Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DriverUpdate and other redirects


  • This topic is locked This topic is locked
6 replies to this topic

#1 arcacar9

arcacar9

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 14 June 2016 - 09:50 AM

OK,I have a Windows 7 machine that has the DriverUpdate program that I can not remove. Also,I suspect other problems because the browser keeps getting redirected. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
Ran by Mike (administrator) on MIKE-PC (13-06-2016 11:17:05)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Users\Mike\AppData\Roaming\Dashlane\Dashlane.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Users\Mike\AppData\Roaming\Dashlane\DashlanePlugin.exe
() C:\Program Files (x86)\KODAK VERITE\ErrorApp\koab1err.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-05-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-06-10] ()
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-02-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-06-06] (Plays.tv, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Run: [Dashlane] => C:\Users\Mike\AppData\Roaming\Dashlane\Dashlane.exe [227200 2016-06-03] ()
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Run: [DashlanePlugin] => C:\Users\Mike\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-06-03] ()
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1401064 2015-11-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.scr [302448 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-08]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-02-27]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-08]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-08]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2012-04-13]
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11107DAF-1B2B-4A61-81A8-1E8E4BDFE6C3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_aw_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtCzytC0CyCzyyEyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0CtByCtCyDyCtGyByByCzytGtBtCtCtDtGtC0B0DtCtGtAtC0E0BzztC0ByEtA0CyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0BtCtAyE0A0FtGzytDyEtDtGtC0D0F0BtGtD0FzzyBtGtC0AtD0E0C0D0F0DtDzz0EtC2Q&cr=390618066&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_aw_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtCzytC0CyCzyyEyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0CtByCtCyDyCtGyByByCzytGtBtCtCtDtGtC0B0DtCtGtAtC0E0BzztC0ByEtA0CyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0BtCtAyE0A0FtGzytDyEtDtGtC0D0F0BtGtD0FzzyBtGtC0AtD0E0C0D0F0DtDzz0EtC2Q&cr=390618066&ir=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 15:30:31&v=19.4.0.518&pid=safeguard&sg=0&sap=hp
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_aw_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtCzytC0CyCzyyEyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0CtByCtCyDyCtGyByByCzytGtBtCtCtDtGtC0B0DtCtGtAtC0E0BzztC0ByEtA0CyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0BtCtAyE0A0FtGzytDyEtDtGtC0D0F0BtGtD0FzzyBtGtC0AtD0E0C0D0F0DtDzz0EtC2Q&cr=390618066&ir=
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {0D382F90-ACF6-4413-BDE9-FD4B6C93631A} URL = hxxp://search.findwide.com/serp?guid={A7048C5C-E1CF-4B8B-A77C-B56D4BD1715B}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {15FC63B0-9456-41E6-A06D-DCEEAD4B890D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_aw_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtCzytC0CyCzyyEyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0CtByCtCyDyCtGyByByCzytGtBtCtCtDtGtC0B0DtCtGtAtC0E0BzztC0ByEtA0CyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0BtCtAyE0A0FtGzytDyEtDtGtC0D0F0BtGtD0FzzyBtGtC0AtD0E0C0D0F0DtDzz0EtC2Q&cr=390618066&ir=
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {5AA0FB2F-45B5-4b28-8E51-261F7382C1A8} URL = hxxp://search.iyogi.com/search.html?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2014-02-05 15:30:31&v=19.4.0.518&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Mike\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-06-03] (Dashlane)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.518\AVG SafeGuard toolbar_toolbar.dll [2016-06-10] (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-29] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.518\AVG SafeGuard toolbar_toolbar.dll [2016-06-10] (AVG Secure Search)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Mike\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-06-03] (Dashlane)
Toolbar: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-04-17] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628
FF DefaultSearchEngine: AVG Secure Search
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxps://mysearch.avg.com?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&coid=avgtbavg&cmpid=1015tb&pr=fr&d=2014-02-05 15:30:31&v=19.4.0.518&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-22] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-22] (Best Buy)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-29] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1351908647-3471083223-3512540089-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-1351908647-3471083223-3512540089-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-1351908647-3471083223-3512540089-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\searchplugins\avg-secure-search.xml [2016-06-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-06-10]
FF Extension: AVG SafeGuard toolbar - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\Extensions\avg@safeguard.xpi [2016-06-10]
FF Extension: Dashlane - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\Extensions\jetpack-extension@dashlane.com.xpi [2016-05-12]
FF Extension: MyWordTool - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\emily@wilford.biz [2016-06-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] [not signed]
 
Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://ndibdjnfmopecpmkdieinmbadjfpblof/pages/newtab.html"
CHR Plugin: (Shockwave Flash) - C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\44.0.2403.157\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\44.0.2403.157\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll => No File
CHR Plugin: (Native Client) - C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\44.0.2403.157\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\44.0.2403.157\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\Mike\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
S3 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5164800 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080592 2016-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-05-20] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S3 PCPitstop Scheduling; C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe [91752 2011-09-13] (PC Pitstop LLC)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-06-06] (Plays.tv, LLC)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4803344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [49424 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-04-17] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [279296 2016-05-17] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2016-06-13] ()
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
U4 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 1890CDF2ECAE766E4A7185E4DBBF9EE1
C:\Windows\System32\DRIVERS\atikmpag.sys 1FE14B9C86B8C17F741BE4619CD2E421
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 6474F8823C7188D2DA579F01FB6CED6B
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys E265A0DFE19E601D604D469CC53076EE
C:\Windows\System32\DRIVERS\avgdiska.sys 3BF8CE64524E6249469F4EE69EBD10F9
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 40A057A0EE883F700968B658356E1A6F
C:\Windows\System32\DRIVERS\avgidsha.sys D54A730B8DA065C33901737446D7C006
C:\Windows\System32\DRIVERS\avgldx64.sys EF29083E562CF4283503A550DA31EA80
C:\Windows\System32\DRIVERS\avgloga.sys 301E95F388C93D3C73EE35E3693C6A97
C:\Windows\System32\DRIVERS\avgmfx64.sys 0E1CAF2EF339C9C3C3AFD574541A661F
C:\Windows\System32\DRIVERS\avgrkx64.sys 6F5CD5907DA028D61E7D2F39557370E4
C:\Windows\System32\DRIVERS\avgtdia.sys 264C4F3FDE0C1F4105599EEDD8430BDF
C:\Windows\System32\DRIVERS\avguniva.sys 66B4C2719D60DF8164D226756F3113BB
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA3FB5A6B626D8A00A89E049CF95954E
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\EtronHub3.sys CFBA28FAB72E6A39ADD71D958F219648
C:\Windows\System32\Drivers\EtronXHCI.sys 0241CE183139FF15CEA7234058CCF995
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 370C2A8629B30F910F740387795DDC6F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys CCEDD47ABD068C58C8513DEB785093BB
C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 0878723427BA190E5ABA5AA0112FA4D4
C:\Windows\System32\Drivers\ksecpkg.sys C08CCCE2BE68D04E6C142614736959DA
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 035C0A9A63DF3F3A52B90D8F6BF0F166
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8308FC2E9147D7632221E3279BB14660
C:\Windows\System32\DRIVERS\mrxsmb20.sys 1F8DA4ECAEA7E2BCD97E738795817431
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 5758FD37BF31E759F8610311E4D08ECA
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\drivers\PxHlpa64.sys 07D57B890DD5693A6AB660CBAE8F91B4
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 21AB491BBCC8C1B26FDC402A374AB196
C:\Windows\System32\DRIVERS\Sftplaylh.sys 3B8D43FEEFF7A187534DDDFD675FE123
C:\Windows\System32\DRIVERS\Sftredirlh.sys F1D1B1DC7A8765A09D7640FBF8D20970
C:\Windows\System32\DRIVERS\Sftvollh.sys B3B9ADE7F8C4AF0C20E712E040588543
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SWDUMon.sys E025525A90C45C7FFC24C37CF7E93C20
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 9B5C98C9F9EF5E62806DCD58B0D8EACE
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys D0335A55E5C3F812548E18300C2ACB62
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 11:17 - 2016-06-13 11:20 - 00052999 _____ C:\Users\Mike\Desktop\FRST.txt
2016-06-13 11:16 - 2016-06-13 11:17 - 00000000 ____D C:\FRST
2016-06-13 11:15 - 2016-05-17 12:04 - 02382336 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2016-06-13 10:55 - 2016-06-13 10:59 - 00000470 _____ C:\Windows\Tasks\DriverUpdate Scan.job
2016-06-13 10:55 - 2016-06-13 10:57 - 00003338 _____ C:\Windows\System32\Tasks\DriverUpdate Scan
2016-06-13 10:43 - 2016-06-13 10:43 - 00050211 _____ C:\ComboFix.txt
2016-06-13 10:11 - 2016-06-13 11:15 - 00000000 ____D C:\ComboFix
2016-06-13 10:11 - 2016-06-13 10:43 - 00000000 ____D C:\Qoobox
2016-06-13 10:11 - 2016-06-13 10:41 - 00000000 ____D C:\Windows\erdnt
2016-06-13 10:11 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-13 10:11 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-13 10:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-10 16:23 - 2016-06-13 11:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\PlaysTV
2016-06-10 16:23 - 2016-06-10 16:23 - 00002030 _____ C:\Users\Public\Desktop\Raptr.lnk
2016-06-10 16:23 - 2016-06-10 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2016-06-10 16:20 - 2016-06-10 16:22 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-06-10 08:22 - 2016-06-10 08:22 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2016-06-07 13:03 - 2016-06-10 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-06 22:35 - 2016-06-06 22:35 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\WINZIP_P21e6
2016-06-06 22:34 - 2016-06-06 22:34 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\WINZIP_Pa73b
2016-06-01 16:41 - 2016-06-01 16:43 - 243120548 _____ C:\Users\Mike\Downloads\Instant-Lightning-Backgrounds-1-2-3.zip
2016-06-01 16:41 - 2016-06-01 16:42 - 154213658 _____ C:\Users\Mike\Downloads\Instant-Lightning-Backgrounds-4-5.zip
2016-06-01 16:40 - 2016-06-01 16:41 - 62223377 _____ C:\Users\Mike\Downloads\INSTANT-LIGHTNING-BACKGROUND-17-MIN-VIDEO.zip
2016-06-01 15:36 - 2016-06-01 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-26 10:28 - 2016-05-26 10:28 - 00000995 _____ C:\Users\Mike\Desktop\PortraitPro Studio 15.lnk
2016-05-26 10:28 - 2016-05-26 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro Studio 15
2016-05-26 10:27 - 2016-05-26 10:28 - 00000000 ____D C:\Program Files\PortraitPro Studio 15
2016-05-26 10:26 - 2016-05-26 10:27 - 99384288 _____ (Anthropics Technology Ltd. ) C:\Users\Mike\Downloads\PortraitProStudioSetup64.exe
2016-05-18 12:13 - 2016-05-18 12:13 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2016-05-17 14:54 - 2016-05-17 14:54 - 00000000 ____D C:\Users\Mike\AppData\Local\{90F7867B-0EB8-4D44-A46E-E9A2E56002BC}
2016-05-17 10:50 - 2016-05-17 10:50 - 00279296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2016-05-14 09:50 - 2016-05-14 09:50 - 00000000 ____D C:\Users\Mike\AppData\Local\{020BFD55-96CF-484A-9FB5-767DB6216DA8}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 11:17 - 2012-08-24 06:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 11:17 - 2012-08-14 21:42 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351908647-3471083223-3512540089-1000UA.job
2016-06-13 11:10 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-13 11:10 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-13 11:09 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 11:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-06-13 11:07 - 2015-05-29 21:29 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1351908647-3471083223-3512540089-1000.job
2016-06-13 11:03 - 2014-12-19 15:43 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Raptr
2016-06-13 11:03 - 2013-07-29 16:12 - 00000000 ___RD C:\Users\Mike\Dropbox
2016-06-13 10:59 - 2015-06-15 20:27 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-13 10:59 - 2014-05-27 10:32 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2016-06-13 10:59 - 2012-08-24 06:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 10:59 - 2012-03-29 21:15 - 00000000 ____D C:\ProgramData\Kodak
2016-06-13 10:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 10:54 - 2012-05-29 19:33 - 00000000 ____D C:\ProgramData\MFAData
2016-06-13 10:51 - 2014-12-12 23:44 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2016-06-13 10:51 - 2009-07-14 00:08 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-13 10:46 - 2012-04-03 13:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-13 10:37 - 2015-06-15 20:27 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-13 10:36 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-06-13 10:32 - 2009-07-13 21:34 - 48496640 _____ C:\Windows\system32\config\components.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 29884416 _____ C:\Windows\system32\config\system.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 108003328 _____ C:\Windows\system32\config\software.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-06-13 10:21 - 2015-03-26 15:17 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1351908647-3471083223-3512540089-1000.job
2016-06-13 10:09 - 2014-05-01 21:02 - 07739392 ___SH C:\Users\Mike\Desktop\Thumbs.db
2016-06-13 10:09 - 2012-06-10 22:40 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2016-06-13 10:05 - 2014-04-21 14:45 - 03448320 ___SH C:\Users\Mike\Downloads\Thumbs.db
2016-06-13 10:03 - 2012-08-14 21:42 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351908647-3471083223-3512540089-1000Core.job
2016-06-13 09:58 - 2014-03-31 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-13 09:55 - 2014-08-16 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Adobe
2016-06-13 09:54 - 2015-06-29 09:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-10 20:35 - 2015-08-14 14:37 - 00003826 _____ C:\Windows\System32\Tasks\Google Update
2016-06-10 20:33 - 2014-12-19 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-06-10 16:26 - 2013-07-29 16:08 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox
2016-06-10 16:24 - 2015-06-15 20:27 - 00000000 ____D C:\Users\Mike\AppData\Local\Dropbox
2016-06-10 16:24 - 2014-07-30 11:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dashlane
2016-06-10 16:16 - 2012-04-29 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 16:02 - 2014-10-05 19:50 - 00000000 ____D C:\Users\Mike\Desktop\Photos
2016-06-08 21:40 - 2014-12-27 11:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-08 18:29 - 2012-08-24 06:40 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-03 10:33 - 2016-02-13 10:41 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-06-03 10:33 - 2016-02-13 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2016-06-01 15:36 - 2015-06-15 20:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-01 15:12 - 2016-02-13 10:41 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-06-01 15:05 - 2016-04-01 20:03 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2016-06-01 15:05 - 2016-04-01 20:03 - 00049424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2016-06-01 15:05 - 2016-04-01 20:03 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2016-06-01 15:05 - 2016-04-01 20:03 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2016-06-01 13:50 - 2012-05-29 19:35 - 00000000 ____D C:\Program Files (x86)\AVG
2016-05-26 10:30 - 2011-11-08 03:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-26 03:16 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 03:16 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-25 15:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-05-25 13:00 - 2015-05-29 21:29 - 00003674 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1351908647-3471083223-3512540089-1000
2016-05-25 13:00 - 2015-03-26 15:17 - 00003578 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1351908647-3471083223-3512540089-1000
2016-05-22 13:36 - 2016-03-15 15:01 - 00000000 ____D C:\Users\Mike\Desktop\mastering-lightroom-book-one
2016-05-17 14:56 - 2016-01-06 11:23 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-05-17 14:56 - 2015-08-14 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-05-14 09:47 - 2015-08-14 10:39 - 00000000 ____D C:\Users\Mike\AppData\Local\AvgSetupLog
 
==================== Files in the root of some directories =======
 
2013-09-15 15:49 - 2014-06-02 08:19 - 0003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-09-26 12:44 - 2014-12-07 15:51 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-12-27 22:29 - 2015-01-22 19:43 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CC Prefs
2014-12-04 19:43 - 2014-12-18 23:26 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-05-27 11:30 - 2014-05-27 11:30 - 0000047 _____ () C:\Users\Mike\AppData\Roaming\WB.CFG
2015-11-03 21:14 - 2015-11-03 21:14 - 0000038 ___SH () C:\Users\Mike\AppData\Local\56f857505417e3fe0c6362.11790009
2014-05-28 08:13 - 2014-09-07 22:16 - 0001456 _____ () C:\Users\Mike\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-06-27 13:32 - 2015-08-29 23:20 - 0001456 _____ () C:\Users\Mike\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-04-03 23:26 - 2014-03-05 12:09 - 0008192 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-17 10:43 - 2012-07-17 10:43 - 0003363 _____ () C:\Users\Mike\AppData\Local\HWVendorDetection.log
2012-03-29 21:21 - 2012-03-30 21:22 - 0006142 _____ () C:\Users\Mike\AppData\Local\installer.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {710f8115-4cc1-11e1-908b-8f476cad9d3c}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {710f8117-4cc1-11e1-908b-8f476cad9d3c}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {710f8115-4cc1-11e1-908b-8f476cad9d3c}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {710f8117-4cc1-11e1-908b-8f476cad9d3c}
device                  ramdisk=[C:]\Recovery\710f8117-4cc1-11e1-908b-8f476cad9d3c\Winre.wim,{710f8118-4cc1-11e1-908b-8f476cad9d3c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\710f8117-4cc1-11e1-908b-8f476cad9d3c\Winre.wim,{710f8118-4cc1-11e1-908b-8f476cad9d3c}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {710f8115-4cc1-11e1-908b-8f476cad9d3c}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {710f8118-4cc1-11e1-908b-8f476cad9d3c}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\710f8117-4cc1-11e1-908b-8f476cad9d3c\boot.sdi
 
