Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop caught something


  • This topic is locked This topic is locked
10 replies to this topic

#1 ReFx

ReFx

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 23 July 2015 - 04:13 AM

Good Morning!

 

   Back on this awesome forum for help, I'm pretty sure my laptop has caught something. It's super slow, pop up errors, and random internet websites popup etc... Here is my HijackThis log, thanks for all the help!!

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:08:28 AM, on 7/23/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16633)
CHROME: 43.0.2357.2
FIREFOX: 37.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\GoogleCrashHandler.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Users\Owner\AppData\Local\Google\Update\Install\{6BB9592B-30B1-42D9-8529-88EDCB2AA92F}\46.0.2463.0_chrome_installer.exe
C:\Users\Owner\AppData\Local\Temp\CR_EB580.tmp\setup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={6CAD50CE-CC81-4611-9078-E252624C7FD8}&mid=49d855982826374bb6767a000dd7667e-3c8cd7eb87df913e224d8775c9b186ff128fa5db&lang=en&ds=AVG&coid=avgtbavg&cmpid=1114tb&pr=fr&d=2014-02-24 19:35:30&v=18.3.0.885&pid=safeguard&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 136.243.254.253 www.google-analytics.com.
O1 - Hosts: 136.243.254.253 google-analytics.com.
O1 - Hosts: 136.243.254.253 connect.facebook.net.
O1 - Hosts: 192.95.55.231 www.google-analytics.com.
O1 - Hosts: 192.95.55.231 google-analytics.com.
O1 - Hosts: 192.95.55.231 connect.facebook.net.
O1 - Hosts: 89.163.213.173 www.google-analytics.com.
O1 - Hosts: 89.163.213.173 google-analytics.com.
O1 - Hosts: 89.163.213.173 connect.facebook.net.
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0715tb] "C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe" /PROMPT /CMPID=0715tb
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{62FD19B9-8A67-41F4-94D3-3DED8F6BE748}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F58E42FD-524D-49A7-9007-C16617D0668C}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{62FD19B9-8A67-41F4-94D3-3DED8F6BE748}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{62FD19B9-8A67-41F4-94D3-3DED8F6BE748}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc.. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 24 July 2015 - 01:21 PM

Greetings ReFx and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 ReFx

ReFx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 25 July 2015 - 05:46 AM

Thanks for taking the time to help me Gary!

 

My name is john,

 

here is what you requested

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Owner (administrator) on OWNER-PC on 25-07-2015 00:36:16
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Avid Technology, Inc..) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
() C:\Program Files (x86)\SMINST\BLService.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
(BitTorrent Inc.) C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Farbar) C:\Users\Owner\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-08] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\84675d38-f1f9-42da-89ba-35560c5b73c9.exe [183232 2015-07-25] (AVAST Software)
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Run: [BitTorrent] => C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe [1742936 2015-03-25] (BitTorrent Inc.)
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Run: [AVG-Secure-Search-Update_0715tb] => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2579856 2015-07-23] ()
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-20] (Google Inc.)
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hptv.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-08] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={6CAD50CE-CC81-4611-9078-E252624C7FD8}&mid=49d855982826374bb6767a000dd7667e-3c8cd7eb87df913e224d8775c9b186ff128fa5db&lang=en&ds=AVG&coid=avgtbavg&cmpid=1114tb&pr=fr&d=2014-02-24 19:35:30&v=18.3.0.885&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
URLSearchHook: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL =
SearchScopes: HKLM -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {5D9FA932-8D8C-40EC-9192-A538B6854A52} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {5D9FA932-8D8C-40EC-9192-A538B6854A52} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> DefaultScope {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> {476FDD4A-D6FB-4A7C-98A5-09A6A377D958} URL =
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> {5D9FA932-8D8C-40EC-9192-A538B6854A52} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={6CAD50CE-CC81-4611-9078-E252624C7FD8}&mid=49d855982826374bb6767a000dd7667e-3c8cd7eb87df913e224d8775c9b186ff128fa5db&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-24 19:35:30&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-08] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-08] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-22] (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-27] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-22] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-22] (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{62FD19B9-8A67-41F4-94D3-3DED8F6BE748}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{62FD19B9-8A67-41F4-94D3-3DED8F6BE748}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F58E42FD-524D-49A7-9007-C16617D0668C}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\a8mptzl1.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://mysearch.avg.com?pid=safeguard&sg=&cid=%7Ba8916c80-80f0-4a18-b335-d91b07cce2bb%7D&mid=49d855982826374bb6767a000dd7667e-3c8cd7eb87df913e224d8775c9b186ff128fa5db&ds=AVG&coid=avgtbavg&cmpid=&v=18.1.9.799&lang=en&pr=fr&d=2014-02-24%2019%3A35%3A30&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-28] (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1905616980-2508883315-2640086917-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-1905616980-2508883315-2640086917-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-1905616980-2508883315-2640086917-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-28] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-07-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-07-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-07-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-07-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-07-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-07-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-07-09] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-03-22]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\a8mptzl1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-04]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\a8mptzl1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-12]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-10-10]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885 [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-08]
FF HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-08] (Avast Software s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-24] (Avid Technology, Inc..) [File not signed]
S4 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365904 2008-09-23] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2183992 2014-03-22] (AVG)
S4 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-09-24] ()
S4 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-09-24] ()
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-22] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-08] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-04-08] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-08] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-08] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-04-08] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-08] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-23] (Malwarebytes Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [50808 2012-05-02] (Cristalink Ltd)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 00:35 - 2015-07-25 00:35 - 02135552 _____ (Farbar) C:\Users\Owner\Downloads\FRST64(1).exe
2015-07-25 00:34 - 2015-07-25 00:34 - 00002724 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_RML
2015-07-25 00:34 - 2015-07-25 00:34 - 00000340 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job
2015-07-23 03:08 - 2015-07-23 03:08 - 00012152 _____ C:\Users\Owner\Downloads\hijackthis.log
2015-07-23 03:02 - 2015-07-23 03:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2015-07-23 02:56 - 2015-07-23 02:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-23 02:55 - 2015-07-25 00:28 - 00000354 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job
2015-07-23 02:55 - 2015-07-23 02:55 - 00002646 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_rel
2015-07-23 02:53 - 2015-07-25 00:29 - 00000406 _____ C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job
2015-07-23 02:53 - 2015-07-23 02:53 - 00002908 _____ C:\Windows\System32\Tasks\AVG_SYS_TASK_0715tb_DELETE
2015-07-23 01:27 - 2015-07-23 01:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-23 01:20 - 2015-07-23 01:20 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2015-07-23 01:16 - 2015-07-25 00:28 - 00000552 _____ C:\Windows\system32\spsys.log
2015-07-23 01:16 - 2015-07-23 02:54 - 00000000 ____D C:\ProgramData\Avg_Update_0715tb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 00:37 - 2014-02-24 03:49 - 00026436 _____ C:\Users\Owner\Downloads\FRST.txt
2015-07-25 00:37 - 2011-10-28 22:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
2015-07-25 00:37 - 2009-03-26 19:03 - 01388880 _____ C:\Windows\WindowsUpdate.log
2015-07-25 00:36 - 2014-02-24 03:49 - 00000000 ____D C:\FRST
2015-07-25 00:36 - 2006-11-02 06:46 - 00006580 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-25 00:30 - 2013-03-19 22:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 00:28 - 2014-06-20 19:21 - 00143034 _____ C:\Windows\PFRO.log
2015-07-25 00:28 - 2012-05-06 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-25 00:28 - 2006-11-02 09:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 00:28 - 2006-11-02 09:22 - 00003424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 00:28 - 2006-11-02 09:22 - 00003424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 03:19 - 2008-10-19 23:53 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-07-23 03:19 - 2006-11-02 09:42 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-23 03:17 - 2014-06-20 22:26 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905616980-2508883315-2640086917-1000UA.job
2015-07-23 03:05 - 2014-06-20 22:26 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905616980-2508883315-2640086917-1000Core.job
2015-07-23 03:01 - 2014-06-20 22:26 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1905616980-2508883315-2640086917-1000UA
2015-07-23 03:00 - 2014-06-20 22:26 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1905616980-2508883315-2640086917-1000Core
2015-07-23 02:53 - 2015-04-05 01:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 02:50 - 2008-10-20 00:21 - 00000000 ____D C:\Windows\panther
2015-07-23 01:44 - 2009-04-25 19:53 - 00000000 ____D C:\Windows\Minidump
2015-07-23 01:29 - 2015-04-05 01:06 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-23 01:29 - 2015-04-05 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-23 01:29 - 2015-04-05 01:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-23 01:21 - 2015-03-30 17:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Ozktics
2015-07-23 01:21 - 2015-03-25 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\Obrzics

