07] (AO Kaspersky Lab)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF DefaultProfile: 84itlejc.default-1516674142185
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\84itlejc.default-1516674142185 [2019-01-11]
    FF Homepage: Mozilla\Firefox\Profiles\84itlejc.default-1516674142185 -> hxxps://www.google.com/
    FF Extension: (Amazon Assistant for Firefox) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\84itlejc.default-1516674142185\Extensions\[email protected] [2018-05-09]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-01-07]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-18] (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1008330850-1795185431-1197428886-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\User\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)
    FF Plugin HKU\S-1-5-21-1008330850-1795185431-1197428886-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\User\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-08-21] (Zoom Video Communications, Inc.)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-07] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-07] <==== ATTENTION

    Chrome:
    =======
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-01-11]
    CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-26]
    CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-01-11]
    CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-26]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-26]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-26]
    CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-26]
    CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-26]
    CHR Extension: (GreatArcadeHits Ads) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2019-01-11]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-26]
    CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-11]
    CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
    CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
    S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-01-07] (AO Kaspersky Lab)
    R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
    R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-12] (AO Kaspersky Lab)
    R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2018-12-12] (AO Kaspersky Lab)
    R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2018-12-12] (AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [219744 2019-01-07] (AO Kaspersky Lab)
    R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2019-01-07] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113696 2019-01-07] (AO Kaspersky Lab)
    R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
    R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
    R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
    S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-12-12] (AO Kaspersky Lab)
    R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
    S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
    R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [176976 2018-12-12] (AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
    S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-11 20:06 - 2019-01-11 20:08 - 000014136 _____ C:\Users\User\Desktop\FRST.txt
    2019-01-11 20:03 - 2019-01-11 20:03 - 002425856 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
    2019-01-11 19:06 - 2019-01-11 19:07 - 000000000 ____D C:\Users\User\Desktop\gkids memory box NOT on external
    2019-01-10 21:35 - 2019-01-10 21:35 - 001622089 _____ C:\Users\User\Desktop\mm kids namess.odt
    2019-01-09 13:26 - 2019-01-09 15:24 - 000000000 ____D C:\Users\User\Desktop\sort this messenger stuff
    2019-01-09 13:07 - 2019-01-02 13:05 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-01-09 13:07 - 2019-01-02 13:05 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-01-09 10:54 - 2019-01-09 11:43 - 000000000 ____D C:\Users\User\Desktop\stones
    2019-01-08 23:34 - 2018-12-27 20:12 - 000444368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-01-08 23:34 - 2018-12-27 20:12 - 000178128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-01-08 23:34 - 2018-12-27 18:24 - 000333768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-01-08 23:34 - 2018-12-27 18:01 - 025738240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-01-08 23:34 - 2018-12-27 17:38 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-01-08 23:34 - 2018-12-27 17:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-01-08 23:34 - 2018-12-27 17:31 - 005778944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-01-08 23:34 - 2018-12-27 17:25 - 020279808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-01-08 23:34 - 2018-12-27 17:25 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-01-08 23:34 - 2018-12-27 17:17 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2019-01-08 23:34 - 2018-12-27 17:05 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-01-08 