 
 
LastRegBack: 2016-06-10 20:11
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by Mike (2016-06-13 11:20:32)
Running from C:\Users\Mike\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-29 01:25:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1351908647-3471083223-3512540089-500 - Administrator - Disabled)
Guest (S-1-5-21-1351908647-3471083223-3512540089-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1351908647-3471083223-3512540089-1002 - Limited - Enabled)
Mike (S-1-5-21-1351908647-3471083223-3512540089-1000 - Administrator - Enabled) => C:\Users\Mike
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.61.2.12974 - AVG Technologies)
AVG (Version: 16.81.7639 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3408 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4604 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.42.2.18804 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.42.6 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7639 - AVG Technologies)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.4.0.518 - AVG Technologies)
AVG Zen (Version: 1.61.9 - AVG Technologies) Hidden
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon PowerShot SX260 HS and SX240 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX260HSandSX240HS) (Version: 1.0.0.9 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.0.0.15 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite)
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink PhotoDirector 4 (HKLM-x32\...\InstallShield_{44510C84-AE2A-4079-A75B-D44E68D73B9A}) (Version: 4.0.4317.0 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Dashlane) (Version: 4.5.0.13208 - Dashlane SAS)
DriverUpdate (HKLM-x32\...\{CF516344-84E1-4420-BDAD-52E13F32D07E}) (Version: 2.2.41149 - SlimWare Utilities, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
DxO Optics Pro 7 (HKLM\...\{793D97A7-1CC0-49A0-82AA-731AE0B96068}) (Version: 7.5.5 - DxO Labs)
DxO Optics Pro 9 (HKLM\...\{DBB8F357-A491-4335-82F7-21C0A59923B4}) (Version: 9.5.1 - DxO Labs)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
FastStone Image Viewer 5.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.1 - FastStone Soft)
Flickr Uploadr for Windows (HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\FlickrUploadrWindows) (Version: 0.9.98.280 - Flickr)
FMW 1 (Version: 1.92.4 - AVG Technologies) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPM_Installer (Version: 2.0 - Your Company Name) Hidden
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version:  - FUNAI ELECTRIC CO., LTD.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
McKenna Easy Order (HKLM-x32\...\{7DB80F58-434F-4B0F-B499-5F4D55FFE1EC}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM-x32\...\{64867E7B-D4D7-422E-883D-55C4BEB0E326}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\MusicManager) (Version:  - Google, Inc.)
MyWordTool (HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\MyWordTool) (Version: 1 - hxxp://www.mywordtool.com)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11000.8.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
ON1 Effects 10 (HKLM\...\ON1 Effects 10 PE) (Version: 10.0.2 - ON1)
OpenOffice.org 3.2 (HKLM-x32\...\{6ADD0603-16EF-400D-9F9E-486432835002}) (Version: 3.2.9483 - OpenOffice.org)
ParticleShop - Core (Version: 1.2 - Corel Corporation) Hidden
ParticleShop - IPM (Version: 1.2 - Corel Corporation) Hidden
ParticleShop - IPM Content (Version: 1.2 - Corel Corporation) Hidden
ParticleShop (HKLM\...\_{6F224046-E164-4B78-9867-3AE494271D29}) (Version: 1.2.0.566 - Corel Corporation)
ParticleShop (Version: 1.2 - Corel Corporation) Hidden
Perfect Photo Suite 8 (HKLM-x32\...\Perfect Photo Suite 8 LRAP) (Version: 8.5.1 - onOne Software)
Photomatix Pro version 5.0.5a (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.5a - HDRsoft Ltd)
Piccure+ (HKLM-x32\...\{8a573dbd-61f0-4c19-96ad-c118d4b859be}) (Version: 2.5.0.64 - Intelligent Imaging Solutions)
Piccure+ Setup x64 (Version: 2.5.0.64 - Intelligent Imaging Solutions) Hidden
Piccure+ Setup x86 (x32 Version: 2.5.0.64 - Intelligent Imaging Solutions) Hidden
Planetarium (HKLM-x32\...\Planetarium) (Version:  - )
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.11.2-r113542-release - Plays.tv, LLC)
PortraitPro 15.3 (HKLM\...\PortraitPro15_is1) (Version: 15.3 - Anthropics Technology Ltd.)
PortraitPro Studio 15.5 (HKLM\...\PortraitProStudio15_is1) (Version: 15.5 - Anthropics Technology Ltd.)
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Smart Photo Editor Trial (HKLM\...\SmartPhotoEditor1Trial_is1) (Version: 1.20 - Anthropics Technology Ltd.)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz Impression (HKLM\...\Topaz Impression) (Version: 1.1.2 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs, LLC)
Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
Total Defense Info Center 1.0.0.14 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.14 - Total Defense Inc)
Total Defense PC Tune-Up 4.0.0.1 (HKLM-x32\...\Total Defense PC Tune-Up_is1) (Version: 4.0.0.1 - Total Defense Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Intel® Corporation (IntcDAud) MEDIA  (06/19/2012 6.14.00.3097) (HKLM\...\E437B2D7630C42264C0A148DC72928C2ED112B52) (Version: 06/19/2012 6.14.00.3097 - Intel® Corporation)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/29/2013 6.0.1.6873) (HKLM\...\AFCE7F0B377FC3ABF35E306DB8EF432EE066252F) (Version: 03/29/2013 6.0.1.6873 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (HKLM\...\4A5EF81C80190F479C6FB16BC8CF595275AAC778) (Version: 06/19/2012 6.0.1.6662 - Realtek Semiconductor Corp.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
WinZip Express for Explorer (HKLM-x32\...\{350D479C-7BED-4DB4-B646-073CA86232D7}) (Version: 1.0.10661 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03C7A5C4-BC5C-47B9-869C-176FF9F060F3} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-06-01] (AVG Technologies CZ, s.r.o.)
Task: {06EF7A44-B601-4E92-8249-220F8855CCDA} - System32\Tasks\G2MUploadTask-S-1-5-21-1351908647-3471083223-3512540089-1000 => C:\Users\Mike\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-25] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0B1BA741-FECB-4BFE-85F9-6B50F41EB67B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1351908647-3471083223-3512540089-1000Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {0D4BF70D-03C2-42FF-A140-6A4C990B4260} - System32\Tasks\{98D3C923-5627-43F2-B560-68C5BFB7271E} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {12592056-06A0-4E7F-9D1D-67BA937E5A8A} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{3BA0E5C6-01C3-4590-88D7-207E226BC74E}.exe [2014-08-26] ()
Task: {130294CD-E3B9-4371-8E3E-B7464BBF1B6B} - System32\Tasks\{918C7D4C-7F82-4D00-9D05-839A031C8AD9} => pcalua.exe -a "C:\Users\Mike\Desktop\Adobe Photoshop Elements &amp; Premiere Elements 12 (Download)\PremiereElements_12_WWEFDJ_win64.exe" -d "C:\Users\Mike\Desktop\Adobe Photoshop Elements &amp; Premiere Elements 12 (Download)"
Task: {18DD0674-2882-46C2-9299-AD94A2BA9DA3} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)
Task: {20CDB08F-EFF1-4CAB-BB29-18D74C47F68D} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {2B753CF3-617A-4E25-954C-6D00E04F8C0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {4442E15A-FCB1-45CC-AEAA-2682C271A5DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {5B3260C6-14FB-4BE8-AD1D-510A7973288A} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {661C6B8D-B70C-4F22-9BC5-AC3710731778} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2015-12-22] (Corel Corporation)
Task: {72937957-0A81-4FE8-BF70-6C28CB860F7C} - System32\Tasks\{3654EE24-B5EC-4CF5-8BCA-FF4EC939F85B} => pcalua.exe -a C:\Users\Mike\AppData\Local\TNT2\2.0.0.1663\TNT2User.exe -c /UNINSTALL PARTNER=10741
Task: {88E3F8D7-3E3A-4159-86A0-DD56E6F31B09} - System32\Tasks\G2MUpdateTask-S-1-5-21-1351908647-3471083223-3512540089-1000 => C:\Users\Mike\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-25] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {89E93955-BE25-48EF-B878-53125FAAD1AA} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {8A3546CB-27C7-484D-A67A-C8388CEFAF61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8DF910B4-B8B3-46FE-BA71-E3C0134F90A1} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-09-11] (SlimWare Utilities, Inc.)
Task: {9063425C-502A-40E4-AC4E-98F5B128BE92} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {9B007CF2-3834-442E-A496-2BEEA19F57E0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-15] (Dropbox, Inc.)
Task: {A3D7A3AE-697B-4103-9D10-2214B9675B6C} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {AD3FD98A-C940-4F63-B189-FEA3AFB6D712} - System32\Tasks\{634C339F-4E05-439E-BD48-B59A4C18675B} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {AEBEDC06-57F3-4E6F-AAF5-E341DDDFF5C8} - System32\Tasks\{F39F2DBE-7A46-4119-8209-60A58468A070} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {C1D976FA-7AFA-438F-84EE-4DC1637B19E4} - System32\Tasks\Google Update => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {CE4612D6-865E-46E6-A8C8-E78BF08ACC3D} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-07-05] (Nero AG)
Task: {CF3B2A82-F7F3-400D-8A67-56C463845D0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D11DBD21-844E-4DF5-BA68-A7D32919D698} - System32\Tasks\{107FCEEB-1FBC-4EE8-A870-0A59D5268C23} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {D166D8CA-4A4E-469B-9DD1-5D30075B1553} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-15] (Dropbox, Inc.)
Task: {E864B6F5-6E4D-430F-A738-ABF10C6BD204} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1351908647-3471083223-3512540089-1000UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F3C387B1-DD70-48FA-A889-B2348D50C935} - System32\Tasks\AdobeAAMUpdater-1.0-Mike-PC-Mike => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1351908647-3471083223-3512540089-1000.job => C:\Users\Mike\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1351908647-3471083223-3512540089-1000.job => C:\Users\Mike\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351908647-3471083223-3512540089-1000Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351908647-3471083223-3512540089-1000UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-14 21:21 - 2016-01-22 14:55 - 00553136 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-10-23 07:39 - 2016-06-03 04:44 - 00227200 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\Dashlane.exe
2015-10-23 07:40 - 2016-06-03 04:44 - 00286080 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-01-28 21:25 - 2015-08-25 04:48 - 00694272 _____ () C:\Program Files (x86)\KODAK VERITE\ErrorApp\koab1err.exe
2011-08-10 22:58 - 2011-08-10 22:58 - 00627304 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2016-06-10 08:22 - 2016-06-10 08:21 - 02662472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-02-27 20:06 - 2012-09-26 14:49 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2016-01-28 21:28 - 2015-09-08 01:51 - 00277504 _____ () C:\Program Files\KODAK VERITE\KOBAA\KOabmini.dll
2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2015-11-24 15:48 - 2015-11-24 15:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 15:46 - 2015-11-24 15:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 15:48 - 2015-11-24 15:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 15:48 - 2015-11-24 15:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 15:48 - 2015-11-24 15:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 15:48 - 2015-11-24 15:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 15:48 - 2015-11-24 15:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 15:46 - 2015-11-24 15:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 15:48 - 2015-11-24 15:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 15:57 - 2015-12-07 15:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2016-06-03 04:43 - 2016-06-03 04:43 - 00347520 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00436608 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00469376 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 63070592 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00299392 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 06254464 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 07393664 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 13624192 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 02284928 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00353664 _____ () C:\Users\Mike\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.5.0.13208.dll
2016-01-28 21:25 - 2015-08-25 04:48 - 00217088 _____ () C:\Program Files (x86)\KODAK VERITE\ErrorApp\koab1err.dll
2011-08-10 22:57 - 2011-08-10 22:57 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2016-04-17 17:36 - 2016-04-17 17:36 - 00527944 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\log4cplusU.dll