==================== Files in the root of some directories =======

2013-05-27 18:56 - 2014-06-05 11:05 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2011-11-23 20:06 - 2011-11-23 20:06 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2011-11-23 20:42 - 2011-11-23 22:59 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-11-23 20:43 - 2011-11-23 22:59 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe Targa Format CS5 Prefs
2014-02-18 23:04 - 2014-02-18 23:04 - 0000353 _____ () C:\Users\Owner\AppData\Roaming\com.mcmguides.pdg.NCO.2013_state.xml
2013-11-16 23:24 - 2013-11-29 19:59 - 0000151 _____ () C:\Users\Owner\AppData\Roaming\settings.xml
2013-10-05 20:38 - 2013-10-05 20:38 - 0327755 _____ () C:\Users\Owner\AppData\Local\ars.cache
2009-04-14 19:16 - 2009-04-14 19:16 - 0000000 _____ () C:\Users\Owner\AppData\Local\AtStart.txt
2013-10-05 20:39 - 2013-10-05 20:39 - 0815497 _____ () C:\Users\Owner\AppData\Local\census.cache
2012-02-08 11:05 - 2015-05-06 00:22 - 0001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2011-09-08 21:17 - 2015-03-26 17:42 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2009-04-15 00:41 - 2015-04-04 12:56 - 0181248 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-27 22:57 - 2014-07-27 22:57 - 0156896 _____ () C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-07-27 22:56 - 2014-07-27 22:56 - 0000002 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
2014-07-27 22:56 - 2014-07-27 23:02 - 0323562 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
2014-07-27 22:58 - 2014-07-27 23:00 - 5101292 _____ () C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI5B2A.txt
2012-05-15 10:20 - 2012-05-15 10:20 - 0359382 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI0233.txt
2013-10-18 18:38 - 2013-10-18 18:41 - 0004158 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI035B.txt
2013-09-25 08:32 - 2013-09-25 08:32 - 0354798 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI2DCF.txt
2014-12-30 21:32 - 2014-12-30 21:32 - 0390310 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI3655.txt
2013-10-23 00:11 - 2013-10-23 00:13 - 0004150 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI3A53.txt
2014-06-24 22:44 - 2014-06-24 22:44 - 0368624 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI3E1D.txt
2012-04-21 17:37 - 2012-04-21 17:39 - 0437818 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI7DC8.txt
2014-02-01 19:21 - 2014-02-01 19:22 - 0417068 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI7E3C.txt
2012-05-15 10:20 - 2012-05-15 10:20 - 0011158 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI0233.txt
2013-10-18 18:38 - 2013-10-18 18:39 - 0011380 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI035B.txt
2013-09-25 08:32 - 2013-09-25 08:32 - 0011462 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI2DCF.txt
2014-12-30 21:32 - 2014-12-30 21:32 - 0011358 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI3655.txt
2013-10-23 00:11 - 2013-10-23 00:11 - 0011364 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI3A53.txt
2014-06-24 22:44 - 2014-06-24 22:44 - 0011390 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI3E1D.txt
2012-04-21 17:37 - 2012-04-21 17:39 - 0013308 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI7DC8.txt
2014-02-01 19:21 - 2014-02-01 19:22 - 0011444 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI7E3C.txt
2009-04-14 19:16 - 2009-04-14 19:16 - 0000000 _____ () C:\Users\Owner\AppData\Local\DSwitch.txt
2013-10-05 19:10 - 2013-10-05 19:10 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2009-04-14 19:16 - 2009-04-14 19:16 - 0000000 _____ () C:\Users\Owner\AppData\Local\QSwitch.txt
2014-07-27 23:01 - 2014-07-27 23:01 - 0006964 _____ () C:\Users\Owner\AppData\Local\setup.log
2014-07-27 22:56 - 2014-07-27 23:02 - 0006114 _____ () C:\Users\Owner\AppData\Local\uxeventlog.txt
2012-07-21 19:37 - 2012-07-21 19:37 - 0000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2009-10-13 23:11 - 2013-12-03 23:03 - 0313504 _____ () C:\ProgramData\nvModes.001
2009-10-13 23:09 - 2013-12-03 22:53 - 0313504 _____ () C:\ProgramData\nvModes.dat
2008-10-20 00:29 - 2008-10-02 06:52 - 0218480 _____ () C:\ProgramData\SymUpdate.exe
2009-03-26 19:49 - 2009-03-26 19:49 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2008-10-20 01:26 - 2008-10-20 01:26 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-03-26 19:48 - 2009-03-26 19:48 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2008-10-20 01:19 - 2008-10-20 01:21 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-03-26 19:46 - 2009-03-26 19:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-03-26 19:49 - 2009-03-26 19:49 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2008-10-20 01:18 - 2008-10-20 01:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2008-10-20 01:21 - 2008-10-20 01:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-03-26 19:49 - 2009-03-26 19:49 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\ProgramData\SymUpdate.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\nvd3dum.dll
C:\Windows\System32\Drivers\avgidsfiltera.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-25 00:35

==================== End of log ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Owner at 2015-07-25 00:41:13
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1905616980-2508883315-2640086917-500 - Administrator - Disabled)
F6127FC8322848D8AE02 (S-1-5-21-1905616980-2508883315-2640086917-1001 - Limited - Enabled)
Guest (S-1-5-21-1905616980-2508883315-2640086917-501 - Limited - Enabled) => C:\Users\Guest
Owner (S-1-5-21-1905616980-2508883315-2640086917-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG update module (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG update module (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM-x32\...\{5CB870DE-94A1-4A37-AAE2-08E4D2AA658A}) (Version: 9.0.0.0 - Ableton)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.380 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.380 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.380 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4020.3 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.3.0.885 - AVG Technologies)
Avid Pro Tools SE 8.0.3 (HKLM-x32\...\{371F27A1-9502-4762-AE97-1C1938B21055}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version:  - )
BitTorrent (HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
Blaine's Bubble Warp Effect (HKLM-x32\...\{39488AAE-73E4-42A3-B357-2C5C213B8B86}) (Version: 1.0.0 - Blaine's Movie Maker Blog)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
Camel Audio CamelCrusher64 (HKLM-x32\...\Camel Audio CamelCrusher64) (Version: 1.01.0 - Camel Audio)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DownloadX ActiveX Download Control 1.6.1 (HKLM-x32\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - DownloadXCtrl.com)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Focusrite USB 2.0 Audio Driver 2.4 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.4 - Focusrite Audio Engineering Limited.)
Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Free MP4 To WMV Converter (HKLM-x32\...\{644D1E31-FB7D-488F-AFDD-B5749F41CE19}) (Version: 1.0.0 - convertaudiofree)
Google Chrome Canary (HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Google Chrome SxS) (Version: 43.0.2357.2 - Google Inc.)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2126 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.0.0924 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
iZotope Ozone 4 (HKLM-x32\...\iZotope Ozone 4_is1) (Version: 4.00 - iZotope, Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Java™ 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
M-Audio FastTrack Driver 6.0.6 (x64) (HKLM\...\{91A8C38A-0239-11E0-9658-189EDFD72085}) (Version: 6.0.6 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mixed In Key 4 (HKLM-x32\...\Mixed In Key 4) (Version: 4.0.1 - )
Mixed In Key 5.0 (HKLM-x32\...\{8313B422-7A4E-4003-85D6-A1A95619E5AB}) (Version: 5.0.872.0 - Mixed In Key LLC)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDG GOLD NCO - 2013 (HKLM-x32\...\com.mcmguides.pdg.NCO.2013) (Version: 5.1.41 - McMillan Study Guides, Inc.)
PDG GOLD NCO - 2013 (x32 Version: 5.1.41 - McMillan Study Guides, Inc.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Scratch Live 2.4.2 (20) (HKLM-x32\...\{8C01DE13-E9D4-4F69-8A46-52034B1579B4}) (Version: 2.4.2 - Serato Inc LP)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Serato Video (HKLM-x32\...\{B2BE8E3F-17E8-4784-A1FC-510575EE0223}) (Version: 1.0.0 - Serato)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
Toraverb (HKLM-x32\...\{775500D3-ADB1-4735-B7D2-46DB6706B450}) (Version: 1.0.0.0 - D16 Group Audio Software)
Trapcode Particular (HKLM-x32\...\InstallShield_{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}) (Version: 2.1.0 - Red Giant Software)
Trapcode Particular (Version: 2.1.0 - Red Giant Software) Hidden
Trapcode Shine (HKLM-x32\...\InstallShield_{D4C0D93D-7924-486F-9B30-27ABD4EA3BB3}) (Version: 1.6.0 - Red Giant Software)
Trapcode Shine (Version: 1.6.0 - Red Giant Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{FD1408CA-47E3-45C8-B7CB-75AEB8F98DA1}) (Version: 2.13.0273 - Samsung Electronics Co., Ltd.)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC (HKLM-x32\...\{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}) (Version: 1.0.0.0 - VLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0) (HKLM\...\B30ECD0209A21D638611F893829C8AF3A483A302) (Version: 04/29/2008 2.5.0.0 - ENE)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (HKLM\...\4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Chrome SxS\Application\43.0.2357.2\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:34 - 2015-04-03 17:49 - 00001515 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
136.243.254.253 www.google-analytics.com.
136.243.254.253 google-analytics.com.
136.243.254.253 connect.facebook.net.
192.95.55.231 www.google-analytics.com.
192.95.55.231 google-analytics.com.
192.95.55.231 connect.facebook.net.
89.163.213.173 www.google-analytics.com.
89.163.213.173 google-analytics.com.
89.163.213.173 connect.facebook.net.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006BBF48-B16C-4BBD-B95D-04A0315F3AE8} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {142EB991-6EFE-451F-AD64-10F444B0300B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1905616980-2508883315-2640086917-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-20] (Google Inc.)
Task: {1C7B57E1-7BDD-4E5C-8AF2-52393E5D7DB6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1905616980-2508883315-2640086917-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3096CFFD-B485-437A-92F6-C4B0BEAAFC95} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {3CF1133D-7D27-474B-A556-193CF3879776} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1905616980-2508883315-2640086917-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {479AC48B-6CA2-4D49-95FA-545C4DC7BC72} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {4B77904F-816E-4E52-9267-4AB45BB717C9} - System32\Tasks\Google Updater and Installer => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-20] (Google Inc.)
Task: {762E35FF-C87A-480A-924F-CD43EE72ACE5} - System32\Tasks\AVG-Secure-Search-Update_0715tb_RML => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {87754145-5F9B-4365-962E-3C969E4D92D2} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{C9C7406D-A0B2-4308-9DF2-5D5A81014207}.exe [2014-12-14] ()
Task: {960C17B7-14C5-4E11-AF32-6E1FD754A5AF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {98FC0654-1354-40C6-B965-6E9EC48E92DA} - System32\Tasks\{15F9874D-1014-4C41-BCB7-A5170F04BC8A} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.114&amp;LastError=12007
Task: {C89F3EB3-EA92-463B-BFF4-7CA97D41207D} - System32\Tasks\AVG-Secure-Search-Update_0715tb_rel => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {D1AC48ED-3C8D-4ED7-B413-9CCFFF556371} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {D4083330-6F5A-4214-BA46-C51AB63D39AA} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe
Task: {D5234143-48A9-4303-9952-0DEBE91239D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {D5F9E8C0-BCF8-4152-B18C-713BF1C6F66B} - System32\Tasks\AVG_SYS_TASK_0715tb_DELETE => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {DFB7D8E4-5C3B-47B0-8866-FFD3E4E1C055} - \Re-Markable Update No Task File <==== ATTENTION
Task: {E447AE8A-5C70-4A33-80FE-1D831D48AC7F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-03-22] (AVG)
Task: {E5E39C48-03A9-4CDA-97A4-1365CE8B20B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1905616980-2508883315-2640086917-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{C9C7406D-A0B2-4308-9DF2-5D5A81014207}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905616980-2508883315-2640086917-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905616980-2508883315-2640086917-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (Whitelisted) ==============