23:34 - 2018-12-27 17:02 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-01-08 23:34 - 2018-12-27 16:56 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2019-01-08 23:34 - 2018-12-27 16:55 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2019-01-08 23:34 - 2018-12-27 16:50 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2019-01-08 23:34 - 2018-12-27 16:49 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2019-01-08 23:34 - 2018-12-27 16:48 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-01-08 23:34 - 2018-12-27 16:48 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2019-01-08 23:34 - 2018-12-27 16:48 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2019-01-08 23:34 - 2018-12-27 16:48 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2019-01-08 23:34 - 2018-12-27 16:47 - 001441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-01-08 23:34 - 2018-12-27 16:45 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2019-01-08 23:34 - 2018-12-27 16:41 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-01-08 23:34 - 2018-12-27 16:34 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2019-01-08 23:34 - 2018-12-27 16:33 - 004860416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-01-08 23:34 - 2018-12-27 16:33 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-01-08 23:34 - 2018-12-27 16:31 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2019-01-08 23:34 - 2018-12-27 16:29 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-01-08 23:34 - 2018-12-27 16:29 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2019-01-08 23:34 - 2018-12-27 16:29 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2019-01-08 23:34 - 2018-12-27 16:29 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2019-01-08 23:34 - 2018-12-27 16:24 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-01-08 23:34 - 2018-12-27 16:22 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-01-08 23:34 - 2018-12-27 16:11 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-01-08 23:34 - 2018-12-27 16:11 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2019-01-08 23:34 - 2018-12-27 16:11 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2019-01-08 23:34 - 2018-12-27 16:07 - 001329664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-01-08 23:34 - 2018-12-27 16:06 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2019-01-08 23:34 - 2018-12-27 16:05 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2019-01-08 23:34 - 2018-12-08 14:22 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-01-08 23:34 - 2018-12-08 14:22 - 002014152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-01-08 23:34 - 2018-12-08 13:00 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2019-01-08 23:34 - 2018-12-08 05:23 - 000121272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2019-01-08 23:34 - 2018-12-08 02:13 - 002534664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-01-08 23:34 - 2018-12-08 00:25 - 002173040 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-01-08 23:34 - 2018-12-07 23:56 - 001901896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-01-08 23:34 - 2018-12-07 23:32 - 001563376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-01-08 23:34 - 2018-12-07 21:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2019-01-08 23:34 - 2018-12-07 08:24 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-01-08 23:34 - 2018-11-28 02:34 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2019-01-08 23:34 - 2018-11-28 02:17 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
    2019-01-07 12:36 - 2019-01-07 12:36 - 000003032 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
    2019-01-07 12:36 - 2019-01-07 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
    2019-01-07 12:36 - 2019-01-07 12:36 - 000000000 ____D C:\Program Files\Common Files\AV
    2019-01-07 12:35 - 2019-01-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
    2019-01-07 12:34 - 2019-01-11 19:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab
    2019-01-07 12:34 - 2019-01-07 12:35 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
    2019-01-07 12:34 - 2019-01-07 12:34 - 001214752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
    2019-01-07 12:34 - 2019-01-07 12:34 - 001113696 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
    2019-01-07 12:34 - 2019-01-07 12:34 - 000219744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
    2019-01-07 12:34 - 2019-01-07 12:34 - 000152960 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
    2019-01-07 12:34 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
    2019-01-07 11:48 - 2019-01-07 11:53 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2019-01-06 20:04 - 2019-01-11 20:03 - 000000000 ____D C:\Users\User\Desktop\spykiller tech guy
    2019-01-06 16:01 - 2019-01-11 14:43 - 000000000 ____D C:\Users\User\Desktop\CARDINALS
    2019-01-03 22:09 - 2019-01-09 12:15 - 000000000 ____D C:\Users\User\Desktop\MM KJ