2015-12-11 04:13 - 2016-05-05 05:09 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-01 15:36 - 2016-05-05 05:10 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-01 15:36 - 2016-05-05 05:09 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 04:13 - 2016-05-05 05:09 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 04:13 - 2016-05-05 05:09 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 04:13 - 2016-05-31 13:34 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-01 15:36 - 2016-05-05 05:09 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-11 04:13 - 2016-05-31 13:34 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 04:13 - 2016-05-05 05:09 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 04:13 - 2016-05-05 05:10 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 04:13 - 2016-05-31 13:34 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-01 15:36 - 2016-05-05 05:11 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 03:00 - 2016-05-31 13:34 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-12 03:00 - 2016-05-31 13:34 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-01 15:36 - 2016-05-05 05:09 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-01 15:36 - 2016-05-31 13:33 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-11 04:13 - 2016-05-05 05:09 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-01 15:36 - 2016-05-05 05:10 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-12 03:00 - 2016-05-31 13:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 03:00 - 2016-05-31 13:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 03:00 - 2016-05-31 13:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 04:13 - 2016-05-31 13:34 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 03:00 - 2016-05-31 13:34 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-01 15:36 - 2016-05-05 05:12 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-01 15:36 - 2016-05-31 13:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-01 15:36 - 2016-05-31 13:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 04:13 - 2016-05-05 05:10 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 04:13 - 2016-05-05 05:11 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2015-12-11 04:13 - 2016-05-31 13:34 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-01 15:36 - 2016-05-31 13:34 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-08-24 08:21 - 2016-04-08 09:59 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2013-02-27 20:06 - 2012-12-28 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 15:29 - 2015-10-21 15:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 15:29 - 2015-10-21 15:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2011-05-10 14:01 - 2011-05-10 14:01 - 00030208 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\simplejson._speedups.pyd
2015-06-26 18:09 - 2015-06-26 18:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 12:08 - 2016-04-19 12:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2015-11-24 15:43 - 2015-11-24 15:43 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_sqlite3.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00387072 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sqlite3.dll
2015-10-21 15:29 - 2015-10-21 15:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll
2015-10-21 15:29 - 2015-10-21 15:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll
2015-11-24 15:48 - 2015-11-24 15:48 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 00216064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKitWidgets.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 00118784 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKit.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 00199680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtPrintSupport.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\unicodedata.pyd
2015-10-21 15:29 - 2015-10-21 15:29 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll
2015-10-21 15:29 - 2015-10-21 15:29 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll
2015-10-21 15:29 - 2015-10-21 15:29 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll
2016-05-26 17:50 - 2016-05-26 17:50 - 02619144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL
2016-05-13 03:53 - 2016-05-13 03:53 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2011-11-08 03:24 - 2010-11-06 02:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
AlternateDataStreams: C:\Users\Mike\Documents\2010-01-21 16.54.26.wmv:com.dropbox.attributes [892]
AlternateDataStreams: C:\Users\Mike\Documents\2010-10-07 20.07.34.jpg:com.dropbox.attributes [908]
AlternateDataStreams: C:\Users\Mike\Documents\2010-11-16 08.05.20.jpg:com.dropbox.attributes [902]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-06-13 10:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{712D7705-28BD-444D-BB14-5C08AACD5F01}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{25510813-0968-4D57-BADB-1614F2A92B15}] => (Allow) LPort=2869
FirewallRules: [{5F1AFC8C-6B84-4793-86F5-52029CD4189E}] => (Allow) LPort=1900
FirewallRules: [{A687E5CE-0A6E-4268-AFA0-7509E2AB6F25}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3E6FC240-35CB-4367-971D-76F632AE4C1F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A13C8091-A8A5-4967-B808-DCD1213C061A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{FF9A3947-FD04-41F2-950C-2FD5FEE4817A}] => (Allow) LPort=5353
FirewallRules: [{75A7E41E-EB3E-4227-906D-57B9C06471B3}] => (Allow) LPort=5353
FirewallRules: [{7655DF71-C87C-46AB-9194-44CF4BFA54A8}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{1AB90022-7D13-4F11-B729-B734A745D8D9}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{4AE6B5EC-A67E-4A24-9ADE-454A1EA7F1B0}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{6BF303B9-82CB-428C-B31D-787895693B26}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{629D88A4-6DE2-40DF-A4B9-D661F503AC34}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{0573ADB0-BD23-43B4-A004-9FD14EE31EAF}] => (Allow) LPort=9322
FirewallRules: [{079D5922-B528-4DA5-A691-7FA95E93DB47}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{8BE44B94-95E0-44FE-810D-0708893F8BA0}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{E94EDC92-D506-48FD-B44F-FD67F38BF7BE}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{41CDE1A8-E98B-46C8-AC67-0520DB367A51}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{928CE16A-4740-482F-8C88-43FDF5E8EEED}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{A6258160-2A3E-4653-A484-F8726E093D7A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{A67838E0-CBB8-4FEF-BEDE-4FD9DE8AB824}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{EB54BB0B-91EC-4ABD-91EA-4C51A69E64C9}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{BABC9C1A-45C0-4804-B4B7-58A757023B45}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{F1DDE28F-4415-42A3-A2B3-98044A715B36}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{3B794EB1-8F65-4C4D-BB8B-BC3FE2A599BD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{2654010B-E6A7-4143-B7A4-614256E9DD65}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{9931AA98-9B86-4C83-B638-33225AC27480}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{4959BF6F-F6C4-4C58-962B-453379C32B59}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{DEED4402-8308-4ADC-A393-9BA8D0322125}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{B584695F-2E8A-44CC-AA8A-ADFFC8C43A96}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{B1BC2FB3-FEE5-4CFA-B2F7-45F2B445958D}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [TCP Query User{7B889B9C-7279-4CC9-9AEE-2E282EE7CB2F}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{3EF47702-1D25-4B36-AE56-D7610C196E6B}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [TCP Query User{A5DC75F4-B7A4-4154-BE66-10A5D354E8E2}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{519C9EE7-44B0-43BC-93AC-F40CA09FD807}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [TCP Query User{FEC43689-279B-411F-8C52-FA09F496A66B}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [UDP Query User{F2B0C43B-BC3D-4CE5-A9C2-E15A6EA18CD6}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{3D3567FC-3B31-4217-9D6B-EE79C44D464A}] => (Allow) LPort=9322
FirewallRules: [{A221A051-3618-4D8E-A602-E61D6E6C116E}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{C392FC7F-41A7-4522-B21E-FB460FF6CDD6}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{B94123BD-3D13-4D73-8967-25F8CC1A1B23}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{0F9E5031-05B0-49D0-BD5E-08A0713F1257}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{45254F86-490B-411A-856E-7A7F4FBC79DD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{82C20C1F-6329-430C-9FB1-96FC3DCD9CEA}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{FD0B4B87-67A1-4EC3-B508-4D647E9EE40B}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{6EB768C5-5C48-4786-BCE7-6F7B91BC0315}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{19135D8F-2DEC-4361-93DB-BB6D9611778D}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{AAD88564-F98F-4B9A-A592-C736519DCA21}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{182DD8F6-9721-4C3C-99D2-6F45409158C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{901F0383-56AD-4474-855B-E6354BC4FCF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B2F9A0F9-9C00-42D5-8AEF-01B807396C5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{93242A6C-BD08-4312-9EB9-1C600ED7D552}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7399818D-A0F6-4B2F-A82C-3F99AA0F6B88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F479784-BC31-4524-82DF-330B7569ACD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7A3919FC-D430-4BB0-B847-38DEF8DE68D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81134741-F865-4CE1-984F-FE9BDDF9D54C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F2B7A87-B613-4C8F-B3A1-19D10E5650A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AEF8AE3D-F399-4CFA-8070-5F7659F4DAEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62AF842A-C022-468E-B4CD-E684A8FB654D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BC90D107-6015-494D-AECC-53954548D087}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{549C13BD-89AE-40D6-B4C6-C39F7942F013}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4EB3006F-C115-4440-8330-895280515322}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{1127D2F1-19DE-467F-ABE1-E6D89DA27E02}C:\program files\on1\on1 effects 10\on1 effects 10.exe] => (Allow) C:\program files\on1\on1 effects 10\on1 effects 10.exe
FirewallRules: [UDP Query User{4E8F44FE-22C6-4D22-98AD-75B86B8B321A}C:\program files\on1\on1 effects 10\on1 effects 10.exe] => (Allow) C:\program files\on1\on1 effects 10\on1 effects 10.exe
FirewallRules: [{3BBC878D-B542-46AB-A92C-317F79438977}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\KOZZZ_32__bc.dll
FirewallRules: [{750BBECC-46AF-48A0-9FFA-8C2EE3AB5B2E}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\KOZZZ_32__bc.dll
FirewallRules: [{C3D4552D-B6CF-4CEC-85B2-45DC4654EDA9}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\KOzzz_32serv.dll
FirewallRules: [{107E69EA-E897-4C3E-ACA3-9F6649BE1909}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\KOzzz_32serv.dll
FirewallRules: [{85F0DBDD-34D8-44B0-8125-41FE1251634C}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\lextwprotocol.dll
FirewallRules: [{EAAE1BF4-4CCF-410F-9AE5-6281AEA94485}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\lextwprotocol.dll
FirewallRules: [{34BD801A-0E67-44CC-8DA1-0A53D5A3008E}] => (Allow) C:\Windows\twain_32\KODAK VERITE\NetworkTwain\lexnetworkds.ds
FirewallRules: [{2E0D8E60-A3EC-4D4D-9783-9EADFB30850B}] => (Allow) C:\Windows\twain_32\KODAK VERITE\NetworkTwain\lexnetworkds.ds
FirewallRules: [{D2BED07A-0059-475A-AFB0-9A7848E79024}] => (Allow) C:\Program Files (x86)\KODAK VERITE\ErrorApp\koab1err.exe
FirewallRules: [{EDDC56D0-6A37-442C-B0DE-FA1EBEC9C656}] => (Allow) C:\Program Files (x86)\KODAK VERITE\ErrorApp\koab1err.exe
FirewallRules: [{22FCA918-E1CB-4836-8F4B-9A19DCC3B75A}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAHiResScan.exe
FirewallRules: [{BBF78B71-A1A9-4803-8765-50C688C6E749}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAHiResScan.exe
FirewallRules: [{67AAB1E8-726E-4BF4-8F1F-9B1CF5A5C01F}] => (Allow) C:\Program Files (x86)\KODAK VERITE\WirelessSetup\KOwpss.exe
FirewallRules: [{E7DEF8A6-4A6E-4C05-8597-2D02892030EC}] => (Allow) C:\Program Files (x86)\KODAK VERITE\WirelessSetup\KOwpss.exe
FirewallRules: [{E4F8CD90-D477-4B13-9DA8-18AEB3E4448B}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe
FirewallRules: [{A2A191AC-E59E-4526-8064-682D3F9FA43C}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe
FirewallRules: [{4100EECA-765C-4B43-9718-F9F90E804289}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAlscn.exe
FirewallRules: [{1E56D385-2691-44BB-806E-7D25AB18FE79}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAlscn.exe
FirewallRules: [{8DF771EC-14CF-4B39-95B7-90916ABD1BBB}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOabscw.dll
FirewallRules: [{3EF48A56-79C4-491A-A4F4-A4DA29CED20F}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOabscw.dll
FirewallRules: [{413A7472-CA97-4564-93A9-C5BA273EB85B}] => (Allow) C:\Program Files (x86)\KODAK VERITE\Status Center\kosmc.exe
FirewallRules: [{E5C3259A-F9A9-4307-98D6-9561E62311AB}] => (Allow) C:\Program Files (x86)\KODAK VERITE\Status Center\kosmc.exe
FirewallRules: [{550ECA62-5576-4C58-A8C0-2921D77E247D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{259DA2F5-9F48-403D-B4AD-1FC4E831BC52}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{62B54436-CAD7-4628-B40C-3117E8F7D28B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{28B44AE5-6EAE-485B-BB63-C4B810FBCDA1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{FF2A8312-0365-4FB7-9112-1F05BAB627C5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{ADB801FC-375C-4072-B2D2-70B633F192B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0215B281-C158-45B9-B963-384C11A526AD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{01AEA70A-3D32-4595-9AA4-787A9B732E27}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
 