2008-10-20 01:34 - 2008-09-23 13:18 - 00365904 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2014-03-22 23:09 - 2014-03-22 23:09 - 00675640 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-03-22 12:33 - 2015-03-22 12:31 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2013-09-05 02:17 - 2013-09-05 02:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-23 02:53 - 2015-07-23 02:52 - 02579856 _____ () C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
2014-02-24 21:35 - 2015-03-22 12:31 - 02503704 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2015-04-08 19:42 - 2015-04-08 19:42 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-08 19:42 - 2015-04-08 19:42 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-23 01:20 - 2015-07-23 01:20 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072300\algo.dll
2015-07-25 00:35 - 2015-07-25 00:35 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072402\algo.dll
2008-10-20 01:34 - 2008-09-23 13:18 - 00132432 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2015-03-22 12:33 - 2015-03-22 12:31 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2015-04-08 19:43 - 2015-04-08 19:43 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-22 12:33 - 2015-03-22 12:31 - 00693272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.3.0\NativeBrowserApi.dll
2013-09-05 02:14 - 2013-09-05 02:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:KTQtAG2U8VG6CXo5n
AlternateDataStreams: C:\ProgramData\Microsoft:vxCejqghsdJ61l9ncxKHmq
AlternateDataStreams: C:\Users\Owner\Downloads\Universal Spark - Rays of Light Preview 2.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\Downloads\Universal Spark - Unleashed (Teaser).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\Downloads\Where'd You Go Bootleg.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:3rrKZ0YXHiswvmeIi
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:9boMzydMOBGblBLTGVCrJQgrEu
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:GxWuTSZA4YyLpCTqeoVM9RMe6
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temporary Internet Files:5ZZF9jREmYqG2jv6HBv1ZXK7

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\img24.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: PasswordBox => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Launch Utility Application.lnk => C:\Windows\pss\Launch Utility Application.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: 360Amigo => "C:\Program files\360Amigo\360Amigo.exe" -autorun
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Owner\AppData\Local\Smartbar\Application\QuickShare.exe startup
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DigidesignMMERefresh => "C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe"
MSCONFIG\startupreg: DVDAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\M-AudioTaskBarIcon.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QlbCtrl.exe => "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
MSCONFIG\startupreg: SMessaging => C:\Users\Owner\AppData\Local\Strongvault Online Backup\SMessaging.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: TVAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{117E2B1E-4597-4C04-9195-F3699BC75962}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{04AB6D44-6FBE-4BC6-937C-3E3EE9ACE597}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6B0A6CAC-4265-43E5-8B41-5D25A542F531}] => (Allow) LPort=80
FirewallRules: [{69DEAA7B-6785-4677-86DD-DB86A614CD9F}] => (Allow) LPort=80
FirewallRules: [{B3CA8EE7-2E6E-41CC-84F1-B526FFCC61F8}] => (Allow) LPort=80
FirewallRules: [{F6F82573-5C6F-41F6-B2B2-7F9CA191D974}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C1CD5285-A703-474D-BA0D-F8ACF10E0FC6}] => (Allow) LPort=2869
FirewallRules: [{2EE3D24E-5FDE-4EBC-9937-4DB54DFFAD46}] => (Allow) LPort=1900
FirewallRules: [{47FEBF0C-3F29-4C77-AC72-CC9CFDAE5737}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EDA5741A-C0A0-4D7B-B404-99D94B000BD9}] => (Allow) LPort=3724
FirewallRules: [TCP Query User{04970AED-7EFB-4C90-AD7B-0A0C1B7DA66B}C:\users\owner\downloads\downloader_warcraft3_the_frozen_throne_enus.exe] => (Allow) C:\users\owner\downloads\downloader_warcraft3_the_frozen_throne_enus.exe
FirewallRules: [UDP Query User{12AAC9B3-3944-41AE-8A0E-79F79287A215}C:\users\owner\downloads\downloader_warcraft3_the_frozen_throne_enus.exe] => (Allow) C:\users\owner\downloads\downloader_warcraft3_the_frozen_throne_enus.exe
FirewallRules: [TCP Query User{5B1B000B-00C4-4966-A6E9-14755F43AA6C}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{5C9C67F6-053C-449B-B6FA-C3713D16C11B}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{E9E7BEB2-AA8F-48D1-9797-93D837180F39}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{3F4C7C55-39CF-45F7-AB15-A45118A71B97}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{C1F1102E-595E-4C13-AC00-194499DF81F0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{06F4FE8E-AA48-4C24-99FC-72CEE6BEF9D5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{6FA038EC-13A1-4804-907D-401E3A28E5CE}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{6AA834E2-95A5-41F9-A277-1B5F7CACEA83}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D191E6A0-3492-46F3-BCBC-923A3892285B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{1D7549F0-F8BB-443E-8D98-9AD97E8469B4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{DB1EDE7C-92E6-426B-94A6-F6D556FABA92}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{426187F7-D718-43B5-986C-7A605357070C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{325B8C05-96C8-49C6-85B0-A5C22C661777}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{7A33A57F-0424-438F-B1F3-2215FE365099}] => (Allow) C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{28A05F0C-90BD-4036-943C-A9A36F04EDC1}] => (Allow) C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{668F0A4C-9251-4095-AB46-438C438F7A5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{29BCF8C1-5BD1-49C6-A687-2A4F150B528B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{531117FD-95C4-41AC-8605-2B3EBA2A0C7D}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{4D6AD655-D014-4DE5-919B-72F81B44BDDE}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{A1B876E3-6607-4F6A-8203-1759334413E0}] => (Allow) C:\Users\Owner\AppData\Local\Google\Chrome SxS\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Description: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2015 12:36:04 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (07/25/2015 12:36:04 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (07/23/2015 02:59:21 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (07/23/2015 02:59:20 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (07/23/2015 01:42:59 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (07/23/2015 01:42:59 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (07/23/2015 01:36:39 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/23/2015 01:23:37 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (07/23/2015 01:23:37 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (05/06/2015 12:20:14 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8


System errors:
=============

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-07-25 00:36:37.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-25 00:36:37.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-25 00:36:36.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-25 00:36:36.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-23 02:53:23.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-23 02:02:46.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-23 02:02:45.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-23 02:02:45.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-23 02:02:45.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-23 02:02:45.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P7450 @ 2.13GHz
Percentage of memory in use: 61%
Total physical RAM: 4062.02 MB
Available physical RAM: 1578.36 MB
Total Virtual: 8331.29 MB
Available Virtual: 5537.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.78 GB) (Free:114.46 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:13.98 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FD338468)
Partition 1: (Active) - (Size=451.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached File  attach.txt   20.77KB   0 downloads

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 25 July 2015 - 09:39 AM

Greetings,

Unfortunately there is evidence of illegal software on your computer. Before starting to clean your computer I am going to ask you to remove Microsoft Office. You have 2 versions so please remove either or both if you don't have a valid Product Key. If you are willing to do that let me know and I will post our first steps. If you prefer not to do that let me know that as well and I will then close the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ReFx

ReFx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 25 July 2015 - 10:50 PM

Yes, I'm willing to do so, I actually have 2 legal copies of Microsoft HUP on my other computer. Let's please proceed, thanks Gary!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 25 July 2015 - 10:57 PM

Greetings John and thanks. Let's start with this.