    2019-01-03 21:50 - 2019-01-06 15:52 - 000000000 ____D C:\Users\User\Desktop\mom aura FB etc pic
    2018-12-20 23:24 - 2019-01-09 11:25 - 000000000 ____D C:\Users\User\Desktop\current
    2018-12-14 17:08 - 2019-01-09 11:12 - 000000000 ____D C:\Users\User\Desktop\facebook
    2018-12-14 17:05 - 2019-01-09 11:22 - 000000000 ____D C:\Users\User\Desktop\mom new aura samsung phone decemb 2018
    2018-12-14 10:08 - 2018-11-28 03:39 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2018-12-14 10:08 - 2018-11-28 02:08 - 015441408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-12-14 10:08 - 2018-11-28 02:04 - 013322240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-12-14 10:08 - 2018-11-10 13:42 - 001368584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2018-12-14 10:08 - 2018-11-10 12:54 - 001308456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-12-14 10:08 - 2018-11-10 10:34 - 001754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2018-12-14 10:08 - 2018-11-10 10:22 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-12-14 10:08 - 2018-11-10 10:15 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2018-12-14 10:08 - 2018-11-03 09:25 - 002348032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2018-12-14 10:08 - 2018-11-03 09:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2018-12-14 10:08 - 2018-10-05 11:06 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2018-12-14 10:08 - 2018-10-05 10:20 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2018-12-14 10:07 - 2018-11-10 12:53 - 000356088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-12-14 10:07 - 2018-11-10 10:25 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2018-12-14 10:07 - 2018-10-06 10:43 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2018-12-14 10:07 - 2018-10-06 10:13 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2018-12-14 10:07 - 2018-10-05 09:18 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
    2018-12-14 10:07 - 2018-10-05 09:18 - 000513376 _____ C:\WINDOWS\system32\locale.nls
    2018-12-12 21:07 - 2018-12-12 21:07 - 000176976 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
    2018-12-12 21:07 - 2018-12-12 21:07 - 000123152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
    2018-12-12 21:07 - 2018-12-12 21:07 - 000089168 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
    2018-12-12 21:07 - 2018-12-12 21:07 - 000073416 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupdisk.sys
    2018-12-12 21:07 - 2018-12-12 21:07 - 000045768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-11 20:06 - 2017-12-03 11:30 - 000000000 ____D C:\FRST
    2019-01-11 19:55 - 2017-10-30 15:24 - 000000000 ____D C:\Users\User\Desktop\craft ideas
    2019-01-11 19:34 - 2018-08-03 12:46 - 000000402 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
    2019-01-11 16:13 - 2017-01-10 21:07 - 000003898 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{31337575-EAC3-4020-8D50-42E6802C9945}
    2019-01-10 22:11 - 2016-12-21 06:50 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
    2019-01-10 21:19 - 2017-09-02 01:00 - 000000000 ____D C:\Users\User\Desktop\Camera Roll
    2019-01-10 13:16 - 2016-05-16 09:19 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1008330850-1795185431-1197428886-1001
    2019-01-10 13:10 - 2017-01-17 11:30 - 000000000 ___RD C:\Users\User\Documents\RocketLifeNetwork
    2019-01-10 13:10 - 2017-01-17 10:56 - 000000000 ____D C:\Users\User\AppData\Roaming\HP Photo Creations
    2019-01-10 12:37 - 2017-01-27 21:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2019-01-10 12:37 - 2016-12-21 06:44 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2019-01-10 12:37 - 2016-12-21 06:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-01-10 11:53 - 2018-06-21 21:07 - 000000000 ____D C:\Users\User\Desktop\RECIPES NOT on external yet
    2019-01-10 00:05 - 2018-09-15 22:22 - 000000000 ____D C:\Users\User\Desktop\junk
    2019-01-09 14:10 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\rescache
    2019-01-09 13:06 - 2013-08-22 08:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-01-09 13:05 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\Inf
    2019-01-09 12:08 - 2018-06-15 15:42 - 000000000 ____D C:\Users\User\Desktop\already on EXTERNAL
    2019-01-09 12:08 - 2014-11-21 02:44 - 000820208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-01-09 10:43 - 2012-07-26 01:59 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-01-09 10:37 - 2016-12-25 10:03 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-01-09 10:33 - 2016-12-25 10:03 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-01-09 00:38 - 2017-02-21 13:03 - 000000000 ____D C:\Users\User\Desktop\collages
    2019-01-09 00:05 - 2017-03-05 22:00 - 000000000 ____D C:\Users\User\Documents\PrintMaster Projects