==================== Restore Points =========================
 
10-06-2016 20:18:40 Scheduled Checkpoint
13-06-2016 10:11:40 ComboFix created restore point
13-06-2016 11:14:36 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2016 11:13:26 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (06/13/2016 11:01:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2016 10:53:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2016 10:51:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2016 10:45:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (06/13/2016 10:35:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2016 10:35:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: SSCORE.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c9ec
Exception code: 0xc0000005
Fault offset: 0x000000000000146d
Faulting process id: 0x600
Faulting application start time: 0xsvchost.exe_LanmanServer0
Faulting application path: svchost.exe_LanmanServer1
Faulting module path: svchost.exe_LanmanServer2
Report Id: svchost.exe_LanmanServer3
 
Error: (06/13/2016 10:35:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2016 10:34:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 2.0.0.10.in-addr.arpa. PTR Mike-PC.local.
 
Error: (06/13/2016 10:34:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.2:5353   17 2.0.0.10.in-addr.arpa. PTR Mike-PC-2.local.
 
 
System errors:
=============
Error: (06/13/2016 11:01:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG PC TuneUp Service service failed to start due to the following error: 
%%1053
 
Error: (06/13/2016 11:01:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG PC TuneUp Service service to connect.
 
Error: (06/13/2016 10:59:09 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:57:51 AM on ‎6/‎13/‎2016 was unexpected.
 
Error: (06/13/2016 10:54:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (06/13/2016 10:54:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: 
%%1056
 
Error: (06/13/2016 10:53:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Task Scheduler service, but this action failed with the following error: 
%%1056
 
Error: (06/13/2016 10:52:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (06/13/2016 10:52:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG Theme Extension service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (06/13/2016 10:52:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/13/2016 10:52:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-13 10:20:55.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-13 10:20:55.093
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-27 03:06:53.467
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-27 03:06:53.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-27 03:06:53.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-20 11:00:26.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-20 11:00:26.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-20 11:00:26.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-20 11:00:26.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-27 10:01:26.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 12268.29 MB
Available physical RAM: 8103.84 MB
Total Virtual: 24534.77 MB
Available Virtual: 20194.13 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:720.38 GB) NTFS
Drive d: (Lightroom 6) (CDROM) (Total:1.51 GB) (Free:0 GB) CDFS
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:922.65 GB) NTFS
Drive h: () (Removable) (Total:58.88 GB) (Free:52.97 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A750B302)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 187457E8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 58.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:09 AM

Posted 14 June 2016 - 10:29 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.