FYI I am going to be logging off shortly.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all of the programs associated with the below. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

AVG 2014
AVG PC TuneUp 2014


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Program Files (x86)\AVG SafeGuard toolbar
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Run: [AVG-Secure-Search-Update_0715tb] => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2579856 2015-07-23] ()
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hptv.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
C:\Program Files (x86)\AVG\AVG PC TuneUp
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  No File
URLSearchHook: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL =
SearchScopes: HKLM -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> DefaultScope {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> {476FDD4A-D6FB-4A7C-98A5-09A6A377D958} URL =
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-22] (AVG Secure Search)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-22] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-22] (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-03-22]
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885 [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-08]
FF HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-08]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2183992 2014-03-22] (AVG)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-22] (AVG Secure Search)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
2015-07-25 00:34 - 2015-07-25 00:34 - 00002724 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_RML
2015-07-25 00:34 - 2015-07-25 00:34 - 00000340 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job
2015-07-23 02:55 - 2015-07-25 00:28 - 00000354 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job
2015-07-23 02:55 - 2015-07-23 02:55 - 00002646 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_rel
2015-07-23 02:53 - 2015-07-25 00:29 - 00000406 _____ C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job
2015-07-23 02:53 - 2015-07-23 02:53 - 00002908 _____ C:\Windows\System32\Tasks\AVG_SYS_TASK_0715tb_DELETE
2015-07-23 01:16 - 2015-07-23 02:54 - 00000000 ____D C:\ProgramData\Avg_Update_0715tb
2013-05-27 18:56 - 2014-06-05 11:05 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
C:\ProgramData\SymUpdate.exe
C:\Windows\System32\nvd3dum.dll
C:\Windows\System32\Drivers\avgidsfiltera.sys
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
Task: {3096CFFD-B485-437A-92F6-C4B0BEAAFC95} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {762E35FF-C87A-480A-924F-CD43EE72ACE5} - System32\Tasks\AVG-Secure-Search-Update_0715tb_RML => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {87754145-5F9B-4365-962E-3C969E4D92D2} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{C9C7406D-A0B2-4308-9DF2-5D5A81014207}.exe [2014-12-14] ()
Task: {C89F3EB3-EA92-463B-BFF4-7CA97D41207D} - System32\Tasks\AVG-Secure-Search-Update_0715tb_rel => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {D4083330-6F5A-4214-BA46-C51AB63D39AA} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe
Task: {D5F9E8C0-BCF8-4152-B18C-713BF1C6F66B} - System32\Tasks\AVG_SYS_TASK_0715tb_DELETE => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {DFB7D8E4-5C3B-47B0-8866-FFD3E4E1C055} - \Re-Markable Update No Task File <==== ATTENTION
Task: {E447AE8A-5C70-4A33-80FE-1D831D48AC7F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-03-22] (AVG)
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{C9C7406D-A0B2-4308-9DF2-5D5A81014207}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
AlternateDataStreams: C:\ProgramData\Microsoft:KTQtAG2U8VG6CXo5n
AlternateDataStreams: C:\ProgramData\Microsoft:vxCejqghsdJ61l9ncxKHmq
AlternateDataStreams: C:\Users\Owner\Downloads\Universal Spark - Rays of Light Preview 2.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\Downloads\Universal Spark - Unleashed (Teaser).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\Downloads\Where'd You Go Bootleg.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:3rrKZ0YXHiswvmeIi
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:9boMzydMOBGblBLTGVCrJQgrEu
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:GxWuTSZA4YyLpCTqeoVM9RMe6
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temporary Internet Files:5ZZF9jREmYqG2jv6HBv1ZXK7
Hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did AVG uninstall?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 29 July 2015 - 09:29 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ReFx

ReFx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 30 July 2015 - 01:39 AM

So sorry for the late reply! Got super busy, I appreciate everything gary!

 

-I was unable to uninstall AVG but was able to uninstall AVG Tune up, I've attached a picture of what's AVG giving me when I try to uninstall

-Performance of Laptop has significantly changed but still a little slow, I feel that there might be some malware left??? Idk

 

posted below are the logs requested in order

  • Fixlog
  • AdwCleaner log
  • Junkware log

 

Thanks again Gary!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Owner at 2015-07-25 22:56:19 Run:2
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
C:\Program Files (x86)\AVG SafeGuard toolbar
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Run: [AVG-Secure-Search-Update_0715tb] => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2579856 2015-07-23] ()
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hptv.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
C:\Program Files (x86)\AVG\AVG PC TuneUp
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  No File
URLSearchHook: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL =
SearchScopes: HKLM -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> DefaultScope {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> {3CF2481F-854A-41B7-9CDF-7113C60591B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> {476FDD4A-D6FB-4A7C-98A5-09A6A377D958} URL =
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-22] (AVG Secure Search)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-22] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-22] (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-03-22]
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885 [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-08]
FF HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-08]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2183992 2014-03-22] (AVG)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-22] (AVG Secure Search)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
2015-07-25 00:34 - 2015-07-25 00:34 - 00002724 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_RML
2015-07-25 00:34 - 2015-07-25 00:34 - 00000340 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job
2015-07-23 02:55 - 2015-07-25 00:28 - 00000354 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job
2015-07-23 02:55 - 2015-07-23 02:55 - 00002646 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_rel
2015-07-23 02:53 - 2015-07-25 00:29 - 00000406 _____ C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job
2015-07-23 02:53 - 2015-07-23 02:53 - 00002908 _____ C:\Windows\System32\Tasks\AVG_SYS_TASK_0715tb_DELETE
2015-07-23 01:16 - 2015-07-23 02:54 - 00000000 ____D C:\ProgramData\Avg_Update_0715tb
2013-05-27 18:56 - 2014-06-05 11:05 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
C:\ProgramData\SymUpdate.exe
C:\Windows\System32\nvd3dum.dll
C:\Windows\System32\Drivers\avgidsfiltera.sys
CustomCLSID: HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
Task: {3096CFFD-B485-437A-92F6-C4B0BEAAFC95} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {762E35FF-C87A-480A-924F-CD43EE72ACE5} - System32\Tasks\AVG-Secure-Search-Update_0715tb_RML => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {87754145-5F9B-4365-962E-3C969E4D92D2} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{C9C7406D-A0B2-4308-9DF2-5D5A81014207}.exe [2014-12-14] ()
Task: {C89F3EB3-EA92-463B-BFF4-7CA97D41207D} - System32\Tasks\AVG-Secure-Search-Update_0715tb_rel => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {D4083330-6F5A-4214-BA46-C51AB63D39AA} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe
Task: {D5F9E8C0-BCF8-4152-B18C-713BF1C6F66B} - System32\Tasks\AVG_SYS_TASK_0715tb_DELETE => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-23] ()
Task: {DFB7D8E4-5C3B-47B0-8866-FFD3E4E1C055} - \Re-Markable Update No Task File <==== ATTENTION
Task: {E447AE8A-5C70-4A33-80FE-1D831D48AC7F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-03-22] (AVG)
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{C9C7406D-A0B2-4308-9DF2-5D5A81014207}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
AlternateDataStreams: C:\ProgramData\Microsoft:KTQtAG2U8VG6CXo5n
AlternateDataStreams: C:\ProgramData\Microsoft:vxCejqghsdJ61l9ncxKHmq
AlternateDataStreams: C:\Users\Owner\Downloads\Universal Spark - Rays of Light Preview 2.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\Downloads\Universal Spark - Unleashed (Teaser).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\Downloads\Where'd You Go Bootleg.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:3rrKZ0YXHiswvmeIi
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:9boMzydMOBGblBLTGVCrJQgrEu
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:GxWuTSZA4YyLpCTqeoVM9RMe6
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temporary Internet Files:5ZZF9jREmYqG2jv6HBv1ZXK7
Hosts:
*****************