    2019-01-08 19:53 - 2018-03-13 15:06 - 000004448 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2019-01-08 19:53 - 2017-02-28 11:52 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2019-01-08 19:53 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2019-01-08 19:53 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-01-08 15:57 - 2017-03-08 14:22 - 000002028 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2019-01-07 15:12 - 2017-12-02 19:13 - 000000000 ____D C:\Users\User\AppData\Local\Avg
    2019-01-07 15:12 - 2017-12-02 19:13 - 000000000 ____D C:\ProgramData\Avg
    2019-01-07 12:35 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
    2019-01-07 12:34 - 2012-07-26 02:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-01-06 19:21 - 2018-11-05 16:21 - 000000000 ____D C:\Users\User\Desktop\photos old and whatever
    2019-01-06 19:21 - 2018-01-09 10:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
    2019-01-06 19:20 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-01-06 19:16 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\registration
    2019-01-06 19:15 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2019-01-06 19:05 - 2018-11-02 17:00 - 000000000 _____ C:\Recovery.txt
    2019-01-05 18:53 - 2018-09-20 12:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2019-01-03 19:46 - 2018-12-01 00:30 - 000000000 ___RD C:\Users\User\Documents\Scanned Documents
    2019-01-03 12:54 - 2018-11-01 11:42 - 000000000 ____D C:\Users\User\Desktop\MAGICAL RITUAL HEALING
    2019-01-03 12:37 - 2018-10-14 09:19 - 000000000 ____D C:\Users\User\Desktop\jewelry
    2019-01-03 12:36 - 2018-11-19 15:09 - 000000000 ____D C:\Users\User\Desktop\Kenda KKS 2018
    2019-01-01 11:59 - 2017-10-30 15:30 - 000000000 ____D C:\Users\User\Desktop\new age metephy
    2019-01-01 11:45 - 2018-08-24 10:10 - 000000000 ____D C:\Users\User\Desktop\memory photos from fb
    2018-12-29 16:10 - 2018-08-03 12:46 - 000003378 _____ C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator
    2018-12-29 16:10 - 2018-06-05 11:10 - 000003542 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP ENVY 4510 series
    2018-12-29 16:10 - 2018-06-05 01:03 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 59c5df5d65e3458e9361e007a03241f36175b80b772846a68eaeee93a8814e3e
    2018-12-29 16:10 - 2018-02-26 14:56 - 000003332 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-12-29 16:10 - 2018-02-26 14:56 - 000003204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-12-29 16:10 - 2018-02-24 12:41 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 12980fc4bb564ea3b572afe1914fe201c5de665e7ba94d8d906ea988a888ea78
    2018-12-29 16:10 - 2017-12-01 09:09 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 480ada08090e4ded9dc4e564fb0e6e87af377388d878459eb0efe409e87f9ac9
    2018-12-29 16:10 - 2017-10-26 14:09 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 5c1f8c0c212143a99c32b8e4688dcbcfeef979149ffb4d4790bed5e7903fb4e9
    2018-12-29 16:10 - 2017-10-05 11:59 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 646f974727cd4573ab58a835902d41ee7b05151d28bf470b9aa5ed08cca3540a
    2018-12-29 16:10 - 2017-03-22 15:04 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 358c671c80744d66aba978f5a7760efc3196802bf2e241a5a6c7111331312ff1
    2018-12-29 16:10 - 2017-03-15 15:16 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 425f6064f1d149d489e97b3b68fd3a393a610e991e25446ea32561643cf4d568
    2018-12-29 16:10 - 2017-02-27 12:49 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - db3b2825856e4f33aac2a1e6390441f35c566397f20e4dbb9ecdd2f3592815d1
    2018-12-29 16:10 - 2017-02-21 23:36 - 000003092 _____ C:\WINDOWS\System32\Tasks\{4046F9C9-7267-41AC-8C3A-2A4087010BCD}
    2018-12-29 16:10 - 2017-02-03 23:15 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 54a98761c6fb4df3911e2b9338258293b63b44aabde04320a0e66cfed687a31d
    2018-12-29 16:10 - 2017-01-21 10:43 - 000003526 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 9206fa51b8f8431da9d44b185b2aece3be573a9799194095baef74d8ec8ebefc
    2018-12-29 16:10 - 2017-01-16 18:39 - 000003050 _____ C:\WINDOWS\System32\Tasks\{BD2EB3B9-9A9E-4F49-A7C1-D476641D35B7}
    2018-12-29 16:10 - 2016-09-02 09:51 - 000002982 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
    2018-12-27 18:27 - 2017-07-21 09:00 - 000000000 ____D C:\Users\User\Desktop\schooling for kids
    2018-12-27 16:23 - 2018-10-12 20:42 - 000000000 ____D C:\Users\User\Desktop\MMM
    2018-12-27 13:49 - 2018-11-24 15:22 - 000000627 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camera Roll.lnk
    2018-12-27 00:08 - 2018-03-07 15:42 - 000000000 ____D C:\Users\User\Desktop\inmates
    2018-12-26 23:07 - 2018-04-03 09:21 - 000000000 ____D C:\Users\User\Desktop\gkids memories box 2 ON EXTERNA
    2018-12-23 12:41 - 2018-10-23 20:59 - 000000000 ____D C:\Users\User\Desktop\FUNNY FACE FAMILY
    2018-12-18 12:57 - 2018-02-26 14:58 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-12-14 14:36 - 2013-08-22 08:44 - 000365120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-12-13 16:02 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI

    Some files in TEMP:
    ====================
    2018-06-05 10:57 - 2018-06-05 11:05 - 156134696 _____ () C:\Users\User\AppData\Local\Temp\HPInstaller.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2019-01-09 13:53

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.01.2019 01
    Ran by User (11-01-2019 20:09:12)
    Running from C:\Users\User\Desktop
    Windows 8.1 (Update) (X64) (2017-01-03 23:33:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1008330850-1795185431-1197428886-500 - Administrator - Disabled)
    Guest (S-1-5-21-1008330850-1795185431-1197428886-501 - Limited - Disabled)
    User (S-1-5-21-1008330850-1795185431-1197428886-1001 - Administrator - Enabled) => C:\Users\User

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
    AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
    DriverUpdate (HKLM-x32\...\{94FC5B48-F3EC-4F7A-B70E-D4F697C56739}) (Version: 2.7.9 - Slimware Utilities Holdings, Inc.)
    Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
    Haunted Hotel (HKLM-x32\...\BFG-Haunted Hotel) (Version: - )
    Hoyle Classic Games (HKLM-x32\...\Hoyle Classic Games) (Version: - )
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ENVY 4510 series Basic Device Software (HKLM\...\{2B054C3F-C753-47D8-A5CA-D92AC5D455EB}) (Version: 40.11.1122.1796 - HP Inc.)
    HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Photo Creations (HKU\S-1-5-21-1008330850-1795185431-1197428886-1001\...\HP Photo Creations) (Version: 1.0.0.22192 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
    Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
    Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
    Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
    Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla)
    OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
    PrintMaster 7 Platinum (HKLM\...\0832-3492-6567-1002) (Version: 7.0.2.245 - Encore Software Inc.)
    Product Improvement Study for HP ENVY 4510 series (HKLM\...\{73B843F4-6940-4707-A647-7E9349D45A96}) (Version: 40.11.1122.1796 - HP Inc.)
    Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
    Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17329 - Microsoft Corporation)
    Zoom (HKU\S-1-5-21-1008330850-1795185431-1197428886-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-07] (AO Kaspersky Lab)
    ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-07] (AO Kaspersky Lab)
    ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-07] (AO Kaspersky Lab)
    ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-01-07] (AO Kaspersky Lab)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0914541C-488B-4115-AA77-FE402C949EFD} - System32\Tasks\HP Photo Creations Communicator => C:\Users\User\AppData\Roaming\HP Photo Creations\Communicator.exe [2018-08-24] ()
    Task: {157A4414-C684-4A53-982D-544C6C55C0A3} - System32\Tasks\HP AR Program Upload - 5c1f8c0c212143a99c32b8e4688dcbcfeef979149ffb4d4790bed5e7903fb4e9 => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {1E884316-6BE3-465B-A05F-29FFA3187962} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated)
    Task: {23F68A70-7354-4810-AC18-22B09E3EADC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-26] (Google Inc.)
    Task: {29CDB7BA-2D01-4771-B4D9-A24F87912C02} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: {386D0A04-9708-42E0-B203-9595D253FA64} - System32\Tasks\HP AR Program Upload - 425f6064f1d149d489e97b3b68fd3a393a610e991e25446ea32561643cf4d568 => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {3E893420-50FF-428A-8836-2A622B1D270F} - System32\Tasks\{4046F9C9-7267-41AC-8C3A-2A4087010BCD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
    Task: {47FF8297-D887-4D3A-95AA-38295EA36BC6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated)
    Task: {4B35CAC6-9B7A-4719-B707-9E666AE8B24C} - System32\Tasks\HP AR Program Upload - 480ada08090e4ded9dc4e564fb0e6e87af377388d878459eb0efe409e87f9ac9 => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {55E6DC35-1090-4065-8A4B-99E6E758303D} - System32\Tasks\HP AR Program Upload - 9206fa51b8f8431da9d44b185b2aece3be573a9799194095baef74d8ec8ebefc => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {75B55EDB-3963-4700-8309-EBA209282D2F} - System32\Tasks\HPCustParticipation HP ENVY 4510 series => C:\Program Files\HP\HP ENVY 4510 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
    Task: {83F0101A-0DBF-489C-AC19-69B98354C673} - System32\Tasks\HP AR Program Upload - 358c671c80744d66aba978f5a7760efc3196802bf2e241a5a6c7111331312ff1 => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {8584F5BF-F62E-4FCD-8B9C-E4E4D2AA1C1C} - System32\Tasks\HP AR Program Upload - 59c5df5d65e3458e9361e007a03241f36175b80b772846a68eaeee93a8814e3e => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {909277D8-3E7B-4A4F-83DD-57BD0FC4AF1B} - System32\Tasks\HP AR Program Upload - db3b2825856e4f33aac2a1e6390441f35c566397f20e4dbb9ecdd2f3592815d1 => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {95F6FB15-D495-4C8A-B17F-FC58C72933BA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2019-01-07] (AO Kaspersky Lab)
    Task: {9D35AA51-0350-4CED-BD47-C60F28184D78} - System32\Tasks\HP AR Program Upload - 646f974727cd4573ab58a835902d41ee7b05151d28bf470b9aa5ed08cca3540a => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {AB7A47EF-E3D5-4B8D-8E29-5BA5DCC0D2AE} - System32\Tasks\HP AR Program Upload - 12980fc4bb564ea3b572afe1914fe201c5de665e7ba94d8d906ea988a888ea78 => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {B72BFF2D-A8AB-4B4E-9073-EA6589FB566F} - System32\Tasks\HP AR Program Upload - 54a98761c6fb4df3911e2b9338258293b63b44aabde04320a0e66cfed687a31d => C:\Program Files\HP\HP ENVY 4510 series\bin\HPRewards.exe
    Task: {BB44E489-7776-4C5C-8E61-97C66EB5F7A3} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-09] (AVG Technologies CZ, s.r.o.)
    Task: {C13A2066-C3EA-43DA-B7B7-AE28971900D1} - System32\Tasks\{BD2EB3B9-9A9E-4F49-A7C1-D476641D35B7} => C:\WINDOWS\system32\pcalua.exe -a D:\setup\autorun\autorun.exe -d D:\
    Task: {C8E1B95A-DCC2-4A97-8168-CD32D2E31952} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-26] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\User\AppData\Roaming\HP Photo Creations\Communicator.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\4426633430.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xcd7908d5 -pinnedTimeHigh 0x01d1d924 -securityFlags 0x00000000 -url 0x00000032 hxxps://www.connectebt.com/ebtcard/iaebt/index.jsp

    ==================== Loaded Modules (Whitelisted) ==============

    2019-01-07 12:34 - 2019-01-07 12:34 - 000864112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\kpcengine.2.3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD [167]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2018-12-30 18:20 - 000002024 _____ C:\WINDOWS\system32\drivers\etc\hosts