    

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

2.

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 arcacar9

arcacar9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 15 June 2016 - 10:51 AM

# AdwCleaner v5.200 - Logfile created 15/06/2016 at 10:08:02
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Desktop\cass\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon
Service Found : vToolbarUpdater19.4.0

***** [ Folders ] *****

Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\slimware utilities inc
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_0814tb
Folder Found : C:\ProgramData\Avg_Update_1114tb
Folder Found : C:\ProgramData\Avg_Update_1214tb
Folder Found : C:\ProgramData\Application Data\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\Application Data\AVG Secure Search
Folder Found : C:\ProgramData\Application Data\AVG Security Toolbar
Folder Found : C:\ProgramData\Application Data\slimware utilities inc
Folder Found : C:\ProgramData\Application Data\Avg_Update_0215tb
Folder Found : C:\ProgramData\Application Data\Avg_Update_0814tb
Folder Found : C:\ProgramData\Application Data\Avg_Update_1114tb
Folder Found : C:\ProgramData\Application Data\Avg_Update_1214tb
Folder Found : C:\Users\Public\Documents\Downloaded Installers
Folder Found : C:\Users\Public\Documents\Downloaded Installers\{CF516344-84E1-4420-BDAD-52E13F32D07E}
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\driverupdate
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Windows\Installer\{CF516344-84E1-4420-BDAD-52E13F32D07E}
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Mike\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Mike\AppData\Local\globalUpdate
Folder Found : C:\Users\Mike\AppData\Local\PackageAware
Folder Found : C:\Users\Mike\AppData\Local\slimware utilities inc
Folder Found : C:\Users\Mike\AppData\Local\StormAlerts
Folder Found : C:\Users\Mike\AppData\Local\Downloaded Installers
Folder Found : C:\Users\Mike\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Mike\Documents\Optimizer Pro
Folder Found : C:\Program Files\slimcleaner plus
Folder Found : C:\Users\Mike\AppData\Local\VirtualStore\Program Files (x86)\AVG SafeGuard toolbar

***** [ Files ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\searchplugins\avg-secure-search.xml
File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage
File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal
File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysearch.avg.com_0.localstorage
File Found : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysearch.avg.com_0.localstorage-journal
File Found : C:\Windows\SysNative\drivers\swdumon.sys

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : DriverUpdate Scan
Task Found : 0814tbUpdateInfo

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Found : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Bitberry Software
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\TNT2
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF516344-84E1-4420-BDAD-52E13F32D07E}
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\AVG Security Toolbar
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Bitberry
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Bitberry Software
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\GlobalUpdate
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\IGearSettings
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\InstallCore
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\SlimWare Utilities Inc
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\TNT2
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\AVG Secure Search
Key Found : HKU\S-1-5-18\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 15:30:31&v=19.4.0.518&pid=safeguard&sg=0&sap=hp
Data Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 15:30:31&v=19.4.0.518&pid=safeguard&sg=0&sap=hp
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D382F90-ACF6-4413-BDE9-FD4B6C93631A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D382F90-ACF6-4413-BDE9-FD4B6C93631A}
Key Found : HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\prefs.js] Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\prefs.js] Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\prefs.js] Found : user_pref("browser.startup.homepage", "hxxps://mysearch.avg.com?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&[...]
[C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mysearch.avg.com_
[C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.findwide.com
[C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mysearch.avg.com__

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [13912 bytes] - [15/06/2016 10:08:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13986 bytes] ##########
 

 

Emsisoft Emergency Kit - Version 11.0
Scan log

Date    Scan Method    Objects Scanned    Objects Detected    Duration    Type    
6/15/2016 10:31:19 AM    Malware    79526    55    0:14:46    Manual scan    
 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:09 AM

Posted 16 June 2016 - 05:13 PM

How is your computer running now? Please run FRST as you did the first time you ran it and post the new FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 arcacar9

arcacar9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 21 June 2016 - 01:12 PM

Sorry it took so long. Owner was on vacation for a long weekend. Here is the scan you requested. Owner reports that PC is running better and he has not had the redirects like before. Thank you for your help and looks like it is time to visit PayPal

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
Ran by Mike (administrator) on MIKE-PC (21-06-2016 13:02:43)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Users\Mike\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Mike\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsOrganizer.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\ElementsOrganizerLive.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\ElementsOrganizerLive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreviewer64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsOrganizer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
(Adobe Systems Incorporated ) C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\32\dynamiclinkmanager.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\32\Adobe QT32 Server.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
() C:\ProgramData\Avg_Update_0716tb\AVG-Secure-Search-Update_0716tb.exe
() C:\ProgramData\Avg_Update_0716tb\AVG-Secure-Search-Update_0716tb.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\19.4.0\ScriptHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-06-10] ()
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-02-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-06-06] (Plays.tv, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Run: [Dashlane] => C:\Users\Mike\AppData\Roaming\Dashlane\Dashlane.exe [227200 2016-06-03] ()
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Run: [DashlanePlugin] => C:\Users\Mike\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-06-03] ()
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1401064 2015-11-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [302448 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-08]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-02-27]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-08]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-08]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2012-04-13]
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11107DAF-1B2B-4A61-81A8-1E8E4BDFE6C3}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_aw_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtCzytC0CyCzyyEyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0CtByCtCyDyCtGyByByCzytGtBtCtCtDtGtC0B0DtCtGtAtC0E0BzztC0ByEtA0CyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0BtCtAyE0A0FtGzytDyEtDtGtC0D0F0BtGtD0FzzyBtGtC0AtD0E0C0D0F0DtDzz0EtC2Q&cr=390618066&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_aw_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtCzytC0CyCzyyEyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0CtByCtCyDyCtGyByByCzytGtBtCtCtDtGtC0B0DtCtGtAtC0E0BzztC0ByEtA0CyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0BtCtAyE0A0FtGzytDyEtDtGtC0D0F0BtGtD0FzzyBtGtC0AtD0E0C0D0F0DtDzz0EtC2Q&cr=390618066&ir=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 15:30:31&v=19.4.0.518&pid=safeguard&sg=0&sap=hp
HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_aw_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtCzytC0CyCzyyEyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0CtByCtCyDyCtGyByByCzytGtBtCtCtDtGtC0B0DtCtGtAtC0E0BzztC0ByEtA0CyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0BtCtAyE0A0FtGzytDyEtDtGtC0D0F0BtGtD0FzzyBtGtC0AtD0E0C0D0F0DtDzz0EtC2Q&cr=390618066&ir=
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {0D382F90-ACF6-4413-BDE9-FD4B6C93631A} URL = hxxp://search.findwide.com/serp?guid={A7048C5C-E1CF-4B8B-A77C-B56D4BD1715B}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {15FC63B0-9456-41E6-A06D-DCEEAD4B890D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_aw_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtD0CtCzytC0CyCzyyEyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0F0CtByCtCyDyCtGyByByCzytGtBtCtCtDtGtC0B0DtCtGtAtC0E0BzztC0ByEtA0CyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0BtCtAyE0A0FtGzytDyEtDtGtC0D0F0BtGtD0FzzyBtGtC0AtD0E0C0D0F0DtDzz0EtC2Q&cr=390618066&ir=
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {5AA0FB2F-45B5-4b28-8E51-261F7382C1A8} URL = hxxp://search.iyogi.com/search.html?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2014-02-05 15:30:31&v=19.4.0.518&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Mike\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-06-03] (Dashlane)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-29] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1351908647-3471083223-3512540089-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628
FF DefaultSearchEngine: AVG Secure Search
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxps://mysearch.avg.com?cid={11E398CF-EF60-400B-A944-949CD44AAD99}&mid=a0c14ebb9ff247d080723909b4e8f0ef-25670704661141b8c40b47596e8046a134edf898&lang=en&ds=AVG&coid=avgtbavg&cmpid=1015tb&pr=fr&d=2014-02-05 15:30:31&v=19.4.0.518&pid=safeguard&sg=0&sap=hp
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-29] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1351908647-3471083223-3512540089-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-1351908647-3471083223-3512540089-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-1351908647-3471083223-3512540089-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\searchplugins\avg-secure-search.xml [2016-06-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-06-10]
FF Extension: AVG SafeGuard toolbar - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\Extensions\avg@safeguard.xpi [2016-06-10]
FF Extension: Dashlane - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7iaoh6qe.default-1444356205628\Extensions\jetpack-extension@dashlane.com.xpi [2016-05-12]
FF Extension: MyWordTool - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\emily@wilford.biz [2016-06-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] [not signed]

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://ndibdjnfmopecpmkdieinmbadjfpblof/pages/newtab.html"
CHR Plugin: (Shockwave Flash) - C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\44.0.2403.157\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\44.0.2403.157\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll => No File
CHR Plugin: (Native Client) - C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\44.0.2403.157\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\44.0.2403.157\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\Mike\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1351908647-3471083223-3512540089-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
S3 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080592 2016-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S3 PCPitstop Scheduling; C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe [91752 2011-09-13] (PC Pitstop LLC)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-06-06] (Plays.tv, LLC)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4803344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [49424 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-04-17] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [279296 2016-05-17] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2016-06-13] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 13:02 - 2016-06-21 13:04 - 00037370 _____ C:\Users\Mike\Desktop\FRST.txt
2016-06-21 13:02 - 2016-05-17 12:04 - 02382336 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2016-06-20 14:53 - 2016-06-20 14:53 - 00002934 _____ C:\Windows\System32\Tasks\AVG-SSU_0716tb_DELETE
2016-06-20 14:53 - 2016-06-20 14:53 - 00002866 _____ C:\Windows\System32\Tasks\AVG-SSU_0716tb
2016-06-20 14:53 - 2016-06-20 14:53 - 00000570 _____ C:\Windows\Tasks\AVG-SSU_0716tb.job
2016-06-20 14:53 - 2016-06-20 14:53 - 00000432 _____ C:\Windows\Tasks\AVG-SSU_0716tb_DELETE.job
2016-06-20 14:53 - 2016-06-20 14:53 - 00000000 ____D C:\ProgramData\Avg_Update_0716tb
2016-06-18 11:24 - 2016-06-18 11:24 - 00000000 ____D C:\Users\Mike\AppData\Local\{DE959331-616C-46D9-8405-C2F79B663CB9}
2016-06-15 10:50 - 2016-05-12 12:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 10:50 - 2016-05-12 12:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 10:50 - 2016-05-12 12:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 10:50 - 2016-05-12 12:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 10:50 - 2016-05-12 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 10:50 - 2016-05-12 12:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 10:50 - 2016-05-12 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 10:50 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 10:50 - 2016-05-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 10:50 - 2016-05-12 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 10:50 - 2016-05-12 09:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 10:50 - 2016-05-12 09:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 10:50 - 2016-05-12 09:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 10:50 - 2016-05-12 09:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 10:50 - 2016-05-12 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 10:50 - 2016-05-12 09:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 10:50 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 10:50 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 10:50 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 10:50 - 2016-05-12 08:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 10:50 - 2016-05-12 08:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 10:50 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 10:49 - 2016-05-23 18:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 10:49 - 2016-05-23 17:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 10:49 - 2016-05-21 12:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 10:49 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 10:49 - 2016-05-20 17:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 10:49 - 2016-05-20 17:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 10:49 - 2016-05-20 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 10:49 - 2016-05-20 17:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 10:49 - 2016-05-20 17:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 10:49 - 2016-05-20 17:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 10:49 - 2016-05-20 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 10:49 - 2016-05-20 17:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 10:49 - 2016-05-20 17:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 10:49 - 2016-05-20 17:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 10:49 - 2016-05-20 17:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 10:49 - 2016-05-20 16:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 10:49 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 10:49 - 2016-05-20 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 10:49 - 2016-05-20 16:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 10:49 - 2016-05-20 16:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 10:49 - 2016-05-20 16:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 10:49 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 10:49 - 2016-05-20 16:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 10:49 - 2016-05-20 16:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 10:49 - 2016-05-20 16:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 10:49 - 2016-05-20 16:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 10:49 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 10:49 - 2016-05-20 16:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 10:49 - 2016-05-20 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 10:49 - 2016-05-20 16:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 10:49 - 2016-05-20 16:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 10:49 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 10:49 - 2016-05-20 16:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 10:49 - 2016-05-20 16:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 10:49 - 2016-05-20 16:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 10:49 - 2016-05-20 16:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 10:49 - 2016-05-20 16:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 10:49 - 2016-05-20 16:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 10:49 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 10:49 - 2016-05-20 16:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 10:49 - 2016-05-20 16:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 10:49 - 2016-05-20 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 10:49 - 2016-05-20 16:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 10:49 - 2016-05-20 16:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 10:49 - 2016-05-20 16:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 10:49 - 2016-05-20 16:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 10:49 - 2016-05-20 16:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 10:49 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 10:49 - 2016-05-20 16:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 10:49 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 10:49 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 10:49 - 2016-05-20 16:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 10:49 - 2016-05-20 16:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 10:49 - 2016-05-20 16:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 10:49 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 10:49 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 10:49 - 2016-05-20 16:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 10:49 - 2016-05-20 16:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 10:49 - 2016-05-20 16:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 10:49 - 2016-05-20 16:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 10:49 - 2016-05-20 15:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 10:49 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 10:49 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 10:49 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 10:49 - 2016-05-20 15:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 10:49 - 2016-05-20 15:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 10:49 - 2016-05-12 12:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 10:49 - 2016-05-12 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 10:48 - 2016-05-18 11:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 10:48 - 2016-05-18 11:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 10:48 - 2016-05-13 17:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 10:48 - 2016-05-13 17:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 10:48 - 2016-05-13 17:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 10:48 - 2016-05-13 17:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 10:48 - 2016-05-13 17:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 10:48 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 10:48 - 2016-05-13 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 10:48 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 10:48 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 10:48 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 10:48 - 2016-05-12 12:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 10:48 - 2016-05-12 12:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 10:48 - 2016-05-12 12:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 10:48 - 2016-05-12 12:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 10:48 - 2016-05-12 12:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 10:48 - 2016-05-12 12:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 10:48 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 10:48 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 10:48 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 10:48 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 10:48 - 2016-05-11 12:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 10:48 - 2016-05-11 12:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 10:48 - 2016-05-11 12:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 10:48 - 2016-05-11 12:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 10:48 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 10:48 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 10:48 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 10:48 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 10:48 - 2016-05-11 10:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 10:48 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 10:48 - 2016-05-11 09:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 10:27 - 2016-06-15 10:51 - 00000000 ____D C:\EEK
2016-06-15 10:07 - 2016-06-15 10:08 - 00000000 ____D C:\AdwCleaner
2016-06-14 08:10 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-06-14 08:10 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-06-14 08:10 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-06-14 08:10 - 2015-07-16 14:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-06-14 08:10 - 2015-07-16 14:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-06-14 08:10 - 2015-07-16 14:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-06-14 08:10 - 2015-07-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-06-14 08:10 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-06-13 11:19 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-06-13 11:19 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-06-13 11:19 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-06-13 11:19 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-06-13 11:19 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-06-13 11:19 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-06-13 11:19 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-06-13 11:19 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-06-13 11:19 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-06-13 11:19 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-06-13 11:16 - 2016-06-21 13:02 - 00000000 ____D C:\FRST
2016-06-13 11:14 - 2015-12-16 13:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-06-13 11:14 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-06-13 11:14 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-06-13 11:14 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-06-13 11:14 - 2015-12-16 13:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-06-13 11:14 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-06-13 11:14 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-06-13 11:14 - 2015-12-16 13:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-06-13 11:14 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-06-13 11:14 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-06-13 11:13 - 2016-06-06 11:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-13 11:13 - 2016-06-06 11:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-13 11:13 - 2016-06-03 08:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-13 11:13 - 2016-05-27 08:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-13 11:13 - 2016-05-27 08:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-13 11:13 - 2016-05-27 08:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-13 11:13 - 2016-05-27 08:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-13 11:13 - 2016-05-22 08:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-13 11:13 - 2016-04-09 01:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-13 11:13 - 2016-04-09 01:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-13 11:13 - 2016-04-09 01:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-13 11:13 - 2016-04-09 01:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-13 11:13 - 2016-04-09 00:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-13 11:13 - 2016-04-09 00:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-13 11:13 - 2016-03-09 14:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-13 11:13 - 2016-03-09 13:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-13 11:09 - 2016-04-14 11:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-13 11:09 - 2016-04-14 11:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-13 11:09 - 2016-04-14 11:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-13 11:09 - 2016-04-14 11:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-13 11:09 - 2016-04-14 11:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-13 11:09 - 2016-04-14 11:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-13 11:09 - 2016-04-14 10:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-13 11:09 - 2016-04-14 10:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-13 11:09 - 2016-04-14 10:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-13 11:09 - 2016-04-14 10:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-13 11:09 - 2016-04-14 10:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-13 11:09 - 2016-04-14 10:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-13 10:55 - 2016-06-20 13:53 - 00000470 _____ C:\Windows\Tasks\DriverUpdate Scan.job
2016-06-13 10:55 - 2016-06-13 10:57 - 00003338 _____ C:\Windows\System32\Tasks\DriverUpdate Scan
2016-06-13 10:43 - 2016-06-13 10:43 - 00050211 _____ C:\ComboFix.txt
2016-06-13 10:11 - 2016-06-13 11:15 - 00000000 ____D C:\ComboFix
2016-06-13 10:11 - 2016-06-13 10:43 - 00000000 ____D C:\Qoobox
2016-06-13 10:11 - 2016-06-13 10:41 - 00000000 ____D C:\Windows\erdnt
2016-06-13 10:11 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-13 10:11 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-13 10:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-13 10:11 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-10 16:23 - 2016-06-21 12:13 - 00000000 ____D C:\Users\Mike\AppData\Roaming\PlaysTV
2016-06-10 16:23 - 2016-06-10 16:23 - 00002030 _____ C:\Users\Public\Desktop\Raptr.lnk
2016-06-10 16:23 - 2016-06-10 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2016-06-10 16:20 - 2016-06-10 16:22 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-06-10 08:22 - 2016-06-10 08:22 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2016-06-07 13:03 - 2016-06-10 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-06 22:35 - 2016-06-06 22:35 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\WINZIP_P21e6
2016-06-06 22:34 - 2016-06-06 22:34 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\WINZIP_Pa73b
2016-06-01 16:41 - 2016-06-01 16:43 - 243120548 _____ C:\Users\Mike\Downloads\Instant-Lightning-Backgrounds-1-2-3.zip
2016-06-01 16:41 - 2016-06-01 16:42 - 154213658 _____ C:\Users\Mike\Downloads\Instant-Lightning-Backgrounds-4-5.zip
2016-06-01 16:40 - 2016-06-01 16:41 - 62223377 _____ C:\Users\Mike\Downloads\INSTANT-LIGHTNING-BACKGROUND-17-MIN-VIDEO.zip
2016-06-01 15:36 - 2016-06-01 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-26 10:28 - 2016-06-18 11:58 - 00001249 _____ C:\Users\Mike\Desktop\PortraitPro Studio 15.lnk
2016-05-26 10:28 - 2016-05-26 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro Studio 15
2016-05-26 10:27 - 2016-05-26 10:28 - 00000000 ____D C:\Program Files\PortraitPro Studio 15
2016-05-26 10:26 - 2016-05-26 10:27 - 99384288 _____ (Anthropics Technology Ltd. ) C:\Users\Mike\Downloads\PortraitProStudioSetup64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 12:46 - 2012-04-03 13:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-21 12:37 - 2015-06-15 20:27 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-21 12:32 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-21 12:32 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-21 12:26 - 2015-06-15 20:27 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-21 12:17 - 2012-08-24 06:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-21 12:17 - 2012-08-14 21:42 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351908647-3471083223-3512540089-1000UA.job
2016-06-21 12:16 - 2012-05-29 19:33 - 00000000 ____D C:\ProgramData\MFAData
2016-06-21 12:13 - 2015-05-29 21:29 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1351908647-3471083223-3512540089-1000.job
2016-06-21 12:13 - 2015-03-26 15:17 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1351908647-3471083223-3512540089-1000.job
2016-06-21 12:13 - 2014-12-19 15:43 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Raptr
2016-06-21 12:13 - 2014-08-16 11:28 - 00000000 ____D C:\Users\Mike\AppData\Local\Adobe
2016-06-20 16:17 - 2012-08-24 06:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-20 16:17 - 2012-08-14 21:42 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351908647-3471083223-3512540089-1000Core.job
2016-06-20 13:56 - 2014-05-27 10:32 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2016-06-20 13:53 - 2012-03-29 21:15 - 00000000 ____D C:\ProgramData\Kodak
2016-06-18 12:50 - 2014-10-05 19:50 - 00000000 ____D C:\Users\Mike\Desktop\Photos
2016-06-18 12:01 - 2014-05-01 21:02 - 07739392 ___SH C:\Users\Mike\Desktop\Thumbs.db
2016-06-18 12:01 - 2014-04-21 14:45 - 03448320 ___SH C:\Users\Mike\Downloads\Thumbs.db
2016-06-17 20:41 - 2012-08-24 06:40 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 09:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-06-17 08:07 - 2013-07-29 16:12 - 00000000 ___RD C:\Users\Mike\Dropbox
2016-06-17 08:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-16 12:46 - 2012-04-03 13:34 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 12:46 - 2012-04-03 13:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 12:46 - 2011-11-08 03:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-16 03:32 - 2009-07-14 00:08 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-16 03:30 - 2009-07-13 23:45 - 00399936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-16 03:10 - 2013-08-02 19:44 - 00000000 ____D C:\Windows\system32\MRT
2016-06-16 03:06 - 2012-06-06 16:18 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 10:49 - 2014-12-12 23:44 - 00000000 ____D C:\Users\Mike\AppData\Local\SlimWare Utilities Inc
2016-06-15 10:49 - 2014-05-27 10:31 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-06-15 04:21 - 2015-05-29 21:29 - 00003674 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1351908647-3471083223-3512540089-1000
2016-06-15 04:21 - 2015-03-26 15:17 - 00003578 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1351908647-3471083223-3512540089-1000
2016-06-14 11:32 - 2012-05-29 19:35 - 00000000 ____D C:\Program Files (x86)\AVG
2016-06-14 11:31 - 2014-03-31 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-13 11:40 - 2014-12-11 04:21 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-13 11:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-06-13 11:09 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 10:51 - 2014-12-12 23:44 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2016-06-13 10:36 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-06-13 10:32 - 2009-07-13 21:34 - 48496640 _____ C:\Windows\system32\config\components.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 29884416 _____ C:\Windows\system32\config\system.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 108003328 _____ C:\Windows\system32\config\software.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-06-13 10:32 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-06-13 10:09 - 2012-06-10 22:40 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2016-06-13 09:54 - 2015-06-29 09:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-10 20:35 - 2015-08-14 14:37 - 00003826 _____ C:\Windows\System32\Tasks\Google Update
2016-06-10 20:33 - 2014-12-19 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-06-10 16:26 - 2013-07-29 16:08 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox
2016-06-10 16:24 - 2015-06-15 20:27 - 00000000 ____D C:\Users\Mike\AppData\Local\Dropbox
2016-06-10 16:24 - 2014-07-30 11:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dashlane
2016-06-10 16:16 - 2012-04-29 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-08 21:40 - 2014-12-27 11:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-03 10:33 - 2016-02-13 10:41 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-06-03 10:33 - 2016-02-13 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2016-06-01 15:36 - 2015-06-15 20:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-01 15:12 - 2016-02-13 10:41 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-06-01 15:05 - 2016-04-01 20:03 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2016-06-01 15:05 - 2016-04-01 20:03 - 00049424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2016-06-01 15:05 - 2016-04-01 20:03 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2016-06-01 15:05 - 2016-04-01 20:03 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2016-05-26 10:30 - 2011-11-08 03:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-26 03:16 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 03:16 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-22 13:36 - 2016-03-15 15:01 - 00000000 ____D C:\Users\Mike\Desktop\mastering-lightroom-book-one

==================== Files in the root of some directories =======

2013-09-15 15:49 - 2014-06-02 08:19 - 0003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-09-26 12:44 - 2014-12-07 15:51 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-12-27 22:29 - 2015-01-22 19:43 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CC Prefs
2014-12-04 19:43 - 2014-12-18 23:26 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-05-27 11:30 - 2014-05-27 11:30 - 0000047 _____ () C:\Users\Mike\AppData\Roaming\WB.CFG
2015-11-03 21:14 - 2015-11-03 21:14 - 0000038 ___SH () C:\Users\Mike\AppData\Local\56f857505417e3fe0c6362.11790009
2014-05-28 08:13 - 2014-09-07 22:16 - 0001456 _____ () C:\Users\Mike\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-06-27 13:32 - 2015-08-29 23:20 - 0001456 _____ () C:\Users\Mike\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-04-03 23:26 - 2014-03-05 12:09 - 0008192 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-17 10:43 - 2012-07-17 10:43 - 0003363 _____ () C:\Users\Mike\AppData\Local\HWVendorDetection.log
2012-03-29 21:21 - 2012-03-30 21:22 - 0006142 _____ () C:\Users\Mike\AppData\Local\installer.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 00:10

==================== End of FRST.txt ============================



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:09 AM

Posted 21 June 2016 - 04:23 PM

It Appears That Your Pc Is Now Clean!
 

***

Clean up:



***

Right-click  AdwCleaner.exe and select Run As Administrator.


  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***

Clean up with delfix:

  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***

Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.



***

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure



:step2: Make sure you keep your Windows OS current.


  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

:step3: Avoid P2P


  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.

:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:09 AM

Posted 22 June 2016 - 09:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users