C:\Program Files (x86)\AVG SafeGuard toolbar => moved successfully.
HKLM => Group Policy Restriction on software restored successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0715tb => value not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\groove.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hptv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\infopath.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\misc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msaccess.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msoxmled.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mspub.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mstore.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\offdiag.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ois.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\onenote.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\outlook.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\skype.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winword.exe" => key removed successfully
C:\Program Files (x86)\AVG\AVG PC TuneUp => moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => key removed successfully
HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => key not found.
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}" => key removed successfully
HKCR\CLSID\{3CF2481F-854A-41B7-9CDF-7113C60591B3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{3CF2481F-854A-41B7-9CDF-7113C60591B3} => key not found.
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}" => key removed successfully
HKCR\CLSID\{3CF2481F-854A-41B7-9CDF-7113C60591B3} => key not found.
"HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{476FDD4A-D6FB-4A7C-98A5-09A6A377D958}" => key removed successfully
HKCR\CLSID\{476FDD4A-D6FB-4A7C-98A5-09A6A377D958} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found.
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885 => moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
C:\Program Files\AVAST Software\Avast\WebRep\FF => moved successfully.
HKU\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value removed successfully
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx => moved successfully.
TuneUp.UtilitiesSvc => service removed successfully
vToolbarUpdater18.3.0 => service removed successfully
TuneUpUtilitiesDrv => service removed successfully
motandroidusb => service removed successfully
NAVENG => service removed successfully
NAVEX15 => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
SRTSP => service removed successfully
SRTSPX => service removed successfully
USBAAPL64 => service removed successfully
"C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_RML" => File/Folder not found.
"C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job" => File/Folder not found.
"C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job" => File/Folder not found.
"C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_rel" => File/Folder not found.
"C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job" => File/Folder not found.
"C:\Windows\System32\Tasks\AVG_SYS_TASK_0715tb_DELETE" => File/Folder not found.
"C:\ProgramData\Avg_Update_0715tb" => File/Folder not found.
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully.
C:\ProgramData\SymUpdate.exe => moved successfully.
C:\Windows\System32\nvd3dum.dll => moved successfully.
C:\Windows\System32\Drivers\avgidsfiltera.sys => moved successfully.
"HKU\S-1-5-21-1905616980-2508883315-2640086917-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3096CFFD-B485-437A-92F6-C4B0BEAAFC95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3096CFFD-B485-437A-92F6-C4B0BEAAFC95}" => key removed successfully
C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_REG_JAN_DELETE" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{762E35FF-C87A-480A-924F-CD43EE72ACE5} => key not found.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_RML not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0715tb_RML => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87754145-5F9B-4365-962E-3C969E4D92D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87754145-5F9B-4365-962E-3C969E4D92D2}" => key removed successfully
C:\Windows\System32\Tasks\1214tbUpdateInfo => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1214tbUpdateInfo" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C89F3EB3-EA92-463B-BFF4-7CA97D41207D} => key not found.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_rel not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0715tb_rel => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4083330-6F5A-4214-BA46-C51AB63D39AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4083330-6F5A-4214-BA46-C51AB63D39AA}" => key removed successfully
C:\Windows\System32\Tasks\KMS Activation for Office => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS Activation for Office" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5F9E8C0-BCF8-4152-B18C-713BF1C6F66B} => key not found.
C:\Windows\System32\Tasks\AVG_SYS_TASK_0715tb_DELETE not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0715tb_DELETE => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFB7D8E4-5C3B-47B0-8866-FFD3E4E1C055}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB7D8E4-5C3B-47B0-8866-FFD3E4E1C055}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-Markable Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E447AE8A-5C70-4A33-80FE-1D831D48AC7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E447AE8A-5C70-4A33-80FE-1D831D48AC7F}" => key removed successfully
C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013" => key removed successfully
C:\Windows\Tasks\1214tbUpdateInfo.job => moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job not found.
C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job not found.
C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job not found.
C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => moved successfully.
C:\ProgramData\Microsoft => ":KTQtAG2U8VG6CXo5n" ADS removed successfully.
C:\ProgramData\Microsoft => ":vxCejqghsdJ61l9ncxKHmq" ADS removed successfully.
C:\Users\Owner\Downloads\Universal Spark - Rays of Light Preview 2.mp3 => ":TOC.WMV" ADS removed successfully.
C:\Users\Owner\Downloads\Universal Spark - Unleashed (Teaser).mp3 => ":TOC.WMV" ADS removed successfully.
C:\Users\Owner\Downloads\Where'd You Go Bootleg.mp3 => ":TOC.WMV" ADS removed successfully.
C:\Users\Owner\AppData\Local\Temp => ":3rrKZ0YXHiswvmeIi" ADS removed successfully.
C:\Users\Owner\AppData\Local\Temp => ":9boMzydMOBGblBLTGVCrJQgrEu" ADS removed successfully.
C:\Users\Owner\AppData\Local\Temp => ":GxWuTSZA4YyLpCTqeoVM9RMe6" ADS removed successfully.
"C:\Users\Owner\AppData\Local\Temporary Internet Files" => ":5ZZF9jREmYqG2jv6HBv1ZXK7" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

==== End of Fixlog 22:56:30 ====

 

 

 

 

 

# AdwCleaner v4.208 - Logfile created 26/07/2015 at 01:22:14
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner(2).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AVG Secure Search
[!] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[!] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[!] Folder Deleted : C:\ProgramData\Avg_Update_1114tb
[!] Folder Deleted : C:\ProgramData\Avg_Update_1214tb
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Owner\AppData\Local\AVG Secure Search

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\AVG Security Toolbar
Key Deleted : HKU\.DEFAULT\Software\IM
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit-apps.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[a8mptzl1.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");