    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com
    0.0.0.0 cdn.bispd.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
    HKU\S-1-5-21-1008330850-1795185431-1197428886-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.60.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKU\S-1-5-21-1008330850-1795185431-1197428886-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D394EB4D-9D75-4890-B9F0-CF8D4B34F9D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{86B7D247-3876-492E-9FA2-BBE759E20B05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{6006771C-8DCB-49A1-B507-2C6D64B111FB}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4369\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{9E06766C-4C5E-4FDE-A3EC-85D9F833A18E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4369\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{39E16D8A-4380-4439-ADF6-5A4333923E8F}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS6921\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{C81EA3B4-99ED-4F6D-9AF1-7AB692EDCC84}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS6921\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{4C74595C-8E63-40D3-88ED-E4E648626043}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0A37\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{97A5477A-1B70-4433-B2D0-B9B0D467B10A}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0A37\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{229D12A6-BD67-4E3F-A377-1FA9678420F1}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0D16\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{426CEDEF-8E49-4B97-B135-A7B8F3AF9501}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0D16\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{121503DE-0ED3-4D26-AAE3-4AB2950B09C0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS7A00\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{9AB13CB4-080D-42E8-A359-E3E0A4DC46B1}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS7A00\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{BDCD38A1-A027-4D8B-AE73-96A187978942}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS30A8\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{80A6EF5F-07D2-411C-98C4-40E95E7AA59B}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS30A8\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{2C9694C9-4A94-4714-BE24-B4A9D2971D2E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS3A46\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{25FEC78E-0015-4D3B-A5A1-FDEC87FA63E6}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS3A46\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{8ED40E12-89BA-433D-B279-0598F0EDEE84}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS3BE4\7zS342B\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{149A26CF-2E4B-420D-A5CA-D80EB0BEA5D8}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS3BE4\7zS342B\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{11C4746E-D80D-4476-AF04-5D1FBCE89D24}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS451A\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{3B489834-F7F4-4CD6-82D9-9DE3FA803ACC}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS451A\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{E034C278-C2D1-4C3F-A8B9-7B0D498B194E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS690E\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{87D77DC4-3085-477A-A868-3B2AEF0B46B4}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS690E\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{DD4F58FF-CF8A-4E2B-9368-BE279B941762}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS5B75\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{0377D32A-2461-446A-98C7-8DF46DECB25E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS5B75\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{912A4948-3EBA-4658-974E-6A2362926478}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4208\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{5580DB12-1CEE-4F15-8791-65527BD6FAF0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4208\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{94107DA8-170E-4007-B91D-AFC17A82595D}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS68C8\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{0AC2B2CF-80EC-43EB-846F-8C4D0043B3E5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS68C8\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{C29B4984-553C-45B4-BF32-D6D50EFAF916}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS363F\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{4BD0B2CA-65C0-473F-9EB5-1C49A6E95CEE}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS363F\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{F35B46D6-6FC2-4D72-90C4-9BDA8B5FAE84}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\DeviceSetup.exe (HP Inc.)
    FirewallRules: [{437AE0A7-DE49-4B21-89F7-62FD9BE3CA09}] => (Allow) LPort=5357
    FirewallRules: [{D686D64A-55CA-4EA7-A34B-AC28311C9C4F}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc.)
    FirewallRules: [{1D28DD68-7575-453C-B3EE-E51B655B4556}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS5E66\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{FD1FDF2E-6512-4336-8130-F56258E2189D}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS5E66\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{9BF5EE03-BF7B-4967-AAEA-A105A53FA7A8}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS65D5\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{1EB4D99B-D7B2-44E6-AD99-8ADF7EAB2E4A}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS65D5\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{C8E2C419-E79F-4651-BAAD-7AB2ED663227}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS6715\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{BFC029E0-F39B-41EA-9C67-4E7A76AA9966}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS6715\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{2A8EF6F7-5F5D-40EA-A5EB-2D601E5D47D3}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS1B53\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{2A3AF6FE-E878-4F81-9194-CEFA9A3AF4C7}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS1B53\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{BE11623F-8F30-44DD-9646-D6F7B2ADD1E0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS1A74\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{788BEB20-1CEA-4471-95FC-30C61C151C87}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS1A74\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{F70AF8BE-C0F1-40A0-B56C-BCC3085AD783}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0FA3\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{EE489C9A-F9AC-4447-8A83-199074C19359}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0FA3\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{94268100-F470-44EC-834B-69624A3E3DED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    FirewallRules: [{8537B902-F3D1-49C8-B63D-8D13263E45F3}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS58C2\HPDiagnosticCoreUI.exe (HPDC LP)
    FirewallRules: [{C7817783-7526-46DD-99F0-24C5B8B84A2C}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS58C2\HPDiagnosticCoreUI.exe (HPDC LP)

    ==================== Restore Points =========================

    26-12-2018 12:57:57 Windows Update
    29-12-2018 16:07:17 Windows Update
    01-01-2019 18:29:46 Windows Update
    04-01-2019 18:32:23 Windows Update
    07-01-2019 18:58:17 Windows Update
    11-01-2019 10:26:43 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: PCI Device
    Description: PCI Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/10/2019 08:07:32 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (01/06/2019 06:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (1520) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0040D.log.