-\\ Google Chrome v


-\\ Chromium v


-\\ Chrome Canary v46.0.2465.2

[C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [25597 bytes] - [24/02/2014 15:14:40]
AdwCleaner[R1].txt - [9648 bytes] - [25/07/2015 23:00:57]
AdwCleaner[R2].txt - [9707 bytes] - [25/07/2015 23:26:07]
AdwCleaner[R3].txt - [9206 bytes] - [26/07/2015 00:17:40]
AdwCleaner[S0].txt - [23840 bytes] - [24/02/2014 15:17:06]
AdwCleaner[S1].txt - [8477 bytes] - [26/07/2015 01:22:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8536  bytes] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows ™ Vista Home Premium x64
Ran by Owner on Sat 07/25/2015 at 23:44:20.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1905616980-2508883315-2640086917-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5D9FA932-8D8C-40EC-9192-A538B6854A52}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update lucky leap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util lucky leap



~~~ Files

Successfully deleted: [File] C:\Users\Owner\Appdata\LocalLow\skwconfig.bin



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{002BD390-6C76-43F1-940D-71A421B3BBA4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{01C6ED56-E7D8-441E-B412-11408E69821D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{022F2DCF-9923-461F-B90F-EAB2CC5613B1}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0327B99A-D030-4ACF-892B-07859D846044}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{03610CA6-1AD8-4F4F-A80F-B98607F9871B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{03B746A9-588E-44BC-8658-C247D25C0145}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{03F27570-2BA0-424F-8527-44517439DDEC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{04068784-DF5D-49BD-B4A4-E9821340BDAD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{04E11425-C344-47B6-B606-B1313FC2F2AC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{05E8CF63-271D-4931-AF5B-09DE30A261E2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{062FC81A-9544-48D2-BAE1-86B3D737CE74}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{070C4EF7-D184-47F6-A3BE-9F04F9CF744C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0C0D4362-0566-4FC0-A4CC-827E39E1BAA1}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0CA43E15-B975-4875-8A08-0B5738987024}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0CAEA513-307D-4FDD-B0C9-0F125B4A512F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0D3B6293-7B0A-4AAA-A73F-803C8C02F823}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0E87BA35-EC6D-4A27-88A8-4E6EA1A130CC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0E87EE7F-240E-4398-B11C-2EE57B8585B8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0E9A4902-FEBE-4CE8-8945-16BC9581B00A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0EF60A69-EFD7-46A5-A883-92D43A479BCB}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{0FEE645C-AB8C-466D-9638-30885EDA7BC3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{11135348-CC49-4A0A-8938-2BCFC6A2FAD3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{113645EC-F77D-497F-A0AC-661306F2DF6F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{11DE448C-1CFF-4DDC-8415-0A7B093C80A2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{1349EDE1-30E3-427B-855A-5B8D4D173A35}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{136FDDDA-4817-42AB-908F-366629DCFFE4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{13976025-84A9-43DD-A142-2734A0E02940}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{13D9FE25-8067-4D48-83B9-2B7E75BE6482}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{13F8DA8F-7C97-4324-81CB-B588B52A34E4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{169E6E83-FC40-4F58-9112-42DCE1A12A2E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{16E2B1CF-D75B-4F74-9638-31E54E3F1D34}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{170E4610-2D48-44B6-A8AD-9592E245DD1B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{17385ECB-EDBE-4E27-81F3-7F087106EB8F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{175E9BFA-2687-4A30-88F8-2AD55C6BBBD9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{17C41AFA-6FDB-4093-A8E6-10577455BAF2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{17D9C540-12E5-455A-99F9-31D2CB688D30}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{18DB9C4A-E04F-4D80-B5B7-91B708C99F43}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{19E3D58F-616B-40F8-B551-823D56DB5545}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{1A2FFD61-705B-4AA1-8D4A-AECB5289266A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{1BF3CE47-1249-45AC-97F3-ED2A5267F6BD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{1CFEED56-B2AC-4A5C-9910-1B261120DBDD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{1D33D9EE-0F0F-40D5-82A8-D1F358A6432D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{1D4A625A-CAE7-45FA-9EFA-8F2DADBD2CA5}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{1E3F7A64-BD28-4620-89B3-0850A63999A2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{1FD7E861-4CCB-42D9-8D2D-AC32C004249A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{204DFB1C-9A1F-48F8-9D78-D768A1A2081A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{20655AE4-A064-4CEB-873C-961EEE4BF8C9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{20DC3FE1-64A8-4A5E-9447-D4412ED3DDF8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{213D02A4-008B-4B3A-ABD7-1F0B30AB2C00}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2152D561-5AA8-435B-A321-68F82A907893}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{21A9C8C4-2A54-4D6D-9D01-5BCCEDC06A68}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{221B103D-4DF9-41D7-ABF9-E631ED2A1F99}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2281CD14-779F-420B-A778-5ED792EECA11}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{235B9E88-27DC-45F8-8CB0-35D79999BB0C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{251AABED-0B2B-4BBF-BF21-61B018E77471}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{25AE50AD-03A6-4C88-9545-73DD8E3E1B8F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{25C913EE-2876-4F10-A979-162B6FE98C67}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{260CC8EC-D0D2-449D-8326-B61798B5F228}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{273017EF-178E-4BA9-AA40-741EF22ED66F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{28222CA5-619C-48C2-8BE8-474704ED7799}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{28C5563C-4EC3-4BBB-827F-2A226D5227AD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{28CD88EE-C1EA-4C06-8A50-67179BCF25B8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{292E75A5-683A-4516-BA19-11CA98490E44}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2A2694E7-CDA6-4132-8EE3-FE907390663A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2A3AB20C-3E63-421A-A5BF-6FBCF986E9E4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2ACDDF4F-5EEF-4565-8CBF-E58A9A605C06}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2B123664-68AD-499F-AEDB-6A3F274E70C8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2B1E5CBF-3C14-41CC-A20F-EB52D4187DA4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2B36782F-1E64-4943-93C3-6EFECC26477C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2BA8F2D6-FFD1-41BA-92E8-B77388403FD3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2C70C1A3-FB67-41E2-A179-953DE2F53AC2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2D5B063F-21D1-445C-89A8-176C2DC9E914}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2D789906-8D54-41F1-B386-8A2E2971C1A9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2EC45155-11BF-4809-A3CE-3E6EC4FCF51D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2F8E8A79-59E8-44BE-959D-3EA6B1B0B978}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{2FC587A9-288B-4E96-AB9A-8B5B48ABE4DA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{306EB180-925D-4DA8-AE9C-AB7B5ED9F0CE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{30DCA9E0-A446-4DA6-AD87-CE131391865B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{332E3C00-98A2-469C-AE32-B9FB6C7F5898}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3395C1EB-C78C-4C0F-AABB-392954AB10B0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{36BCC445-7579-47A4-9CB5-26CEF56884D4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{37623872-23E0-4DFD-B1BA-EA646D9478CF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{37EE1E1E-31CC-4EF8-9E8C-E5561456C818}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{37FEEB2F-9F41-4BB3-9D2A-9F7228F3F95E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{38406418-D035-4131-98C9-386B62A66AD7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{396524AC-2A39-4403-B97A-C929C03CF614}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{398CC79C-FB9D-4C8A-A3E1-1B4103E6F582}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3B101FBA-59B2-442C-8C8E-CD2675227525}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3B916E1B-8E5D-4EC0-96D5-4C65521A3C0A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3BD1DB4C-C26E-4151-8A0C-959D3C27BF64}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3BE6F8B4-5CAA-4F61-838A-25C230CD2C10}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3C3DE306-7768-45B0-83C9-04B6B198982D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3CDA1DC7-2CD6-4E32-86F7-B2C785EC4C1B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3D6C09C0-E00C-4A04-B3C9-2DFE7B6E77B2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3D9B3480-A9D1-4DA1-82F6-3DF950E75C5A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3EA3BC57-1457-4652-8749-1BB866F7785E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{404571CB-53C3-4191-B73E-8BF6C4C5FBE7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{416DD133-0A7E-4F23-B462-BC8E7D58C119}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{41EC8532-5BAA-4A8D-82DC-3580F39EEAF0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{432A8B55-C17F-4CC4-8CD5-09150EE2FC5C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{443AB818-E5F4-4958-99AA-148D1A42394F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{44C513CD-4B34-4147-A63A-4FE7A8A30978}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{45790116-C723-4209-B783-61A4E69EC6A0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{45972426-3CAB-4EE5-BDAD-0AB4BCB4CB53}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{45CC3D9B-039E-46B4-A8B2-D74364367FDD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{469F22AD-6600-4583-BF6F-940475A903AF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{46B2847F-4AAC-4C16-AF02-EF188B10D099}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{47491FB1-463E-41D5-A99F-BD2F6B4861A6}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{47A5052A-80D0-4B9A-BE7C-575685406193}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{48FBE58E-7F63-4C09-9D89-B9136E876C0A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{494A65DC-BED7-4260-9B88-BB284A29532A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4B273572-7253-49A0-9F0A-39812F77361F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4BC36B72-0DF0-47D7-960C-69A4449DBBB6}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4C4FFCBA-8B9A-423F-B5D7-D687841482E8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4DADDC5D-4B25-4ED3-941F-F39C66F0E90B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4DC1548F-A8DE-4A47-8525-D452D869031E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4ED02081-F10F-4CD9-9B2E-43363212E825}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4F35EFDB-7ECB-4998-9E44-E6B6F96BB453}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5010BF9A-892E-4CF4-9E0D-CC2520D1402C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{506CF94B-BF56-456B-AFD7-EF6A1BC0B5BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{51C6BC8C-20D7-45A4-95ED-0CA3C1BE70EA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{51ED7599-63FC-456F-BB91-3922801B2DBE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{51FDA5FC-409B-41C2-8E46-567C0D7E2EC2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5248D3A2-27DD-4E6E-9832-3A60AFD7D305}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{52C5CB91-FACC-43ED-8152-5F698734713B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5348CA05-3E5C-4FAA-91A6-69401A32BAF0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{54291B71-E8DB-4964-BBA3-37B519939017}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{54E00B11-F154-42BD-8344-F36ED473FB74}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5646A6DD-2218-4B98-ADC8-804C506D7CCE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{566F525E-BC15-4BE2-B634-D816B7E48234}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{56CFA10A-1705-4F12-9888-BFEE981055D6}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{57A17929-6122-47D5-A25B-63FF37CC28D9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{57D20F40-01B7-4195-9F9F-02147A2E282A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{57DF0B69-3CCB-4FC9-AD1F-D796DA388411}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5813C464-5D2A-4956-B8B6-2C4735097C44}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5962660C-1A56-4D0D-9913-CA4CFFF03E30}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{59D7070C-57DC-45B5-A8CD-2F340989D3D7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{59D72322-A450-400C-906D-54A08FBE63B3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5A00596F-6355-4850-B5C7-3577517A2491}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5AB7FF1D-67CB-4653-93CF-4444617D6E74}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5B498000-8C5B-447E-93D9-20668547E5B9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5BA3E4A0-3CBD-4C5A-90C4-76362FB00C37}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5C267ADB-8DE0-40C1-AC2F-DB680BBE0779}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5C8031A1-E4E0-4C71-8122-A516DEEB7B33}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5CC39682-7C05-4AF1-BD05-1CCF1B8BC19A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5CD8619F-66FB-4358-A36F-C0E1CFE1BB58}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5DE6FD9E-73C1-49F0-B3B9-87BA4E3F77C0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5E2CC472-722F-4326-8AF3-A8BD27C39ADB}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5E4FB6DB-6D0A-4BF8-BC42-8256FEBAA458}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5EE74767-AF55-48F4-9BBC-7C515443083F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{5F926122-2C8A-4600-98BC-F454748660BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6066E51D-5700-487A-B8FF-A04C50718C24}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{62616552-7469-47E3-9DC7-B1B049CFF49E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{63FD47FD-B442-4BFB-ADAF-F6BAE0FA7687}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{655FF4C1-1C8F-4F08-877F-C316E31B2810}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{66CEBDF2-D76D-45C0-9CFC-DA75DDA62FEC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6779780D-D57C-41E9-8225-A2D81FC61C71}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{678042F1-5A7C-4CCB-A222-C9D623E48B4C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{682C99CE-068A-4C7A-852B-DD7AB33AFC24}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{686BA575-A45D-458F-BBE5-D482C97E6152}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{69073EF1-B500-4E77-A0DE-A0F69282FFC6}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6A41954A-685E-492B-88C5-295CBBE9D1BA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6A5ACBD1-68FB-406E-9214-4D6196CB2E95}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6AA75FE7-4734-4975-9C09-DEA41BC865A9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6B31811C-0D97-46C5-9D2F-4D7879DEEC26}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6BA2FEE9-D6C0-421B-9AAE-A3D56D6047C6}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6D056058-2952-4CCC-BAF2-8B3B96F37685}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6E6F0BE3-45BB-433E-959A-ED5D6A7763B8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6F2A646B-85BD-41EE-9ABA-003F77315BA0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{72477B67-B3D7-42D6-BEC8-4A55DD2DD215}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{72FF7E76-60CE-475A-B261-4A13CAE2CDBC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{737954A4-AC76-4C2D-9CDA-10BCB16058F0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{74BF55A8-5AE0-44DA-A802-70C66D9FB7C8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{74D835FA-C75B-4A9B-8C45-AC054A9BD2CE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{756F1D9A-3677-406A-ACB8-CE346EBAA6D0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7692C371-9D61-43F6-AB3B-88BD58324E86}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{782309EE-08A1-495D-9450-3E5686A6436B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7A549AF2-D7BE-40AE-BF9E-6E1474327FAA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7BE99955-394C-456B-8135-B44903935BF2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7C2C17A0-7541-43B9-AE84-EB4EAFD7A771}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7CD0A10A-B4CA-4F9E-B048-AA4CF0780BB6}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7CE3DC2B-AF0C-439C-91FF-834A2796CBF5}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7D5C5EA0-19C9-47D0-8D6F-125E633DD853}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7DC0942B-C366-404B-B293-546A5C836DFF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7F587857-46A6-4198-B85F-BA47B6CAD862}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7FDC4B54-E982-4C91-A660-B2976CAA031C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{80A7E315-6554-4969-9370-C6258F229760}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8147DD79-4043-4ED1-A919-A501CEFD78C7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{81509E6E-168C-4AAB-BDD8-556585612404}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{818B179B-16EE-411F-BC89-8E8CCB5CB16B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{83EB7430-10F4-40CC-A22D-70A85A2198C4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{851D9465-3419-421F-B5E9-9B483AF8FFF0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8527666B-DDA1-4BFF-8070-DCCA401A1B37}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{86BA48FB-389F-43DC-AA38-7D452774042D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{870D8C83-FC5F-412C-8E29-8632818DD8DA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{875D1F31-E186-4EC8-B9D9-659AB4885C1F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{87FAE937-4DC2-4A87-90E9-19BEE60A663B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{882597FD-7A24-48DE-8123-14DAB618EB22}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{88B3D1D4-2774-4585-8F2B-01890E1132F3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8920D570-D097-4D14-891F-BEDB89080315}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{89DA3F08-244E-419C-8EEF-77083AD2A41D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8A25688F-FA78-4A9A-B38B-BB2CBCACF459}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8AABFDCD-B88F-4E62-9BF8-90ACCEE4C9D3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8AB3BC57-807A-4B64-BE17-AE83902EBB32}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8B036C31-6232-4FD5-A422-44774BB969B6}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8B41B1F3-3F65-4E9A-BCF5-F96107B688D4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8BB67244-C796-4C8D-9E53-B86FD7536F29}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8BE1E530-9D9C-47D7-8DDD-A9E5780E66E1}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8C8D199F-B0FA-4405-9CDC-7862092A6EDA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8CA483D6-17CF-406F-BAEF-55276422C594}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8F56BEB7-AF0F-4F7B-8C8F-992456C034FD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8F6ECF38-221B-4830-9833-2B1AFB9DCE53}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{8F6F3E90-BB99-4477-9125-E7469A07F73F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9000291E-B63B-4A6A-A5EE-7DB17A97056E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{903CFEFC-AD80-477A-8EBB-DF577A53E496}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{91CB10C5-0ED9-4E60-9BF0-563D6D07EE8E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{92553B3B-9ECC-4B79-880D-D8E4BEAE82F7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{925930AE-1E21-4B13-9C67-2183B5B8EA69}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{927C65E4-171E-4E65-A2DE-2475D012DB52}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{93378183-CDDA-4637-97C8-A964A7C69250}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{945ADB6C-C330-4DC6-9CB9-DCF8685356A1}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{957C5258-DD82-4508-8D1B-EA96268CCF96}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9581A63C-D497-4673-A936-D8D25095A2A2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{95B87846-58E7-4AC1-8AF4-4356843140AF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{96F2155B-50EA-4694-BCB6-6DE28E509388}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{96FE893D-4BDD-4A9E-9B1B-432974E5774A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{97653586-6214-481F-A0C1-612D01D9604A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{97C766A9-2EAF-4422-AC65-96A7C052FED5}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{98C778FE-130A-42EA-B325-3A09EFB14B72}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{99EA3FD7-7D47-423E-9B5E-C63288E449D3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9BCB3DA1-EA4B-4EAA-B089-1B9B5165A42E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9BF6DB77-1A69-447E-8625-A100E657238A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9CF22807-47BF-4A9F-A27C-BDA85D72FA6E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9D10D9DD-171A-431B-91DB-9F8FF875E7DF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9E0C6F15-0B15-4CF6-A4E6-0097098A4C92}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9E220434-6158-4530-B743-9A4465C948A3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{9EA46CFC-823F-48F7-B63F-449B5011D698}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A1FEECA0-36D0-4ACB-BDFB-507C2BA4CF75}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A304302C-51A3-4AA1-9DBE-3861CBA97B94}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A5235A46-6CA7-4A0F-8270-74514EF52FD7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A594C1A9-A701-42B8-8DF8-B05DB8085FC1}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A6693956-2F04-401A-B678-31A95322C263}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A7110D0C-2EA2-4F5E-8ED7-0C12799960AE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A786446B-C9A4-4571-83B5-E301D2D017DD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A8F60797-2879-41FA-A535-6E28CB6617DF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{A9CA62EF-0330-4A0B-8C2F-0BD8CD8EF79A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AA0E0740-2C06-450F-A3DE-1C3DD8D75DA9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AB376263-01B2-4BE3-9E45-EB1844299ACC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AB66A42F-9709-4AFB-844B-2953961C0694}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AB68E0F4-7543-4ACA-8315-A77284B6B536}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AB8CBE71-0F7A-4B44-915E-51AD85B01051}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{ABF72689-828D-45B9-9ECC-91B338FBACB7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AC122086-AA2E-4B7E-A52D-6C1E187C150D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AC33CDAF-76A5-434D-B1BB-E0886EDFDC78}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AC8F6C86-DE97-4560-AB1C-DB774A8143B9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AE160EC6-3587-48A5-B4F1-1F1E9B8A4A7D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AE356F14-3B7E-4B36-834C-DA06BA5A894A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AEAF0160-E764-491E-AFE5-E732FF2B3563}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AF195919-78A4-49BD-9533-77DC498B26D1}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AF7173EE-F5BA-422E-889B-B8ED35FE9511}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{AFE49449-0D73-478B-9C48-3FFB3B1C60B3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B120B5B1-68FE-43CB-81F5-BE3E867E9367}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B25F6812-2251-45F4-AE7A-77B3FCF45C83}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B2ACE113-1863-44AC-9A9D-078E342A29DF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B2AFBA6B-D57C-4BE3-8377-EA6B4609F43A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B3C39612-6948-418C-B98A-94DA2E98979D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B3E52BFE-7A6B-4CBB-BD93-E6BD31820D0B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B42DE121-2C8A-431A-964C-F61F90FCC4BA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B445EFEC-E1A6-46AA-9EAC-C45549179F2F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B48965F3-EAFC-4541-AE33-15FFC5E273B8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B4EBFA10-EB07-4351-A3FE-30BC61E07B46}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B4ECBBA7-A423-4418-A16A-B9174AE9C8A7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B504D626-E8EF-44BB-B3B5-788BC04C5731}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B7191AF8-0F39-4129-A480-B73F1975ACD2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B826328F-A5BE-4B6F-A020-B7C3D50A6011}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B9E2F6B8-72C1-4D41-BA91-D45197EFA70B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BB6AC20F-A433-49F3-B5D8-7876A869CA8F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BC07BF10-9D3E-479D-AD12-6A32E7A3A4BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BC6F5974-85C4-465F-9FF9-F665BA399647}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BC8243AF-8242-4716-8EE9-39E2B5D39EBE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BDB81A2C-6283-47C2-AC8A-6A991A090FD4}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BDBFAD7A-6590-424F-910E-3C0C2ACC90C5}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BE25BEA0-264A-4A3A-A59B-A5DE48962DB3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BECF6063-D868-4F4A-9938-96CE3E8AB76B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{BF6EC9CD-3E3D-48D8-BD9B-E7E11D42E128}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C17C302C-7DAE-4E9D-A4A5-7F8F217C2304}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C1E02028-1CEC-4782-BF91-4317745E87FC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C1F20E8F-EAF4-48A4-97F6-7E1D9D25A332}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C2CC1346-7FB6-4003-BDEE-ADCA25754649}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C5E05F19-D61C-414B-890D-4560AD1AC371}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C62F57DD-FA8D-4A2A-9B48-13C9FA5CDBDA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C8112E08-6C16-46B3-BF12-75A75110FEB5}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C867B0D1-51B3-459A-8D7C-6ACB28DD2A93}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C887A6A5-558F-495C-9CA8-49FE72A52B0F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C89D80B7-FACE-4EEF-98A4-2C2B2209DB97}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{C8CDB869-A16D-48FF-A3ED-576522C7A984}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{CA14717A-61E5-4699-B140-8954FCCBF118}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{CA22BABB-EFD8-4F3E-AEC2-8BC5EFDE3509}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{CA44325A-C24A-44D4-B6D4-846CAA572198}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{CCBDE357-D06A-40C6-9AFA-2FA99A399234}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{CDE05D5C-44F2-4AE2-85C9-D706E62B50CF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D085FF74-6EF3-4133-B3B2-1A5FBE9B46AA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D08B425C-BF0F-484C-90AF-632C974A6EE2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D0D9A475-4B49-4B38-8857-27D304CAF761}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D0FD6B89-7477-42C1-8338-77D4619C9BD1}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D1DB79B7-58D2-4987-A0FB-6C0DFF75DB97}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D1F367D0-D484-4B86-AD6D-FFDFD2040128}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D1FCD3D2-E89F-489F-920B-9119B6CD5FA0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D244B84E-E304-4ADD-97FF-B6FC01227C2E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D361D6E7-33D9-4FFC-B4DB-EB18B1124FB8}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D3B46E1C-4622-48DD-814D-B303AA353449}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D3E31704-D327-4582-8F76-C4C933AF7606}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D43E2A3E-15D7-451E-9BF2-3A7CFB8DB00B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D5E0C048-076C-4E2B-8728-F14C1DA13B17}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D63EAC74-276E-4C95-97A5-9A51BF18A9F3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D664E0D0-F49F-4B4D-99E4-D24B3D850771}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D7A840A5-38D9-4D49-B219-DA3A1B4C5BD9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D8A1B752-DDEF-41B5-A56F-EEB2986C7A62}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D92CF9F4-1D18-47C9-B2DE-BE5E0A126476}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D932F8F9-2B76-40F3-B0A2-A1179224CC0A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D9E82504-CAA7-4DD1-B566-30EA87A892B7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{DC1AD5C4-75BB-42E6-BA6B-ACC8230233EC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{DD8410D4-E766-4FBA-BE72-F560D2A750A3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{DD8E71F7-6A0B-4063-AF45-CA61A7575B0C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{DE5A2108-237D-4280-9A66-A597DA3AE472}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{DEE04983-72FF-4AC2-852E-54941B57CDDE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{DF05093D-140C-4ABA-ADFD-B90C7D00F6D3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{DF438E0B-6B18-4DC8-827B-434971ABF15B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E0D0FA86-F717-4762-8447-695E9C4997A2}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E10C1058-BC58-4AA1-8AB1-657B6AC633EC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E144DC00-3CBC-4962-9724-997109991CEC}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E1D57859-32DC-4CCF-99D6-6E23968EC41C}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E32E29D0-1C97-407B-B61E-A5445A8114A3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E57CB680-1271-4B91-AB94-6CAA9C744B8D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E5B11A8A-9BD5-4576-8509-A03ED5AAEED6}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E60B647B-0B17-49DD-BB5C-3D7A5D1865BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E665C2A0-288E-4CF3-B4E3-951FB98F6491}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E79CB755-2B72-4CE8-9C26-C037C948D6DD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E7ACA890-0C7A-4197-99D1-9AF8FF078063}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E8C54754-CE55-4EA7-A098-3EF6B5E24405}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E8E15789-BE99-45E2-A9A6-B3BB8102FFEB}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{E9398EF5-B9C4-49C9-A4BF-FDEBA75E9ADF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EA9FF0C1-4797-4E18-A91F-2549A3C61AFD}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EAEF2D6F-8928-4156-96C5-7CA01F710BC7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EB2C4450-C8C2-436A-B110-8BD94F234540}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EB844DD2-79BF-44A1-B837-A1B61E514E08}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EBF99D43-D552-427A-9FD0-BA78CA5B90F7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EDEDC80C-6C83-491B-8D8C-83B6A22C31DB}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EDF51D3F-F9F7-4E64-BB17-2B3912DA38B9}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EEAD9DF0-FA42-4FE3-A80B-53F3E3238D36}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EEC3B315-1644-40AB-8116-4155D9769DCA}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EFA9425D-6274-40F6-BCC5-69B9314ADACF}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F05D8677-49E9-4C8B-87BD-1A903C6FC161}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F0C260A6-26DF-4EE8-8F52-5E22AD1ACEA7}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F0D06CF6-3078-42CD-8E89-6B60965E954F}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F0E4BAED-2433-4D8A-A258-715B0B3B2719}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F113BF2B-6CB2-4B46-8783-6B7630C99DFE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F2026EEB-0217-4D5D-AEBB-4768D3DBC2C3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F32B2A35-587B-4DA1-87D3-25E21F6531A3}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F4B3CB77-A0A7-4C02-98DA-5D13A7670549}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F5666C3D-FCB0-499B-B83F-2DD1D9244776}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F595906E-3D9A-4DBB-84B9-6BAAAFD4C5AE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F5DD0621-E127-4087-86E9-9227F8162493}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F62C0214-B851-4B0D-8771-8313C1DBE963}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F62C415A-0DA1-4F10-A1A0-79098AEF2B6E}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F7350D6D-F0B3-4B93-9D1B-336834DCE83B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F865A112-7A9C-4DA1-802E-A25C4B767A8B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F8DBC695-0C37-4F13-B5FB-C2C8412062D5}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F9C4362C-EC5E-46CC-B6B4-5796B4698516}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FA3FDDF0-D65F-46EC-ADAE-38B7BA4E8735}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FAFED14A-786F-4980-BE5A-237FE1DAAA94}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FB306012-73B6-4B80-BB9A-88B0C660A5B0}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FC011797-4199-4828-BDE8-05908029DB9A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FD6DFC13-7D39-41DB-91E5-168E314E1B1A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FD9656AB-7C74-4C59-94D9-65C1366623CE}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FDA7E175-9DD9-4E12-BC00-050D01557A1A}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FE414B57-2EC7-4BC4-9585-8CBB09DCB5C1}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{FE51C714-BB9F-4FB4-923D-B49F1CB1315D}
Successfully deleted: [Folder] C:\Program Files (x86)\avg security toolbar
Successfully deleted: [Folder] C:\ProgramData\avg safeguard toolbar
Successfully deleted: [Folder] C:\ProgramData\avg security toolbar
Successfully deleted: [Folder] C:\Users\Owner\Appdata\Local\avg safeguard toolbar
Successfully deleted: [Folder] C:\Users\Owner\Appdata\Local\stronghold_llc
Successfully deleted: [Folder] C:\Users\Owner\Appdata\LocalLow\avg safeguard toolbar
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



~~~ FireFox

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\a8mptzl1.default\prefs.js

user_pref(avg.install.extHomepage, hxxps://mysearch.avg.com?pid=safeguard&sg=&cid=%7Ba8916c80-80f0-4a18-b335-d91b07cce2bb%7D&mid=49d855982826374bb6767a000dd7667e-3c8cd7eb87
user_pref(avg.userPreferences.URLBarFocus.whiteList, bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com
user_pref(browser.startup.homepage, hxxps://mysearch.avg.com?pid=safeguard&sg=&cid=%7Ba8916c80-80f0-4a18-b335-d91b07cce2bb%7D&mid=49d855982826374bb6767a000dd7667e-3c8cd7eb8
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\a8mptzl1.default\minidumps [136 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/26/2015 at  0:05:52.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 30 July 2015 - 02:38 PM

Greetings John,

Looks like we took quite a bite out of things. :thumbsup2:

Please run this program.

===================================================

AVG Remover Tool

--------------------
  • Please download the below file and save it to your desktop

AVG Remover (64 bit) 2014

  • Double click the icon and select Yes
  • You will see a black command screen with rolling text while the program is being uninstalled
  • Reboot your computer as requested
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did AVG uninstall?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 02 August 2015 - 08:54 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 04 August 2015 - 07:33 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users