    Error: (12/27/2018 06:43:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program HPScan.exe version 40.11.1122.1796 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 17cc

    Start Time: 01d49e4469921b5b

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\HP\HP ENVY 4510 series\bin\HPScan.exe

    Report Id: 8f19ac38-0a39-11e9-bf2d-38eaa7ebb937

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/27/2018 01:52:05 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (12/20/2018 10:26:04 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (12/18/2018 10:38:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: hp)
    Description: Activation of app FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/06/2018 08:43:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: PhotoProductCore.exe, version: 1.0.0.22192, time stamp: 0x582ba5c7
    Faulting module name: mshtml.dll, version: 11.0.9600.19180, time stamp: 0x5bc7ecf9
    Exception code: 0xc000041d
    Fault offset: 0x002b3124
    Faulting process id: 0x174
    Faulting application start time: 0x01d48dcbcba2fe8b
    Faulting application path: C:\Users\User\AppData\Roaming\HP Photo Creations\PhotoProductCore.exe
    Faulting module path: C:\Windows\SYSTEM32\mshtml.dll
    Report Id: d9689527-f9c9-11e8-bf1d-38eaa7ebb937
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/06/2018 08:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: PhotoProductCore.exe, version: 1.0.0.22192, time stamp: 0x582ba5c7
    Faulting module name: mshtml.dll, version: 11.0.9600.19180, time stamp: 0x5bc7ecf9
    Exception code: 0xc0000005
    Fault offset: 0x002b3124
    Faulting process id: 0x174
    Faulting application start time: 0x01d48dcbcba2fe8b
    Faulting application path: C:\Users\User\AppData\Roaming\HP Photo Creations\PhotoProductCore.exe
    Faulting module path: C:\Windows\SYSTEM32\mshtml.dll
    Report Id: d353b7b7-f9c9-11e8-bf1d-38eaa7ebb937
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (01/11/2019 12:44:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. - Graphics Adapter WDDM1.2 - AMD Radeon HD 7640G.

    Error: (01/11/2019 12:44:44 PM) (Source: DCOM) (EventID: 10010) (User: hp)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (01/11/2019 12:00:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. - Graphics Adapter WDDM1.2 - AMD Radeon HD 7640G.

    Error: (01/11/2019 10:29:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. - Graphics Adapter WDDM1.2 - AMD Radeon HD 7640G.

    Error: (01/10/2019 11:25:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. - Graphics Adapter WDDM1.2 - AMD Radeon HD 7640G.

    Error: (01/10/2019 11:25:23 AM) (Source: DCOM) (EventID: 10010) (User: hp)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (01/10/2019 11:24:53 AM) (Source: DCOM) (EventID: 10010) (User: hp)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (01/10/2019 01:36:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. - Graphics Adapter WDDM1.2 - AMD Radeon HD 7640G.


    Windows Defender:
    ===================================
    Date: 2017-12-01 12:24:59.538
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {012B70AC-E2AC-4C2E-82A4-A28069DB2DC9}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2017-12-01 12:02:55.057
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {E1B641EB-E437-4CA8-BE16-96B5942FF97C}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2017-12-01 11:56:20.258
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {B3476417-A12A-4C4E-A175-DF88CAA5D0DB}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2017-12-01 11:11:59.603
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {CC375C01-2DF1-4303-B4DA-219FC0340F30}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2017-12-01 08:52:01.920
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {F421012D-0208-4964-BBDD-525314A14C29}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2017-12-02 18:11:31.587
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.257.1252.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14306.0
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2017-12-02 18:11:31.587
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.257.1252.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14306.0
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2017-11-30 20:47:24.871
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.257.1140.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14306.0
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2017-11-30 20:47:24.871
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.257.1140.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14306.0
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2017-11-25 22:26:16.756
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.257.932.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14306.0
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    CodeIntegrity:
    ===================================

    Date: 2018-10-23 10:00:47.837
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-10-23 10:00:47.134
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-10-23 10:00:46.384
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-10-23 10:00:45.681
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-10-23 10:00:44.962
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-10-23 10:00:44.228
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-10-23 10:00:43.467
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-10-23 10:00:42.389
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 69%
    Total physical RAM: 3554.26 MB
    Available physical RAM: 1066.78 MB
    Total Virtual: 5339.97 MB
    Available Virtual: 1533.79 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:464.81 GB) (Free:363.6 GB) NTFS

    \\?\Volume{ee228f85-ec2d-4298-9407-920dd3b7f7ae}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.26 GB) NTFS
    \\?\Volume{0c7c1076-0ffd-4570-bfcc-d21578c525bf}\ () (Fixed) (Total:0.44 GB) (Free:0.09 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    manicmoms,
    First
    Disable Defender.
    It will only interfere with things while you have a separate Antivirus (Kaspersky)
    Instructions are here:
    https://winaero.com/blog/how-to-disable-or-enable-windows-defender-in-windows-8-1/
    If you ever remove Kaspersky, then be sure to re-enable Defender.

    Then, Uninstall the program called
    DriverUpdate

    I would also suggest Uninstalling Java.
    If you find you really need it, you can install it again.
    You will see it listed as
    Java 8 Update 191

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    Let me know how it's running.
    askey127
     

    Attached Files:

  8. manicmoms

    manicmoms Thread Starter

    Joined:
    Mar 11, 2017
    Messages:
    17
    Below is the contents of the Fixlog.txt
    I do not know how the PC is working as of yet.
    There is however an icon placed on my desktop called "Homegroup" It will not allow me to delete it off my desktop?

    Thank you
    Krysta

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12.01.2019
    Ran by User (12-01-2019 21:27:33) Run:1
    Running from C:\Users\User\Desktop\spykiller tech guy
    Loaded Profiles: User (Available Profiles: User)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************

    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [AVGUI.exe] => "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    C:\Program Files (x86)\AVG
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-01-07] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-01-07] <==== ATTENTION
    CHR Extension: (GreatArcadeHits Ads) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2019-01-11]
    C:\Users\User\AppData\Local\Avg
    C:\ProgramData\Avg
    C:\WINDOWS\System32\Tasks\AVG
    Task: {BB44E489-7776-4C5C-8E61-97C66EB5F7A3} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-09] (AVG Technologies CZ, s.r.o.)
    FirewallRules: [{6006771C-8DCB-49A1-B507-2C6D64B111FB}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4369\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{9E06766C-4C5E-4FDE-A3EC-85D9F833A18E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4369\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{39E16D8A-4380-4439-ADF6-5A4333923E8F}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS6921\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{C81EA3B4-99ED-4F6D-9AF1-7AB692EDCC84}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS6921\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{4C74595C-8E63-40D3-88ED-E4E648626043}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0A37\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{97A5477A-1B70-4433-B2D0-B9B0D467B10A}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0A37\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{229D12A6-BD67-4E3F-A377-1FA9678420F1}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0D16\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{426CEDEF-8E49-4B97-B135-A7B8F3AF9501}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0D16\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{121503DE-0ED3-4D26-AAE3-4AB2950B09C0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS7A00\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{9AB13CB4-080D-42E8-A359-E3E0A4DC46B1}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS7A00\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{BDCD38A1-A027-4D8B-AE73-96A187978942}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS30A8\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{80A6EF5F-07D2-411C-98C4-40E95E7AA59B}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS30A8\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{2C9694C9-4A94-4714-BE24-B4A9D2971D2E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS3A46\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{25FEC78E-0015-4D3B-A5A1-FDEC87FA63E6}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS3A46\HPDiagnosticCoreUI.exe No File
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVGUI.exe" => removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    "C:\Program Files (x86)\AVG" => not found
    C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js => moved successfully
    C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg => moved successfully
    CHR Extension: (GreatArcadeHits Ads) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2019-01-11] => Error: No automatic fix found for this entry.
    C:\Users\User\AppData\Local\Avg => moved successfully
    C:\ProgramData\Avg => moved successfully
    C:\WINDOWS\System32\Tasks\AVG => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BB44E489-7776-4C5C-8E61-97C66EB5F7A3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB44E489-7776-4C5C-8E61-97C66EB5F7A3}" => removed successfully
    "C:\WINDOWS\System32\Tasks\AVG\Overseer" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6006771C-8DCB-49A1-B507-2C6D64B111FB}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E06766C-4C5E-4FDE-A3EC-85D9F833A18E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39E16D8A-4380-4439-ADF6-5A4333923E8F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C81EA3B4-99ED-4F6D-9AF1-7AB692EDCC84}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C74595C-8E63-40D3-88ED-E4E648626043}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97A5477A-1B70-4433-B2D0-B9B0D467B10A}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{229D12A6-BD67-4E3F-A377-1FA9678420F1}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{426CEDEF-8E49-4B97-B135-A7B8F3AF9501}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{121503DE-0ED3-4D26-AAE3-4AB2950B09C0}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AB13CB4-080D-42E8-A359-E3E0A4DC46B1}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDCD38A1-A027-4D8B-AE73-96A187978942}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80A6EF5F-07D2-411C-98C4-40E95E7AA59B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C9694C9-4A94-4714-BE24-B4A9D2971D2E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25FEC78E-0015-4D3B-A5A1-FDEC87FA63E6}" => removed successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43467290 B
    Java, Flash, Steam htmlcache => 21912 B
    Windows/system/drivers => 513070806 B
    Edge => 0 B
    Chrome => 301204768 B
    Firefox => 1102840799 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 128 B
    systemprofile32 => 128 B
    LocalService => 401298 B
    NetworkService => 0 B
    User => 3614908612 B

    RecycleBin => 259910598 B
    EmptyTemp: => 5.4 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 21:37:15 ====
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Manic,
    I think you will be OK.
    I do not see any sign of a virus or malware.
    You have had some leftover junk adware, which we removed, along with a large pile of temporary files..
    AVG left a lot of processes and files behind.
    I don't think that desktop icon is a problem. Leaving it alone should be OK.
    If any other issues, let me know.
    Good Luck.
    askey127
     
  10. manicmoms

    manicmoms Thread Starter

    Joined:
    Mar 11, 2017
    Messages:
    17
    Askey127,

    That icon was gone this morning so it did take care of itself.
    Thank you so much for responding to me and for all your help and guidance.
    Sincerely
    Krysta
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1221520

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice