Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe 100 percent cpu usage


  • Please log in to reply
11 replies to this topic

#1 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:12:47 AM

Posted 12 January 2017 - 02:07 PM

Hi i have unexplained 100 percent cpu usage all of a sudden,explorer exe is running high in task manager but not totally sure of the exact cause,system has always been around 4 percent at idle

and lowish cpu the rest of the time.

 

Edit:Sorry had a huge difficulty posting couldnt get it to work with the second FRST log attatched

 

Further Edit:Tried to attatch 2nd FRST Log in advanced editor but got upload failed

 

AVG antivirus now stuck repeatedly updating,assume i should reinstall but will await instructions.

 

CPU has normalised somewhat all of a sudden,dont know now  if its AVG,Malware or both now?

 

Will await instructions.Thanks

 

 

 

Malwarebytes scan shows 60 plus pups but nothing else.

 

Hitman Pro finds tracking Cookies

 

TDS Killer finds nothing

 

RKiller found 7 Taskbar tweaker  and Advanced Explorer settings - Hide icons which it terminated.

 

Outside of Safemode with Networking computer is almost totally unresponsive.

 

Update:now have 100 percent cpu use in Safemode with networking,although computer is still responsive..not sure what the heck is going on here,smart data says the HD is ok,AV Scans show nothing much so far,havnt had time to troubleshoot further yet but some kind of malware could be responsible?

 

 

System specs

 

Dell Inspiron Duo

 

Windows 7 Home premium - 2gb ram

 

AVG Antivirus (free)

 

Winpatrol

 

Foolish IT Cryptoprevent

 

Firewall - Commodo Firewall Pro

 

Himan Pro

 

Malwarebytes (free)

 

Thanks so  much in advance for any assistance.

 

 

FRST log pasted and attatched below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2017
Ran by Admin (administrator) on CEX-PC (12-01-2017 09:45:35)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [149440 2015-11-12] (IvoSoft)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4559944 2016-01-24] (UltimateOutsider)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [Syncables] => C:\Program Files\syncables\syncables desktop\syncables.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [Microsoft Default Manager] => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [IseUI] => C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [3386568 2016-12-06] (COMODO)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1431224 2016-12-28] (COMODO)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
Winlogon\Notify\igfxcui:  [X]
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Run: [GUSDelayStartup] => C:\Program Files\Glarysoft\Quick Startup\StartupManager.exe [43984 2016-10-09] (Glarysoft Ltd)
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Run: [7 Taskbar Tweaker] => C:\Users\Admin\Documents\Portable Apps\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [381440 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Run: [Interstatnogui] => C:\Users\Admin\AppData\Roaming\Interstatnogui\interstatnogui.exe [591360 2015-10-08] (Global surveys) <===== ATTENTION
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\MountPoints2: {60181404-4997-11e5-81ae-0a006dae059e} - D:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-03-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-12-07] ()
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{96477967-C9E9-41E7-B64E-129580EA9BA3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/2
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKLM -> DefaultScope {DA17C83B-2061-42F6-8423-20F7DE09C2D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DA17C83B-2061-42F6-8423-20F7DE09C2D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-983945671-1128886989-1093207546-1003 -> DefaultScope {DA17C83B-2061-42F6-8423-20F7DE09C2D4} URL =
SearchScopes: HKU\S-1-5-21-983945671-1128886989-1093207546-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={76D1B91F-8FE1-49F2-8072-E68C404F5433}&mid=85cd0af6e06247cc85ff69e794f764a9-e72feae3df941b78b3e3fa83c5ec1fb1369a9e63&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516avz&pr=fr&d=2016-04-25 21:28:45&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-983945671-1128886989-1093207546-1003 -> {DA17C83B-2061-42F6-8423-20F7DE09C2D4} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - StExBar - {367D8B32-F9FD-474b-8E65-9E521F35DE99} - C:\Program Files\StExBar\StExBar.dll [2014-07-06] (hxxp://stefanstools.sourceforge.net)
Toolbar: HKU\S-1-5-21-983945671-1128886989-1093207546-1003 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: AnVirDisabled\vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File []
Handler: AutorunsDisabled\livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll [2010-11-10] (Microsoft Corporation)
Handler: AutorunsDisabled\msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll [2010-11-10] (Microsoft Corporation)
Handler: AutorunsDisabled\wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll [2010-11-10] (Microsoft Corporation)
Handler: AutorunsDisabled\wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [2010-11-10] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)

FireFox:
========
FF DefaultProfile: 071vxlns.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\071vxlns.default [2017-01-12]
FF Homepage: Mozilla\Firefox\Profiles\071vxlns.default -> hxxps://www.google.co.uk/
FF Extension: (Disconnect) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\071vxlns.default\Extensions\2.0@disconnect.me.xpi [2016-12-22]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\071vxlns.default\Extensions\firefox@zenmate.com.xpi [2016-12-17]
FF Extension: (TrafficLight) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\071vxlns.default\Extensions\trafficlight@bitdefender.com.xpi [2016-12-09]
FF Extension: (uBlock Origin) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\071vxlns.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-19]
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-08]
CHR Extension: (Web Boost - Wait Less, Browse Faster!) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbkhnpmoamidjgbneafjipbmdfpefad [2016-07-17]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2016-04-24]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-08]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-09-03]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Video Downloader professional) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-19]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-15]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-08]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Save as PDF) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2016-04-24]
CHR Extension: (Black carbon + silver metal) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2016-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (YouTube Unblocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2016-03-07] [UpdateUrl: hxxp://www.unblocker.yt/addon/chrome/updates.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Dell Wireless\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros) [File not signed]
S2 AtherosSvc; C:\Program Files\Dell Wireless\Bluetooth Suite\adminservice.exe [38560 2010-07-30] (Atheros Commnucations) [File not signed]
S3 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4154016 2016-12-15] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [603288 2016-12-15] (AVG Technologies CZ, s.r.o.)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5361064 2016-12-28] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2080440 2016-12-28] (COMODO)
S2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-09-23] (Conexant Systems Inc.)
S3 CxUSBDock; C:\Windows\system32\CxUSBDock32.exe [123008 2010-09-23] (Conexant Systems Inc.)
S2 DiskHealthMonitorService; C:\Program Files\Foolish IT\Disk Health Monitor\DiskHealthMonitorService.exe [266808 2017-01-07] (Foolish IT)
S2 isesrv; C:\Program Files\COMODO\Internet Security Essentials\isesrv.exe [118472 2016-12-06] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [137352 2015-09-21] (Sandboxie Holdings, LLC)
S4 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
S4 vToolbarUpdater40.2.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-25] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 BGPZIO; C:\Users\Admin\AppData\Local\Temp\BGPZIO.exe [X]
S2 WtuSystemSupport; "C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe" [X]
S4 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-07-30] (Atheros)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [259328 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
S0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 BRCMDECO; C:\Windows\System32\DRIVERS\BRCMHD32.sys [116224 2010-06-21] (Broadcom Corporation)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [256360 2010-07-30] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28200 2010-07-30] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [177704 2010-07-30] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [46952 2010-07-30] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143080 2010-07-30] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [230760 2010-07-31] (Atheros)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [27488 2016-12-28] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [659664 2016-12-28] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [53336 2016-12-28] (COMODO)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2015-08-31] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\Windows\System32\drivers\dfx12.sys [26104 2015-11-12] (Windows ® Win 7 DDK provider)
S1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [17472 2017-01-07] (Glarysoft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47056 2017-01-11] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [102696 2016-12-28] (COMODO)
S1 isedrv; C:\Windows\system32\drivers\isedrv.sys [39856 2016-12-06] (COMODO)
S3 LSM303DLH; C:\Windows\System32\DRIVERS\LSM303DLH.sys [28272 2010-09-21] (STMicroelectronics)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2017-01-11] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-12] (Malwarebytes)
S1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com) [File not signed]
S2 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-03-15] (CACE Technologies)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [165000 2015-09-21] (Sandboxie Holdings, LLC)
S2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
S4 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2015-08-03] (Wondershare)
S4 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2015-08-03] (Wondershare)
S4 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2015-08-03] (Wondershare)
S4 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2015-08-03] (Wondershare)
S4 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2015-08-03] (Wondershare)
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
S3 QWARQNet; system32\DRIVERS\QWARQNet.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Admin\AppData\Local\Temp\tmp3D17.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 09:45 - 2017-01-12 09:46 - 00047902 _____ C:\Users\Admin\Downloads\FRST.txt
2017-01-12 09:45 - 2017-01-12 09:45 - 00000000 ____D C:\FRST
2017-01-12 09:40 - 2017-01-12 09:40 - 01761280 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2017-01-11 21:34 - 2017-01-11 22:24 - 00001924 _____ C:\Users\Admin\Desktop\Rkill.txt
2017-01-11 21:34 - 2017-01-11 21:34 - 00000000 ____D C:\Users\Admin\Desktop\rkill
2017-01-11 21:15 - 2017-01-11 21:15 - 01425431 _____ C:\Users\Admin\Downloads\www_makeuseof_com_tag_fix_high_cpu_usage_windows.pdf
2017-01-11 20:11 - 2017-01-11 20:11 - 00011680 _____ C:\Users\Admin\Desktop\mwb scan.txt
2017-01-11 17:29 - 2017-01-12 09:27 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-11 17:29 - 2017-01-11 17:29 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-11 17:28 - 2017-01-12 09:26 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-11 17:27 - 2017-01-11 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-11 17:27 - 2017-01-11 17:27 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-11 17:27 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-11 17:26 - 2017-01-11 17:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\rkill.exe
2017-01-11 17:25 - 2017-01-11 17:26 - 54199488 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-1878.1878-3.0.5.1299.exe
2017-01-11 17:22 - 2017-01-11 17:22 - 00047056 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-01-11 17:15 - 2017-01-11 17:15 - 00313064 _____ C:\Users\Admin\Downloads\www_online_tech_tips_com_computer_tips_how_to_fix_svchostexe.pdf
2017-01-11 17:09 - 2017-01-12 09:26 - 00415108 _____ C:\Windows\ntbtlog.txt
2017-01-11 16:58 - 2016-12-13 20:20 - 00000048 ____H C:\boot.ini
2017-01-11 14:20 - 2017-01-11 14:22 - 00221154 _____ C:\TDSSKiller.3.1.0.12_11.01.2017_14.20.04_log.txt
2017-01-11 13:35 - 2017-01-11 14:19 - 00000000 ____D C:\Users\Admin\AppData\Local\NPE
2017-01-11 13:35 - 2017-01-11 13:35 - 00000000 ____D C:\ProgramData\Norton
2017-01-11 13:34 - 2017-01-11 13:34 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Admin\Downloads\tdsskiller (1).exe
2017-01-11 13:32 - 2017-01-11 13:33 - 03423928 _____ (Symantec Corporation) C:\Users\Admin\Downloads\NPE.exe
2017-01-11 00:47 - 2017-01-11 00:47 - 00000000 ____D C:\Program Files\Intel Corporation
2017-01-10 20:59 - 2017-01-10 21:00 - 00000000 ____D C:\Users\Admin\Downloads\TBCE
2017-01-10 20:59 - 2017-01-10 20:59 - 00219561 _____ C:\Users\Admin\Downloads\TBCE.zip
2017-01-10 09:03 - 2017-01-10 09:03 - 00603865 _____ C:\Users\Admin\Downloads\reflector_yolasite_com_reflections_to_ascend_without_divine.pdf
2017-01-09 23:44 - 2017-01-09 23:46 - 00000000 ____D C:\Users\Admin\Desktop\Toltec Warrior - The Petty Tyrant
2017-01-09 21:53 - 2017-01-11 10:29 - 00000000 ____D C:\ProgramData\r2 Studios
2017-01-09 14:45 - 2017-01-11 11:21 - 00000000 ____D C:\Users\Admin\Downloads\stinger32-epo(1)
2017-01-09 14:44 - 2017-01-09 14:44 - 17075081 _____ C:\Users\Admin\Downloads\stinger32-epo(1).zip
2017-01-09 11:46 - 2017-01-09 11:46 - 00105707 _____ C:\Users\Admin\Downloads\sourcedaddy_com_windows_7_windows_boot_performance_diagnosti.pdf
2017-01-08 23:30 - 2017-01-08 23:30 - 00000370 _____ C:\Users\Admin\Desktop\Beat Club 1970 - Jethro Tull_pirit_Free_Humble Pie_Renaissance.txt
2017-01-08 23:13 - 2017-01-08 23:24 - 875582905 _____ C:\Users\Admin\Downloads\Jethro Tull Live In Tampa 1976 Tullavision Full DVD.mp4
2017-01-08 23:01 - 2017-01-08 23:03 - 178935474 _____ C:\Users\Admin\Desktop\Beat Club 1970 - Jethro Tull_pirit_Free_Humble Pie_Renaissance 480p.mp4
2017-01-08 22:35 - 2017-01-08 22:35 - 00000654 _____ C:\Users\Admin\Desktop\Rush - Live at Laura Secord Secondary School 1974.txt
2017-01-08 22:33 - 2017-01-08 22:36 - 211459087 _____ C:\Users\Admin\Desktop\Rush - Live at Laura Secord Secondary School 1974 ᴴᴰ Full Concert 480p.mp4
2017-01-08 16:07 - 2017-01-11 11:21 - 00000000 ____D C:\Program Files\MiniBin
2017-01-08 16:06 - 2017-01-08 16:06 - 00087166 _____ C:\Users\Admin\Downloads\minibin.zip
2017-01-08 15:50 - 2017-01-08 15:59 - 00000000 ____D C:\Users\Admin\AppData\Local\RoboTask
2017-01-08 15:49 - 2017-01-11 11:21 - 00000000 ____D C:\Users\Admin\Downloads\RoboTaskSetup
2017-01-08 15:47 - 2017-01-08 15:47 - 00000000 ____D C:\Users\Admin\Downloads\OneLoupe
2017-01-07 19:17 - 2017-01-07 19:17 - 00000110 _____ C:\Users\Admin\Desktop\chkdsk_log.txt
2017-01-07 19:01 - 2017-01-07 18:55 - 00118784 _____ (Microsoft Corporation) C:\MSSTDFMT.DLL
2017-01-07 18:58 - 2017-01-07 18:55 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2017-01-07 18:55 - 2017-01-07 18:55 - 00118784 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\MSSTDFMT.DLL
2017-01-07 18:49 - 2017-01-07 18:49 - 05289984 _____ C:\Users\Admin\Downloads\msxml.msi
2017-01-07 18:42 - 2017-01-07 18:43 - 00000000 ____D C:\Users\Admin\Downloads\CheckDiskSetup
2017-01-07 18:42 - 2017-01-07 18:42 - 01354084 _____ C:\Users\Admin\Downloads\CheckDiskSetup.zip
2017-01-07 18:34 - 2017-01-07 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Health Monitor
2017-01-07 18:31 - 2017-01-07 18:31 - 00000000 ____D C:\Users\Admin\Downloads\DiskHealthMonitorSetup
2017-01-07 18:30 - 2017-01-07 18:30 - 02990712 _____ C:\Users\Admin\Downloads\DiskHealthMonitorSetup.zip
2017-01-07 14:58 - 2017-01-07 14:58 - 30806413 _____ C:\Users\Admin\Downloads\Dispelling the Eye of Horus 480p.mp4
2017-01-07 14:57 - 2017-01-07 14:58 - 122641126 _____ C:\Users\Admin\Downloads\Ancient Prophetic Text... 480p.mp4
2017-01-07 14:54 - 2017-01-07 14:55 - 95998554 _____ C:\Users\Admin\Downloads\Updates from the bear klanmother 480p.mp4
2017-01-07 12:06 - 2017-01-07 12:06 - 00017472 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUSBootStartup.sys
2017-01-07 12:06 - 2017-01-07 12:06 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Startup.lnk
2017-01-07 12:06 - 2017-01-07 12:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GlarySoft
2017-01-07 12:06 - 2017-01-07 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2017-01-07 12:06 - 2017-01-07 12:06 - 00000000 ____D C:\Program Files\Glarysoft
2017-01-07 12:05 - 2017-01-07 12:05 - 05788712 _____ C:\Users\Admin\Downloads\qssetup.exe
2017-01-06 23:29 - 2017-01-06 23:29 - 00477231 _____ C:\Users\Admin\Documents\SysInspector-CEX-PC-170106-2307.zip
2017-01-06 23:05 - 2017-01-06 23:05 - 00916254 _____ C:\Users\Admin\Desktop\WSA_SA_Report-Fri_2017-01-06_23-05-15.bmp
2017-01-06 23:05 - 2017-01-06 23:05 - 00000079 _____ C:\Users\Admin\Desktop\WSA_SA_Report-Fri_2017-01-06_23-05-15.html
2017-01-06 23:03 - 2017-01-06 23:04 - 00000000 ____D C:\ProgramData\WRData
2017-01-06 22:59 - 2017-01-06 22:59 - 03260728 _____ (ESET) C:\Users\Admin\Downloads\sysinspector_nt32_enu.exe
2017-01-06 20:11 - 2017-01-06 20:15 - 283751715 _____ C:\Users\Admin\Downloads\Once upon a time in Tibet[orginal.mp4
2017-01-06 20:10 - 2017-01-06 20:14 - 367679809 _____ C:\Users\Admin\Downloads\Zen (2009) - RO , EN subtitles 480p.mp4
2017-01-06 19:51 - 2017-01-06 19:55 - 467741001 _____ C:\Users\Admin\Downloads\Samsara (2001) (1).mp4
2017-01-06 18:38 - 2017-01-06 18:39 - 17086112 _____ (McAfee Inc) C:\Users\Admin\Downloads\stinger32.exe
2017-01-06 14:36 - 2017-01-06 18:21 - 00000000 ____D C:\ProgramData\FilerFrog
2017-01-05 22:49 - 2017-01-11 11:22 - 00000000 ____D C:\Users\Admin\Desktop\HomePage Maker
2017-01-05 22:49 - 2017-01-05 22:49 - 00481594 _____ C:\Users\Admin\Downloads\Homepage Maker.zip
2017-01-05 22:39 - 2017-01-05 22:40 - 00000000 ____D C:\Users\Admin\Desktop\Signal Netstat
2017-01-05 22:19 - 2017-01-05 22:22 - 00000000 ____D C:\Program Files\Taskbar Shuffle
2017-01-05 22:19 - 2017-01-05 22:19 - 00001058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Taskbar Shuffle.lnk
2017-01-05 22:18 - 2017-01-05 22:19 - 00645511 _____ (Jay Elaraj ) C:\Users\Admin\Downloads\ts2.5_setup.exe
2017-01-05 22:01 - 2017-01-11 11:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\StExBar
2017-01-05 21:59 - 2017-01-05 21:59 - 00000000 ____D C:\Program Files\StExBar
2017-01-05 21:53 - 2017-01-05 21:53 - 00364544 _____ C:\Users\Admin\Downloads\StExBar-1.8.6.msi
2017-01-05 17:38 - 2017-01-05 17:38 - 00001168 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Windows Access Panel.lnk
2017-01-05 17:35 - 2017-01-05 17:35 - 00454337 _____ C:\Users\Admin\Downloads\WAP.zip
2017-01-05 00:50 - 2017-01-05 00:50 - 00208921 _____ C:\Users\Admin\Downloads\www_bibliotecapleyades_net_huntley_esp_huntley_5_htm.pdf
2017-01-05 00:49 - 2017-01-05 00:49 - 00258226 _____ C:\Users\Admin\Downloads\www_bibliotecapleyades_net_vida_alien_voyag01b_htm.pdf
2017-01-04 16:48 - 2012-06-10 17:14 - 00000000 ____D C:\Users\Admin\Desktop\Pack de skins para RocketDock by TheBlasterFire
2017-01-03 21:22 - 2017-01-11 00:11 - 00000000 ____D C:\Users\Admin\Documents\Windows 7  Tips & Tricks [
2017-01-03 21:16 - 2017-01-03 21:16 - 00034503 _____ C:\Windows\system32\energy-report.html
2017-01-03 16:57 - 2017-01-03 17:02 - 00000000 ____D C:\Program Files\Terragen
2017-01-03 16:57 - 2017-01-03 16:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terragen
2017-01-03 16:55 - 2017-01-03 16:56 - 01684992 _____ C:\Users\Admin\Downloads\tginstall0943.msi
2017-01-03 13:42 - 2017-01-03 13:42 - 00000000 ___DL C:\Users\HomeGroupUser$\My Documents
2017-01-03 13:41 - 2017-01-03 13:41 - 00000000 ___DL C:\Users\Guest\My Documents
2017-01-03 13:41 - 2017-01-03 13:41 - 00000000 ___DL C:\Users\Administrator\My Documents
2017-01-03 02:16 - 2017-01-03 02:16 - 01643392 _____ C:\Users\Admin\Downloads\www_sevenforums_com_tutorials_700_system_restore_html.pdf
2017-01-03 02:08 - 2017-01-03 02:08 - 00099555 _____ C:\Users\Admin\Downloads\answers_microsoft_com_en_us_windows_forum_windows_7_system_s.pdf
2017-01-03 02:06 - 2017-01-03 02:06 - 00313709 _____ C:\Users\Admin\Downloads\neosmart_net_wiki_system_restore_did_not_complete_successful.pdf
2017-01-03 00:56 - 2017-01-03 00:56 - 00059044 _____ C:\Users\Admin\Downloads\comdlg32.zip
2017-01-02 23:47 - 2017-01-03 02:33 - 00000000 ____D C:\Program Files\WhySoSlow
2017-01-02 23:47 - 2016-12-17 19:59 - 00025856 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspWhy32.sys
2017-01-02 23:45 - 2017-01-02 23:45 - 02527360 _____ (Resplendence Software Projects Sp. ) C:\Users\Admin\Downloads\WhySoSlowSetup.exe
2017-01-02 23:24 - 2017-01-02 23:24 - 01628926 _____ C:\Users\Admin\Desktop\www_makeuseof_com_tag_13_windows_diagnostics_tools_check_pcs.pdf
2017-01-02 23:10 - 2017-01-02 23:10 - 00000000 _____ C:\Windows\system32\shoDF4C.tmp
2017-01-02 22:11 - 2017-01-02 22:11 - 00533944 _____ C:\Users\Admin\Documents\www_wired_com_2010_09_six_reasons_why_wired_uks_editor_isnt.pdf
2017-01-02 22:02 - 2017-01-02 22:02 - 00304999 _____ C:\Users\Admin\Downloads\rwash-homesec-soups10-final.pdf
2017-01-02 18:30 - 2017-01-02 18:30 - 00000000 _____ C:\Windows\system32\sho539E.tmp
2017-01-02 12:41 - 2017-01-02 12:41 - 00979880 _____ C:\Users\Admin\Downloads\www_sevenforums_com_tutorials_160855_shut_down_view_details.pdf
2017-01-02 12:39 - 2017-01-02 12:40 - 00000536 _____ C:\Users\Admin\Downloads\2_Second_Shutdown.reg
2017-01-02 01:05 - 2017-01-02 01:05 - 00000017 _____ C:\Windows\system32\shortcut_ex.dat
2017-01-01 22:45 - 2017-01-03 02:32 - 00000000 ____D C:\Users\Admin\Desktop\Tweaking.com - Windows Repair
2017-01-01 22:44 - 2017-01-01 22:44 - 30941413 _____ C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio.zip
2017-01-01 21:06 - 2017-01-11 11:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\CPUControl
2017-01-01 21:06 - 2017-01-03 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Control
2017-01-01 21:06 - 2017-01-03 02:33 - 00000000 ____D C:\Program Files\CPU-Control
2017-01-01 21:05 - 2017-01-03 02:33 - 00000000 ____D C:\Users\Admin\Downloads\CPU_Control(1)
2017-01-01 21:04 - 2017-01-01 21:04 - 00674189 _____ C:\Users\Admin\Downloads\CPU_Control(1).zip
2017-01-01 20:51 - 2017-01-01 20:51 - 00704206 _____ C:\Users\Admin\Desktop\www_tech_recipes_com_rx_37272_set_a_programs_affinity_in_win.pdf
2017-01-01 20:42 - 2017-01-01 20:42 - 00353025 _____ C:\Users\Admin\Desktop\www_techradar_com_news_computing_components_processors_how_t.pdf
2017-01-01 17:07 - 2017-01-03 02:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.1.2
2017-01-01 17:05 - 2017-01-01 17:06 - 06888519 _____ C:\Users\Admin\Downloads\EqualizerAPO32-1.1.2.exe
2017-01-01 14:33 - 2017-01-01 14:33 - 00000000 ____D C:\Users\Admin\AppData\Local\clink
2017-01-01 00:47 - 2017-01-01 00:48 - 25159170 _____ C:\Users\Admin\Downloads\Queen & Annie Lennox  & David Bowie - Under Pressure - HD.mp4
2016-12-31 19:00 - 2017-01-01 17:07 - 00000000 ____D C:\Program Files\EqualizerAPO
2016-12-31 18:57 - 2016-12-31 18:57 - 00500167 _____ C:\Users\Admin\Desktop\Equalizer APO_sourceforge_net_p_equalizerapo_wiki_Documentation.pdf
2016-12-31 15:15 - 2016-12-31 15:15 - 00133541 _____ C:\Users\Admin\Desktop\ss64_com_nt_run_html.pdf
2016-12-31 15:08 - 2016-12-31 15:08 - 00756052 _____ C:\Users\Admin\Desktop\www_sevenforums_com_tutorials_1538_sfc_scannow_command_syste.pdf
2016-12-31 04:52 - 2016-12-31 04:52 - 01427045 _____ C:\Users\Admin\Downloads\stikma_icons_by_otisbee.zip
2016-12-30 22:23 - 2016-12-30 22:56 - 00524288 ___SH C:\Users\Admin\ntuser.dat{a2211581-ceda-11e6-aa27-c2724254d824}.TMContainer00000000000000000002.regtrans-ms
2016-12-30 22:23 - 2016-12-30 22:56 - 00524288 ___SH C:\Users\Admin\ntuser.dat{a2211581-ceda-11e6-aa27-c2724254d824}.TMContainer00000000000000000001.regtrans-ms
2016-12-30 22:23 - 2016-12-30 22:56 - 00065536 ___SH C:\Users\Admin\ntuser.dat{a2211581-ceda-11e6-aa27-c2724254d824}.TM.blf
2016-12-30 21:10 - 2016-12-30 21:10 - 00174322 _____ C:\Users\Admin\Downloads\en_wikipedia_org_wiki_Strange_Euphoria (1).pdf
2016-12-30 21:08 - 2016-12-30 21:08 - 02494786 _____ C:\Users\Admin\Desktop\Ancient_Secret_of_the_Fountain_of_Youth_Peter_Kelder.pdf
2016-12-30 17:50 - 2016-12-30 18:06 - 00000000 ____D C:\Users\Admin\Desktop\Ten Years Gone - Best of Rock n Soul
2016-12-30 17:42 - 2015-10-13 18:19 - 05598721 _____ C:\Users\Admin\Desktop\Lynyrd Skynyrd - That Smell (lyrics).mp3
2016-12-30 16:43 - 2016-12-30 16:43 - 26452090 _____ C:\Users\Admin\Desktop\Moby - Wait For Me.mp4
2016-12-30 15:59 - 2016-12-30 15:59 - 00000685 _____ C:\Users\Admin\Documents\Reset Internet.txt
2016-12-30 14:44 - 2016-12-30 14:44 - 04110174 _____ C:\Users\Admin\Downloads\standalonestack2.zip
2016-12-30 09:54 - 2016-12-30 09:54 - 00069116 _____ C:\Users\Admin\Downloads\Rogue 1 bsod.jpg
2016-12-29 22:46 - 2016-12-29 22:46 - 02584576 _____ C:\Users\Admin\ntuser.dat.new
2016-12-29 22:46 - 2016-12-29 22:46 - 00524288 ___SH C:\Windows\system32\config\system.new{a792760a-cd9c-11e6-8e81-485d60ae01c7}.TMContainer00000000000000000002.regtrans-ms
2016-12-29 22:46 - 2016-12-29 22:46 - 00524288 ___SH C:\Windows\system32\config\system.new{a792760a-cd9c-11e6-8e81-485d60ae01c7}.TMContainer00000000000000000001.regtrans-ms
2016-12-29 22:46 - 2016-12-29 22:46 - 00065536 ___SH C:\Windows\system32\config\system.new{a792760a-cd9c-11e6-8e81-485d60ae01c7}.TM.blf
2016-12-29 15:23 - 2016-12-29 15:23 - 00007026 _____ C:\Users\Admin\Desktop\Sumo_Dec_2016export.txt
2016-12-29 15:19 - 2016-12-29 15:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KC Softwares
2016-12-29 15:18 - 2017-01-03 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares
2016-12-29 15:18 - 2016-12-29 15:18 - 00000000 ____D C:\Program Files\KC Softwares
2016-12-29 15:15 - 2016-12-29 15:15 - 01633984 _____ (KC Softwares ) C:\Users\Admin\Downloads\sumo_lite.exe
2016-12-29 14:48 - 2016-12-29 14:48 - 00270761 _____ C:\Users\Admin\Desktop\Speccy - CEX-PC.txt
2016-12-29 14:26 - 2016-12-29 14:26 - 00463484 _____ C:\Users\Admin\Desktop\www_watchingthenet_com_how_to_identify_unknown_network_conne.pdf
2016-12-29 10:26 - 2016-12-29 10:26 - 01354097 _____ C:\Users\Admin\Downloads\ProcessPigletPortable.zip
2016-12-29 09:08 - 2016-12-29 09:08 - 00914783 _____ C:\Users\Admin\Desktop\Sfc_scannow_win 7 filecheckerwww_sevenforums_com_tutorials_1538_sfc_scannow_command_syste.pdf
2016-12-29 01:35 - 2016-12-29 01:35 - 00524288 ___SH C:\Windows\system32\config\system.new{65b48bcc-cd44-11e6-944e-485d60ae01c7}.TMContainer00000000000000000002.regtrans-ms
2016-12-29 01:35 - 2016-12-29 01:35 - 00524288 ___SH C:\Windows\system32\config\system.new{65b48bcc-cd44-11e6-944e-485d60ae01c7}.TMContainer00000000000000000001.regtrans-ms
2016-12-29 01:35 - 2016-12-29 01:35 - 00065536 ___SH C:\Windows\system32\config\system.new{65b48bcc-cd44-11e6-944e-485d60ae01c7}.TM.blf
2016-12-29 01:20 - 2016-12-29 01:22 - 00002078 _____ C:\Users\Admin\Desktop\SE-TrayMenu.exe.lnk
2016-12-28 23:47 - 2016-12-28 23:47 - 00919929 _____ C:\Users\Admin\Desktop\40900.pdf
2016-12-28 23:26 - 2016-12-28 23:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2016-12-28 23:26 - 2016-12-28 23:26 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2016-12-28 23:26 - 2016-12-28 23:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2016-12-28 23:17 - 2016-12-28 23:17 - 00001870 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-12-28 23:14 - 2016-12-06 01:21 - 00235696 _____ (COMODO) C:\Windows\system32\iseguard32.dll
2016-12-28 23:14 - 2016-12-06 01:20 - 00039856 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
2016-12-28 23:13 - 2017-01-03 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-12-28 23:13 - 2016-12-28 23:37 - 00000000 ____D C:\Users\Admin\AppData\Local\Comodo
2016-12-28 23:13 - 2016-12-28 23:14 - 03858824 _____ (COMODO) C:\Windows\system32\ise_installer.exe
2016-12-28 23:12 - 2016-12-28 23:37 - 00000000 ____D C:\Program Files\Comodo
2016-12-28 23:09 - 2016-12-28 23:14 - 00000000 ____D C:\ProgramData\Comodo
2016-12-28 23:09 - 2016-12-28 23:09 - 00000000 ____D C:\ProgramData\Shared Space
2016-12-28 23:09 - 2016-12-28 23:09 - 00000000 ____D C:\ProgramData\Comodo Downloader
2016-12-28 22:59 - 2016-12-28 23:00 - 03256144 _____ (Check Point Software Technologies Ltd.) C:\Users\Admin\Downloads\clean.exe
2016-12-28 22:58 - 2016-12-28 22:58 - 05456576 _____ (COMODO) C:\Users\Admin\Downloads\cmd_fw_installer_6113_c7.exe
2016-12-28 22:18 - 2017-01-08 20:04 - 00524288 ___SH C:\Windows\system32\config\components{0df308d7-cd4a-11e6-94dd-485d60ae01c7}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 22:18 - 2017-01-08 20:04 - 00065536 ___SH C:\Windows\system32\config\components{0df308d7-cd4a-11e6-94dd-485d60ae01c7}.TM.blf
2016-12-28 22:18 - 2016-12-28 23:06 - 00524288 ___SH C:\Windows\system32\config\components{0df308d7-cd4a-11e6-94dd-485d60ae01c7}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 21:38 - 2016-12-28 22:05 - 00524288 ___SH C:\Users\Admin\ntuser.dat{65b48beb-cd44-11e6-944e-485d60ae01c7}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 21:38 - 2016-12-28 22:05 - 00524288 ___SH C:\Users\Admin\ntuser.dat{65b48beb-cd44-11e6-944e-485d60ae01c7}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 21:38 - 2016-12-28 22:05 - 00065536 ___SH C:\Users\Admin\ntuser.dat{65b48beb-cd44-11e6-944e-485d60ae01c7}.TM.blf
2016-12-28 21:24 - 2017-01-11 00:47 - 00000000 __SHD C:\Config.Msi
2016-12-28 19:39 - 2016-12-28 19:39 - 00592050 _____ (Florian Schwarz ) C:\Users\Admin\Downloads\BetterDesktopTool.exe
2016-12-28 18:47 - 2016-12-28 18:47 - 02095563 _____ C:\Users\Admin\Downloads\nexusfont_2.6.2.zip
2016-12-28 18:28 - 2016-12-28 18:29 - 00000000 ____D C:\Users\Admin\Desktop\QuickJump
2016-12-28 18:27 - 2016-12-28 18:27 - 00585679 _____ C:\Users\Admin\Downloads\QuickJump2016.zip
2016-12-28 17:39 - 2017-01-03 02:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Loonies
2016-12-28 17:39 - 2017-01-03 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loonies
2016-12-28 17:39 - 2016-12-28 17:39 - 00001279 _____ C:\Users\Admin\Desktop\Actual Booster.lnk
2016-12-28 17:39 - 2016-12-28 17:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Loonies
2016-12-28 17:39 - 2016-12-28 17:39 - 00000000 ____D C:\Program Files\Loonies
2016-12-28 17:31 - 2016-12-28 17:31 - 00092377 _____ (Loonies Software) C:\Users\Admin\Downloads\actual-booster-setup.exe
2016-12-28 00:57 - 2016-12-29 00:58 - 00000284 _____ C:\Windows\rss.INI
2016-12-28 00:48 - 2016-12-28 00:48 - 00000000 ____D C:\Users\Admin\AppData\Local\MenuApp
2016-12-28 00:47 - 2016-12-28 00:48 - 00000000 ____D C:\Program Files\menuApp1.0.0.34
2016-12-28 00:43 - 2016-12-28 00:43 - 00389179 _____ C:\Users\Admin\Downloads\menuApp1.0.0.34.zip
2016-12-28 00:21 - 2016-12-28 00:21 - 00659664 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-12-28 00:21 - 2016-12-28 00:21 - 00102696 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-12-28 00:21 - 2016-12-28 00:21 - 00053336 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-12-28 00:21 - 2016-12-28 00:21 - 00027488 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-12-28 00:20 - 2016-12-28 00:20 - 00044000 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-12-28 00:19 - 2016-12-28 00:19 - 00730824 _____ (COMODO) C:\Windows\system32\guard32.dll
2016-12-28 00:15 - 2016-12-28 00:15 - 00366776 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll
2016-12-28 00:15 - 2016-12-28 00:15 - 00194744 _____ (COMODO) C:\Windows\system32\cmdshim32.dll
2016-12-28 00:04 - 2016-12-28 00:55 - 00002268 _____ C:\Users\Admin\Desktop\Stick.exe.lnk
2016-12-27 23:45 - 2017-01-03 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stick
2016-12-27 23:45 - 2016-12-27 23:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Stick
2016-12-27 23:45 - 2016-12-27 23:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Stick Tabs
2016-12-27 23:45 - 2016-12-27 23:45 - 00000000 ____D C:\Program Files\Stick
2016-12-27 23:43 - 2016-12-27 23:43 - 04515394 _____ (iWonder Designs ) C:\Users\Admin\Downloads\Stick2.8.0.82.exe
2016-12-27 23:01 - 2016-12-27 23:02 - 00000000 ____D C:\Users\Admin\Desktop\SE-TrayMenu
2016-12-27 23:00 - 2016-12-27 23:00 - 00165711 _____ C:\Users\Admin\Downloads\SE-TrayMenu.zip
2016-12-27 22:18 - 2016-12-27 22:18 - 00000496 _____ C:\Users\Admin\Desktop\GRC Port Authority Report.txt
2016-12-27 22:03 - 2016-12-27 22:03 - 00000304 _____ C:\Users\Admin\Desktop\Stop ping requeast - Sky router.txt
2016-12-27 20:44 - 2016-12-27 20:44 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2016-12-27 20:38 - 2016-12-28 23:07 - 00000000 ____D C:\ProgramData\CheckPoint
2016-12-27 20:38 - 2016-12-28 23:03 - 00000000 ____D C:\Program Files\CheckPoint
2016-12-27 20:38 - 2016-12-27 20:38 - 05008256 _____ (Check Point Software Technologies Ltd.) C:\Users\Admin\Downloads\zafwSetupWeb_150_139_17085.exe
2016-12-27 02:48 - 2016-12-27 02:48 - 00000000 ____D C:\Users\Admin\AppData\Local\v_k_softwares
2016-12-27 02:47 - 2017-01-03 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yet Another (remote) Process Monitor
2016-12-27 02:47 - 2016-12-27 02:47 - 00000000 ____D C:\Program Files\Yet Another (remote) Process Monitor
2016-12-27 02:42 - 2016-12-27 02:42 - 00307266 _____ C:\Users\Admin\Downloads\wj32_org_processhacker_forums_viewtopic_php_t_75.pdf
2016-12-27 02:40 - 2016-12-27 02:40 - 01291784 _____ C:\Users\Admin\Downloads\name-uncover-meaning-windows-files-processes-33849.pdf
2016-12-27 02:38 - 2016-12-27 02:38 - 00003649 _____ C:\Users\Admin\Desktop\Hidden Processes.txt
2016-12-27 02:27 - 2016-12-27 02:28 - 00373724 _____ C:\Users\Admin\Downloads\www_softwarecrew_com_2009_11_how_to_manually_detect_malware.pdf
2016-12-27 02:25 - 2016-12-27 02:25 - 01087472 _____ (v_k softwares ) C:\Users\Admin\Downloads\YAPM-v2.4.2-Setup.exe
2016-12-27 02:23 - 2016-12-27 02:23 - 02624799 _____ C:\Users\Admin\Downloads\Process_Hacker_SANS_Jason_Fossen.pdf
2016-12-26 20:03 - 2016-12-26 20:04 - 00000000 ____D C:\Users\Admin\Documents\aerotuner
2016-12-26 20:02 - 2016-12-26 20:02 - 00372746 _____ C:\Users\Admin\Downloads\aerotuner.zip
2016-12-26 18:43 - 2016-12-26 18:43 - 06892672 _____ C:\Users\Admin\Downloads\token_by_brsev.zip
2016-12-26 15:25 - 2016-12-26 15:25 - 01902578 _____ (Bradley G. Miller) C:\Users\Admin\Downloads\a43setup.exe
2016-12-26 14:20 - 2016-12-26 14:21 - 00000000 ____D C:\Users\Admin\Desktop\active_window_button_theme
2016-12-26 14:13 - 2016-12-26 14:13 - 03532712 _____ C:\Users\Admin\Downloads\active_window_button_theme.zip
2016-12-26 02:02 - 2016-12-26 02:02 - 00000000 ____D C:\Users\Admin\AppData\Local\Advanced Port Scanner 2
2016-12-26 01:37 - 2016-12-26 01:37 - 00038899 _____ C:\Users\Admin\Downloads\seconfigxp.zip
2016-12-26 00:53 - 2017-01-12 09:26 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-26 00:53 - 2017-01-09 23:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-26 00:51 - 2017-01-11 17:29 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-26 00:51 - 2017-01-11 11:20 - 00000000 ____D C:\Users\Admin\Desktop\mbar
2016-12-26 00:49 - 2016-12-26 00:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.09.3.1001.exe
2016-12-26 00:28 - 2016-12-26 00:28 - 00018984 _____ C:\Users\Admin\Downloads\hh3(christmas message).gif
2016-12-24 22:11 - 2017-01-01 19:43 - 00000000 ____D C:\Users\Admin\Desktop\The Template - Juliet Carter)
2016-12-24 11:36 - 2017-01-03 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBM 5
2016-12-24 11:36 - 2016-12-24 11:57 - 00000000 ____D C:\Program Files\Motherboard Monitor 5
2016-12-24 11:36 - 2016-12-24 11:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MBM 5
2016-12-24 11:36 - 2004-04-10 09:42 - 00002944 _____ (cansoft@livewiredev.com) C:\Windows\system32\mbmiodrvr.sys
2016-12-24 11:30 - 2016-12-24 11:30 - 01282759 _____ (Alexander van Kaam ) C:\Users\Admin\Downloads\mbm5370.exe
2016-12-24 00:13 - 2016-12-24 00:13 - 00045597 _____ C:\Users\Admin\Downloads\driverview.zip
2016-12-23 23:44 - 2016-12-23 23:44 - 00000000 ____D C:\ProgramData\WinaeroTweaker
2016-12-23 23:09 - 2016-12-23 23:10 - 00242678 _____ C:\Users\Admin\Downloads\TaskBarPinner.zip
2016-12-23 23:05 - 2016-12-23 23:05 - 00423705 _____ C:\Users\Admin\Downloads\ete.zip
2016-12-23 22:58 - 2016-12-23 22:58 - 00003227 _____ C:\Users\Admin\Downloads\restartexplorer.zip
2016-12-23 22:19 - 2016-12-23 22:29 - 00002697 _____ C:\Users\Admin\Desktop\Firefox Addons.txt
2016-12-22 21:36 - 2016-12-22 21:39 - 00002812 _____ C:\Users\Admin\Desktop\GIMP.lnk
2016-12-22 21:15 - 2016-12-22 21:21 - 00002440 _____ C:\Users\Admin\Desktop\CCleaner.lnk
2016-12-22 20:50 - 2016-12-22 22:20 - 00524288 ___SH C:\Users\Admin\ntuser.dat{972b81a6-c87e-11e6-8bae-f5495d70654d}.TMContainer00000000000000000002.regtrans-ms
2016-12-22 20:50 - 2016-12-22 22:20 - 00524288 ___SH C:\Users\Admin\ntuser.dat{972b81a6-c87e-11e6-8bae-f5495d70654d}.TMContainer00000000000000000001.regtrans-ms
2016-12-22 20:50 - 2016-12-22 22:20 - 00065536 ___SH C:\Users\Admin\ntuser.dat{972b81a6-c87e-11e6-8bae-f5495d70654d}.TM.blf
2016-12-22 19:56 - 2016-12-22 19:56 - 00000000 ____D C:\Users\Admin\Downloads\UxStyle_Core_jul13_bits
2016-12-22 19:37 - 2016-12-22 19:37 - 03038128 _____ C:\Users\Admin\Downloads\UxStyle_Core_jul13_bits.zip
2016-12-22 19:00 - 2009-06-23 17:50 - 00000000 ____D C:\Users\Admin\U-Fo Docklets + Clock
2016-12-22 18:40 - 2016-12-22 18:41 - 00006808 _____ C:\Users\Admin\Downloads\white__rocketdock_by_fsdown.zip
2016-12-21 20:21 - 2016-12-21 21:05 - 449886746 _____ C:\Users\Admin\Downloads\Watch Rogue One A Star Wars Story Online Free Putlocker  Putlocker - Watch Movies Online Free.mp4
2016-12-21 04:31 - 2016-12-21 04:36 - 151843872 _____ C:\Users\Admin\Downloads\Fleetwood_Mac_-_Destiny_Rules_Full_Documentary[www.MP3Fiber.com].mp3
2016-12-21 04:27 - 2016-12-21 04:32 - 27861296 _____ C:\Users\Admin\Downloads\Fleetwood_Mac_-_Isle_Of_Wight_Festival_2015_Official_Video[www.MP3Fiber.com].mp3
2016-12-21 04:12 - 2016-12-21 04:16 - 141828903 _____ C:\Users\Admin\Downloads\Fleetwood_Mac_-_The_Tango_In_The_Night_Tour_Full_Concert[www.MP3Fiber.com].mp4
2016-12-21 03:59 - 2016-12-21 03:59 - 09583105 _____ C:\Users\Admin\Downloads\Ofra_Haza_-_Kashmir[www.MP3Fiber.com].mp3
2016-12-21 03:54 - 2016-12-21 03:57 - 89411605 _____ C:\Users\Admin\Downloads\Merlins Magic  Reiki Light Touch.mp3
2016-12-20 20:29 - 2016-12-20 20:29 - 00001546 _____ C:\Users\Admin\Desktop\Windows Update tech - Dec 2016.txt
2016-12-20 05:49 - 2016-12-20 21:18 - 00524288 ___SH C:\Users\Admin\ntuser.dat{4106212f-c676-11e6-bda4-fcf75827e94d}.TMContainer00000000000000000002.regtrans-ms
2016-12-20 05:49 - 2016-12-20 21:18 - 00524288 ___SH C:\Users\Admin\ntuser.dat{4106212f-c676-11e6-bda4-fcf75827e94d}.TMContainer00000000000000000001.regtrans-ms
2016-12-20 05:49 - 2016-12-20 21:18 - 00065536 ___SH C:\Users\Admin\ntuser.dat{4106212f-c676-11e6-bda4-fcf75827e94d}.TM.blf
2016-12-19 23:04 - 2016-12-19 23:18 - 00524288 ___SH C:\Users\Admin\ntuser.dat{f5456d71-c63c-11e6-901d-d513cb56e832}.TMContainer00000000000000000002.regtrans-ms
2016-12-19 23:04 - 2016-12-19 23:18 - 00524288 ___SH C:\Users\Admin\ntuser.dat{f5456d71-c63c-11e6-901d-d513cb56e832}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 23:04 - 2016-12-19 23:18 - 00065536 ___SH C:\Users\Admin\ntuser.dat{f5456d71-c63c-11e6-901d-d513cb56e832}.TM.blf
2016-12-19 22:47 - 2016-12-19 22:58 - 00524288 ___SH C:\Users\Admin\ntuser.dat{e54d42be-c639-11e6-a709-afcbd98fda33}.TMContainer00000000000000000002.regtrans-ms
2016-12-19 22:47 - 2016-12-19 22:58 - 00524288 ___SH C:\Users\Admin\ntuser.dat{e54d42be-c639-11e6-a709-afcbd98fda33}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 22:47 - 2016-12-19 22:58 - 00065536 ___SH C:\Users\Admin\ntuser.dat{e54d42be-c639-11e6-a709-afcbd98fda33}.TM.blf
2016-12-19 22:31 - 2016-12-19 22:31 - 07687027 _____ C:\Users\Admin\Downloads\ccsetup525(1).zip
2016-12-19 22:25 - 2016-12-19 22:41 - 00524288 ___SH C:\Users\Admin\ntuser.dat{bb8afaa3-c630-11e6-b08e-80a1db8c9327}.TMContainer00000000000000000002.regtrans-ms
2016-12-19 22:25 - 2016-12-19 22:41 - 00524288 ___SH C:\Users\Admin\ntuser.dat{bb8afaa3-c630-11e6-b08e-80a1db8c9327}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 22:25 - 2016-12-19 22:41 - 00065536 ___SH C:\Users\Admin\ntuser.dat{bb8afaa3-c630-11e6-b08e-80a1db8c9327}.TM.blf
2016-12-19 22:11 - 2016-12-19 22:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Songbird2
2016-12-19 21:36 - 2016-12-19 21:46 - 00000023 _____ C:\Users\Admin\Downloads\cc_config.ini
2016-12-19 21:30 - 2016-12-19 21:31 - 07687027 _____ C:\Users\Admin\Downloads\ccsetup525.zip
2016-12-19 20:24 - 2016-12-19 20:24 - 00000000 _____ C:\Windows\system32\sho53F5.tmp
2016-12-19 20:00 - 2016-12-19 20:00 - 00707354 _____ C:\Windows\unins000.exe
2016-12-19 20:00 - 2016-12-19 20:00 - 00001529 _____ C:\Windows\unins000.dat
2016-12-19 20:00 - 2016-12-19 20:00 - 00000000 ____D C:\Windows\system32\GPBAK
2016-12-19 20:00 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2016-12-19 20:00 - 2001-08-23 13:00 - 00034871 _____ C:\Windows\system32\gpedit.msc
2016-12-19 19:56 - 2016-12-19 19:56 - 00875012 _____ C:\Users\Admin\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm.zip
2016-12-19 18:26 - 2016-12-19 18:26 - 00579285 _____ C:\Users\Admin\Downloads\Contact Recordings 14 12 to 15 12 16.pdf
2016-12-19 09:56 - 2016-12-19 20:24 - 00524288 ___SH C:\Windows\system32\config\components{afb6bb8d-c5cb-11e6-be01-d3e224a3625a}.TMContainer00000000000000000002.regtrans-ms
2016-12-19 09:56 - 2016-12-19 20:24 - 00524288 ___SH C:\Windows\system32\config\components{afb6bb8d-c5cb-11e6-be01-d3e224a3625a}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 09:56 - 2016-12-19 20:24 - 00065536 ___SH C:\Windows\system32\config\components{afb6bb8d-c5cb-11e6-be01-d3e224a3625a}.TM.blf
2016-12-18 17:43 - 2016-12-18 17:43 - 00524288 ___SH C:\Users\Public\NTUSER.DAT{77f8245c-c513-11e6-a320-485d60ae01c7}.TMContainer00000000000000000002.regtrans-ms
2016-12-18 17:43 - 2016-12-18 17:43 - 00524288 ___SH C:\Users\Public\NTUSER.DAT{77f8245c-c513-11e6-a320-485d60ae01c7}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 17:43 - 2016-12-18 17:43 - 00065536 ___SH C:\Users\Public\NTUSER.DAT{77f8245c-c513-11e6-a320-485d60ae01c7}.TM.blf
2016-12-18 17:34 - 2016-12-18 17:34 - 00000000 ____D C:\Program Files\McAfee
2016-12-18 17:33 - 2016-12-18 18:43 - 00000000 ____D C:\Program Files\stinger
2016-12-18 17:29 - 2016-12-18 17:30 - 02105760 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HousecallLauncher.exe
2016-12-18 17:25 - 2016-12-18 17:25 - 17011936 _____ C:\Users\Admin\Downloads\stinger32-epo.zip
2016-12-18 13:37 - 2017-01-03 02:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7+ Taskbar Tweaker
2016-12-17 22:56 - 2017-01-03 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParkControl
2016-12-17 19:29 - 2016-12-17 19:29 - 00404711 _____ C:\Users\Admin\Downloads\PerfMonZip.zip
2016-12-17 18:56 - 2016-12-17 19:07 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BatteryBar
2016-12-17 17:37 - 2016-12-17 17:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Process Hacker 2
2016-12-17 17:34 - 2016-12-17 17:34 - 03392412 _____ C:\Users\Admin\Downloads\processhacker-2.39-bin.zip
2016-12-17 02:10 - 2016-12-17 02:10 - 00280507 _____ C:\Users\Admin\Downloads\Boulders_in_the_Stream(2).pdf
2016-12-17 02:10 - 2016-12-17 02:10 - 00280507 _____ C:\Users\Admin\Downloads\Boulders_in_the_Stream(1).pdf
2016-12-17 02:09 - 2016-12-17 02:09 - 00280507 _____ C:\Users\Admin\Downloads\Boulders_in_the_Stream.pdf
2016-12-17 01:41 - 2016-12-17 01:41 - 00336193 _____ C:\Users\Admin\Downloads\wnetwatcher.zip
2016-12-17 01:30 - 2016-12-17 01:30 - 00000000 ____D C:\Users\Admin\.swt
2016-12-16 22:06 - 2016-12-04 02:01 - 00015867 _____ C:\Windows\system32\empty.ico
2016-12-16 21:59 - 2016-12-16 21:59 - 00002077 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Books library.lnk
2016-12-16 21:54 - 2016-12-16 21:58 - 00002008 _____ C:\Users\Admin\Desktop\Books library.lnk
2016-12-16 20:49 - 2017-01-03 02:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Internet Meter Lite
2016-12-16 20:49 - 2016-12-22 19:38 - 00000000 ____D C:\Program Files\Simple Internet Meter Lite
2016-12-16 20:49 - 2016-12-16 20:49 - 00000000 ____D C:\Program Files\WinPcap
2016-12-16 20:48 - 2016-12-16 20:49 - 00010590 _____ C:\Windows\Simple Internet Meter Lite Setup Log.txt
2016-12-16 20:48 - 2016-12-16 20:48 - 03447316 _____ C:\Users\Admin\Downloads\simple_internet_meter_lite_setup.exe
2016-12-16 18:15 - 2016-12-16 18:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WeatherWatcherLive
2016-12-16 17:22 - 2016-12-16 17:23 - 00294939 _____ C:\Users\Admin\Downloads\KMP 2.zip
2016-12-16 17:22 - 2016-12-16 17:22 - 00384230 _____ C:\Users\Admin\Downloads\Echo Tube.zip
2016-12-16 17:22 - 2016-12-16 17:22 - 00294647 _____ C:\Users\Admin\Downloads\KMP.zip
2016-12-16 17:10 - 2016-12-16 17:10 - 00035290 _____ C:\Users\Admin\Downloads\Sapphire v3(dark)W7.rsn.zip
2016-12-16 00:22 - 2016-12-16 21:51 - 00000000 ___RD C:\Users\Admin\Documents\Books library 1
2016-12-16 00:10 - 2016-12-16 00:18 - 707232043 _____ C:\Users\Admin\Downloads\eBooks.zip
2016-12-15 23:58 - 2016-12-15 23:58 - 00082449 _____ C:\Users\Admin\Downloads\boe.txt.gz
2016-12-14 21:52 - 2016-12-14 21:52 - 00076489 _____ C:\Users\Admin\Downloads\tcplogview.zip
2016-12-14 07:55 - 2016-12-14 07:55 - 00823688 _____ (Bitsum LLC) C:\Users\Admin\Downloads\parkcontrolsetup32.exe
2016-12-13 15:37 - 2016-12-13 15:37 - 00000579 _____ C:\Users\Admin\Documents\Bleepinf Forum - Activation issue  - possible solution.txt
2016-12-13 10:57 - 2015-08-06 17:44 - 01498112 _____ (Microsoft Corporation) C:\Users\Admin\Documents\ExplorerFrame.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 09:45 - 2016-11-18 17:11 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-01-12 09:30 - 2011-04-12 10:21 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-12 09:30 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf
2017-01-11 21:56 - 2015-12-29 19:08 - 00000000 ____D C:\ProgramData\MFAData
2017-01-11 21:53 - 2016-01-03 06:45 - 00000000 ____D C:\Users\Admin\AppData\Local\ClassicShell
2017-01-11 21:51 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-11 21:35 - 2009-07-14 04:34 - 00022240 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-11 21:35 - 2009-07-14 04:34 - 00022240 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-11 17:32 - 2015-08-21 20:27 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2017-01-11 17:27 - 2015-10-02 21:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-11 16:37 - 2015-07-23 10:52 - 00061112 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-11 16:36 - 2009-07-14 04:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-11 16:35 - 2009-07-14 04:33 - 00278184 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-11 13:00 - 2009-07-14 02:03 - 41418752 _____ C:\Windows\system32\config\software.old
2017-01-11 13:00 - 2009-07-14 02:03 - 35803136 _____ C:\Windows\system32\config\components.old
2017-01-11 13:00 - 2009-07-14 02:03 - 23855104 _____ C:\Windows\system32\config\system.old
2017-01-11 13:00 - 2009-07-14 02:03 - 00909312 _____ C:\Windows\system32\config\default.old
2017-01-11 13:00 - 2009-07-14 02:03 - 00057344 _____ C:\Windows\system32\config\sam.old
2017-01-11 13:00 - 2009-07-14 02:03 - 00024576 _____ C:\Windows\system32\config\security.old
2017-01-11 12:43 - 2015-05-06 09:29 - 00000000 ____D C:\Windows\pss
2017-01-11 12:30 - 2015-08-19 15:25 - 00000000 ____D C:\Users\Admin\Documents\Portable Apps
2017-01-11 11:24 - 2016-12-11 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHotKey
2017-01-11 11:24 - 2016-12-11 20:59 - 00000000 ____D C:\Program Files\WinHotKey
2017-01-11 11:24 - 2015-07-23 10:51 - 00000000 ____D C:\Users\Admin
2017-01-11 11:23 - 2014-12-22 08:43 - 00000000 ____D C:\Users\CeX
2017-01-11 11:22 - 2016-12-09 20:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Free Desktop Clock 3
2017-01-11 11:22 - 2016-11-23 20:45 - 00000000 ____D C:\Windows\W7SOC
2017-01-11 11:22 - 2015-08-25 21:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Dell Edoc Viewer
2017-01-11 11:22 - 2015-08-21 21:26 - 00000000 ____D C:\Users\Admin\Documents\CyberLink
2017-01-11 11:22 - 2015-08-18 17:49 - 00000000 ____D C:\Users\Admin\AppData\Local\ArcSoft
2017-01-11 11:22 - 2011-04-12 11:35 - 00000000 ____D C:\Users\Public\Documents\Atheros
2017-01-11 11:22 - 2011-04-12 11:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-01-11 11:22 - 2011-04-12 10:50 - 00000000 ____D C:\ProgramData\Temp
2017-01-11 11:22 - 2011-04-12 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Suite
2017-01-11 11:22 - 2011-04-12 10:29 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2017-01-11 11:22 - 2011-04-12 10:29 - 00000000 ____D C:\Program Files\Dell
2017-01-11 11:22 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-01-11 11:21 - 2015-08-30 14:11 - 00000000 ____D C:\AstroWin
2017-01-11 11:21 - 2011-04-12 10:34 - 00000000 ____D C:\Program Files\Dell Wireless
2017-01-11 11:21 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\registration
2017-01-11 11:20 - 2015-08-19 20:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\SoftGrid Client
2017-01-11 11:02 - 2015-08-19 20:35 - 00007663 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2017-01-07 18:44 - 2015-10-08 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2017-01-07 18:44 - 2015-10-08 09:43 - 00000000 ____D C:\Program Files\Foolish IT
2017-01-07 11:34 - 2011-04-12 11:35 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2017-01-04 18:42 - 2015-08-19 18:52 - 00380825 _____ C:\ProgramData\GeorgeYohngVST.ini
2017-01-03 22:08 - 2015-10-08 10:22 - 00002326 _____ C:\Windows\Sandboxie.ini
2017-01-03 20:46 - 2016-12-10 15:05 - 00000405 _____ C:\Users\Admin\Desktop\John McPheat - Transits Dec 2016 - March 2017.txt
2017-01-03 14:51 - 2011-04-12 10:44 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup
2017-01-03 14:50 - 2009-07-14 02:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_199
2017-01-03 13:43 - 2016-04-21 22:07 - 00000000 ____D C:\Users\HomeGroupUser$
2017-01-03 13:42 - 2016-04-21 22:07 - 00000000 ____D C:\Users\Guest
2017-01-03 13:41 - 2016-04-21 22:07 - 00000000 ____D C:\Users\Administrator
2017-01-03 12:50 - 2015-12-29 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-03 02:34 - 2016-01-03 19:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ProcessLasso
2017-01-03 02:33 - 2016-12-09 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Desktop Clock
2017-01-03 02:33 - 2016-12-04 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Preloader
2017-01-03 02:33 - 2016-11-19 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriveGLEAM
2016-12-30 22:20 - 2009-07-14 07:48 - 00000000 ____D C:\Windows\ehome
2016-12-30 22:20 - 2009-07-14 04:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-12-30 22:20 - 2009-07-14 04:52 - 00000000 ____D C:\Program Files\Windows Media Player
2016-12-30 22:20 - 2009-07-14 04:52 - 00000000 ____D C:\Program Files\DVD Maker
2016-12-30 22:20 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\migration
2016-12-30 22:20 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\en-US
2016-12-30 22:20 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-12-30 21:51 - 2009-07-14 07:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-12-29 22:46 - 2016-11-29 14:00 - 00089088 ___SH C:\Windows\system32\config\system.new.LOG1
2016-12-29 21:13 - 2016-01-09 10:01 - 00000000 ____D C:\ProgramData\Zoom Player
2016-12-29 02:40 - 2014-12-22 08:47 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-12-28 23:34 - 2009-07-14 02:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-28 21:58 - 2015-09-05 10:02 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2016-12-28 18:31 - 2015-10-05 11:53 - 00000000 ____D C:\Users\Admin\Documents\Armando Torres  - Encounters With The Nagual
2016-12-28 10:21 - 2015-07-23 10:52 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-26 20:41 - 2016-11-28 20:00 - 00000000 ____D C:\Users\Admin\Documents\Bluetooth Folder
2016-12-23 08:59 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF
2016-12-22 21:29 - 2010-03-06 21:12 - 00002949 _____ C:\Users\Admin\Desktop\Windows Update Troubleshoot.lnk
2016-12-22 21:29 - 2010-01-28 21:30 - 00002256 _____ C:\Users\Admin\Desktop\Windows Update.lnk
2016-12-22 20:54 - 2014-12-22 08:43 - 01310720 ___SH C:\Users\CeX\ntuser.dat
2016-12-20 05:49 - 2011-04-12 11:12 - 00000000 ____D C:\Program Files\Dell Support Center
2016-12-19 23:46 - 2014-12-24 16:00 - 00000000 ____D C:\ProgramData\PCDr
2016-12-19 20:00 - 2011-04-09 10:44 - 00901344 _____ (Richard ) C:\Users\Admin\Desktop\setup.exe
2016-12-19 13:53 - 2016-06-18 23:11 - 03103754 _____ C:\Windows\PhotoFiltre-Wallpaper.bmp
2016-12-18 17:43 - 2009-07-14 02:37 - 00000000 ____D C:\Users\Public
2016-12-17 22:56 - 2016-11-21 11:56 - 00000000 ____D C:\Program Files\ParkControl
2016-12-17 01:41 - 2016-11-13 13:45 - 00018048 _____ C:\Users\Admin\Desktop\readme.txt
2016-12-16 21:52 - 2015-09-26 16:12 - 00000000 ___RD C:\Users\Admin\Documents\Astrology -charts
2016-12-16 18:14 - 2009-07-14 02:37 - 00000000 __RSD C:\Windows\Fonts
2016-12-16 07:42 - 2016-12-12 03:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-15 23:47 - 2016-11-18 11:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-15 08:43 - 2015-06-02 19:53 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 17:02 - 2015-07-23 10:51 - 00000000 ___RD C:\Users\Admin\Videos
2016-12-14 07:50 - 2016-01-03 19:16 - 00000000 ____D C:\Program Files\Process Lasso
2016-12-13 23:01 - 2015-07-23 10:51 - 00000000 ___RD C:\Users\Admin\Music
2016-12-13 22:50 - 2009-07-14 02:37 - 00000000 ____D C:\Users\Public\Pictures
2016-12-13 20:20 - 2009-07-14 02:04 - 00000010 __RSH C:\config.sys
2016-12-13 13:21 - 2016-12-12 11:32 - 00000000 ____D C:\Windows\system32\W7NBC

==================== Files in the root of some directories =======

2016-11-18 21:36 - 2016-11-18 21:36 - 0000046 _____ () C:\Users\Admin\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
2016-06-27 21:46 - 2016-06-27 21:46 - 0000058 _____ () C:\Users\Admin\AppData\Local\DonationCoder_LaunchBarCommander_InstallInfo.dat
2015-08-19 20:35 - 2017-01-11 11:02 - 0007663 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-08-19 18:52 - 2017-01-04 18:42 - 0380825 _____ () C:\ProgramData\GeorgeYohngVST.ini
2016-04-23 20:33 - 2016-04-23 20:33 - 0000078 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Admin\AppData\Roaming\Interstatnogui\interstatnogui.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-03 19:06

==================== End of FRST.txt ============================


Edited by Wolverine 7, 12 January 2017 - 08:10 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 14 January 2017 - 10:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui:  [X]
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Run: [Interstatnogui] => C:\Users\Admin\AppData\Roaming\Interstatnogui\interstatnogui.exe [591360 2015-10-08] (Global surveys) <===== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-983945671-1128886989-1093207546-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={76D1B91F-8FE1-49F2-8072-E68C404F5433}&mid=85cd0af6e06247cc85ff69e794f764a9-e72feae3df941b78b3e3fa83c5ec1fb1369a9e63&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516avz&pr=fr&d=2016-04-25 21:28:45&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-983945671-1128886989-1093207546-1003 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: AnVirDisabled\vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File []
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
S4 vToolbarUpdater40.2.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-25] (AVG Secure Search)
S4 BGPZIO; C:\Users\Admin\AppData\Local\Temp\BGPZIO.exe [X]
S2 WtuSystemSupport; "C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe" [X]
S4 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe" [X]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
S3 QWARQNet; system32\DRIVERS\QWARQNet.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Admin\AppData\Local\Temp\tmp3D17.tmp [X]
C:\Users\Admin\AppData\Roaming\Interstatnogui

cmd: netsh winsock reset catalog
Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.
===

If the computer is still running slow I suspect that AVG and Comodo are enabled and working in real life, it may be the cause.
Please disable one of them and test if the problem persists.

Please post the Fixlog.txt and include the Addition.txt log created by the Farbar tool for my review.

#3 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:12:47 AM

Posted 14 January 2017 - 11:54 AM

nasdag,thanks,you are a superstar..will follow instructions and get right back



#4 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:12:47 AM

Posted 14 January 2017 - 03:45 PM

Hi,cpu more normal now,sometimes very high when browsing...Just noticed Sandboxie wont run anything or run a Sandboxed webrowser (although ff.exe shows in task man..possible rootkit?i could look at the sandboxie stuff in processmontor and see if anytihng looks wrong might be a start.

 

 

 

Here are logs (Fixlog.txt)

 

Thanks again for your assist,hugely appreciated.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 14-01-2017
Ran by Admin (14-01-2017 16:09:25) Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui:  [X]
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Run: [Interstatnogui] => C:\Users\Admin\AppData\Roaming\Interstatnogui\interstatnogui.exe [591360 2015-10-08] (Global surveys) <===== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-983945671-1128886989-1093207546-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={76D1B91F-8FE1-49F2-8072-E68C404F5433}&mid=85cd0af6e06247cc85ff69e794f764a9-e72feae3df941b78b3e3fa83c5ec1fb1369a9e63&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516avz&pr=fr&d=2016-04-25 21:28:45&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-983945671-1128886989-1093207546-1003 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: AnVirDisabled\vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File []
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
S4 vToolbarUpdater40.2.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-25] (AVG Secure Search)
S4 BGPZIO; C:\Users\Admin\AppData\Local\Temp\BGPZIO.exe [X]
S2 WtuSystemSupport; "C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe" [X]
S4 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe" [X]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
S3 QWARQNet; system32\DRIVERS\QWARQNet.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Admin\AppData\Local\Temp\tmp3D17.tmp [X]
C:\Users\Admin\AppData\Roaming\Interstatnogui

cmd: netsh winsock reset catalog
Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully.
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Interstatnogui => value not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009 => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully.
HKCR\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key not found.
HKU\S-1-5-21-983945671-1128886989-1093207546-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully.
HKCR\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key not found.
HKCR\PROTOCOLS\Handler\AnVirDisabled\vipresg => key not found.
HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => key not found.
HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key removed successfully.
Chrome HomePage => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
Chrome DefaultSuggestURL => removed successfully.
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb => moved successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\vToolbarUpdater40.2.9 => key removed successfully.
vToolbarUpdater40.2.9 => service removed successfully.
HKLM\System\CurrentControlSet\Services\BGPZIO => key removed successfully.
BGPZIO => service removed successfully.
HKLM\System\CurrentControlSet\Services\WtuSystemSupport => key removed successfully.
WtuSystemSupport => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAPrivacyService => key removed successfully.
ZAPrivacyService => service removed successfully.
HKLM\System\CurrentControlSet\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0 => key removed successfully.
PCDSRVC{E9D79540-57D5953E-06020101}_0 => service removed successfully.
HKLM\System\CurrentControlSet\Services\QWARQNet => key removed successfully.
QWARQNet => service removed successfully.
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => key removed successfully.
WinRing0_1_2_0 => service removed successfully.
"C:\Users\Admin\AppData\Roaming\Interstatnogui" => not found.

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3136802 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 326419 B
Edge => 0 B
Chrome => 138721142 B
Firefox => 45660138 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 24675 B
LocalService => 164909 B
NetworkService => 6660 B
CeX => 160045 B
Admin => 15812879 B

RecycleBin => 129299131 B
EmptyTemp: => 325.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:11:47 ====

 

 

===

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2017
Ran by Admin (12-01-2017 09:48:49)
Running from C:\Users\Admin\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2014-12-22 08:43:18)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-983945671-1128886989-1093207546-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-983945671-1128886989-1093207546-500 - Administrator - Disabled)
Guest (S-1-5-21-983945671-1128886989-1093207546-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-983945671-1128886989-1093207546-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Comodo Defense+ (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3RVX (HKLM\...\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}) (Version: 2.5 - matt.malensek.net)
7+ Taskbar Tweaker v5.2.1 (HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\7 Taskbar Tweaker) (Version: 5.2.1 - RaMMicHaeL)
A43 File Management Utility 3.90 (HKLM\...\A43 File Management Utility) (Version: 3.90 - Bradley G. Miller)
AbstractCurves (HKLM\...\AbstractCurves AbstractCurves 1) (Version: 1.190 - AbstractCurves Software)
Accelerometer-Magnetometer (HKLM\...\{862892F1-2158-451D-82EC-4112E5DD8A93}) (Version: 1.00.0028 - STMicroelectronics)
Actual Booster 3.2 (HKLM\...\Actual Booster) (Version: 3.2 - Loonies Software)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Aiseesoft Video Converter Ultimate 9.0.18 (HKLM\...\{BD446D04-7426-4a27-9B0B-33B0C386F71B}_is1) (Version: 9.0.18 - Aiseesoft Studio)
AstroWin v3.67 (HKLM\...\AstroWin_is1) (Version:  - Allen Edwall/AstroWin)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.131.7924 - AVG Technologies) Hidden
AVG (Version: 16.141.7996 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7996 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.1.0.22 - Atheros Communications)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom CrystalHD Decoder (HKLM\...\{A2312A99-3F31-4ED0-854D-61424B78B0F7}) (Version: 3.5.0.32 - Broadcom Corporation)
CeX Video Saver Mini HD Screensaver (HKLM\...\CeX Video Saver Mini HD Screensaver) (Version:  - )
CheckDisk 1.5.4 (HKLM\...\{ECEEEDD8-67B5-4DEC-BF93-8BCE6C6663DB}_is1) (Version:  - Foolish IT)
Classic Shell (HKLM\...\{8EA72B6A-D11E-4B91-8657-364F4B21347F}) (Version: 4.2.5 - IvoSoft)
ClocX (1.6.0) (HKLM\...\ClocX) (Version:  - )
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.)
COMODO Firewall (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.126.0.62 - Conexant)
CPU-Control (HKLM\...\CPU-Control_is1) (Version:  - Koma-Code)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink YouPaint (HKLM\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.2124 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DCoder Image Source (remove only) (HKLM\...\DCoder Image Source) (Version:  - )
Dell BookStage Setup (HKLM\...\{32C38CC6-376C-4435-8EBC-7DDFA134E9AF}) (Version: 1.0.1077 - K-NFB Reading Inc)
Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell duo Stage (HKLM\...\{7A855F2D-24D4-4B93-BFA9-824289902063}) (Version: 1.0.0.12 - ArcSoft)
Dell duo Station (HKLM\...\{DBA77958-961F-4161-A094-2E7CD5CD974F}) (Version: 1.0.7.34 - ArcSoft)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Product Registration (HKLM\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Disk Health Monitor (HKLM\...\{C6AAD3D0-895E-4D44-BEF7-70919B404534}_is1) (Version:  - Foolish IT)
DriveGLEAM V1.12 (HKLM\...\DriveGLEAM_is1) (Version:  - Svein Engelsgjerd)
Driver Magician 4.8 (HKLM\...\Driver Magician_is1) (Version:  - GoldSolution Software, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
ffdshow v1.3.4533 [2014-09-29] (HKLM\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
Firefox Preloader (HKLM\...\Firefox Preloader_is1) (Version: 1.0.366.0 - 6XGate Incorporated)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Free Desktop Clock 3.0 (HKLM\...\Free Desktop Clock_is1) (Version:  - Drive Software Company)
GIGATweaker (HKLM\...\B49205B3-7880-4A31-A2B1-D9FE0F136BB5_is1) (Version: 3.1.3.465 - 7room)
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
GWX Control Panel (HKLM\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Horloger 1.0.0 Beta (HKLM\...\Horloger 1.0.0 Beta) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Internet Security Essentials (HKLM\...\ComodoIse) (Version: 1.1.404761.40 - Comodo)
Interstatnogui (HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Interstatnogui) (Version: 1.0 - Interstatnogui) <==== ATTENTION
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java™ 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KC Softwares SUMo (HKLM\...\KC Softwares SUMo_is1) (Version: 5.0.11.347 - KC Softwares)
LAV Filters 0.67 (HKLM\...\lavfilters_is1) (Version: 0.67 - Hendrik Leppkes)
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Motherboard Monitor 5 (HKLM\...\Motherboard Monitor 5_is1) (Version: 5 - Alexander van Kaam)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
ParkControl (HKLM\...\ParkControl) (Version: 1.1.8.1 - Bitsum)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Potplayer (HKLM\...\PotPlayer) (Version:  - Daum Kakao Corp.)
Process Lasso (HKLM\...\ProcessLasso) (Version: 8.9.8.94 - Bitsum)
Quick Startup 5.10.1.117 (HKLM\...\Quick Startup) (Version: 5.10.1.117 - Glarysoft Ltd)
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 10.5.030 - Dell Inc.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
RonyaSoft Poster Printer (ProPoster) 3.02 (HKLM\...\RonyaSoft Poster Printer (ProPoster)) (Version: 3.02 - RonyaSoft)
Sandboxie 5.04 (32-bit) (HKLM\...\Sandboxie) (Version: 5.04 - Sandboxie Holdings, LLC)
Simple Internet Meter Lite (HKLM\...\Simple Internet Meter Lite) (Version: 2.3.0 - PcWinTech.com)
SimpleSndVol (HKLM\...\SimpleSndVol) (Version: 2.1.0.1 - hxxp://winaero.com/)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
StExBar (HKLM\...\{B872B2A4-A52E-4916-848D-5952EE3C5AA5}) (Version: 1.8.6 - Stefans Tools)
Stick 2.8 (HKLM\...\Stick_is1) (Version:  - iWonder Designs)
StickyPad (HKLM\...\{08CE81A5-3D9D-4F9A-AEB2-07DB44ADCC2A}) (Version: 2.3.54 - Green Eclipse)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
Taskbar Shuffle version 2.5 (HKLM\...\Taskbar Shuffle_is1) (Version: 2.5 - Jay Elaraj)
Terragen (HKLM\...\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}) (Version: 0.9.43 - Planetside Software)
TotalOutlookConverter (HKLM\...\Total Outlook Converter_is1) (Version: 2.1 - Softplicity, Inc.)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinHotKey 0.70 (HKLM\...\WinHotKey_is1) (Version:  - Brian Mathis)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
winpcap-nmap 4.02 (HKLM\...\winpcap-nmap) (Version:  - )
Wox (HKU\S-1-5-21-983945671-1128886989-1093207546-1003\...\Wox) (Version: 1.3.183 - happlebao)
X-Mirage version 2.0.2 (HKLM\...\{EE034220-E0F5-4AA3-82B5-DD1CC216A6F5}_is1) (Version: 2.0.2 - X-Mirage, Inc.)
Yet Another (remote) Process Monitor 2.4.2 (HKLM\...\{EFD64A45-12DC-4429-853F-10B453B90F0A}_is1) (Version: 2.4.2 - v_k softwares)
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 15.0.139.17085 - Check Point)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 11.1.0 - Inmatrix LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {075CDFD7-98DE-4596-97F0-D82569D8F9A8} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {0E132266-F703-4E5F-B74C-EDFFEF436D2D} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe [2010-12-08] (SRS Labs, Inc.)
Task: {1014A53A-143A-434A-BC21-41854B43D2F6} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2016-12-10] (Bitsum LLC)
Task: {1462E299-50AC-4963-8825-72B0CA3856F6} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {166C1150-BB00-45FA-AC9A-B2885EC2B73A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {27CD09CA-9F3C-4202-9E2E-42B88C317777} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {38202A4F-D356-403F-97A7-284B3BC0E9EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {383C3B9C-56C7-4D76-8B77-640B53094148} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {404ACAD7-EB7E-4FB8-B4F7-BACDCC9FA39D} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2016-12-10] (Bitsum LLC)
Task: {40DF0842-9F48-4F87-8451-76692ABA09E6} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-08-05] ()
Task: {4E97BD83-3307-4D06-88D1-44B597FF1AA7} - System32\Tasks\{34C6F50D-8C3D-4D13-9860-9134987169D6} => C:\Users\Admin\Documents\Portable Apps\Transits Portable\Transits\Transits.exe [2009-09-15] (AstroWin)
Task: {513F90D8-0E8E-4E4F-9ADC-C18120C71244} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {56BA2BBA-04F5-4985-A632-AD9B2C4CFDBE} - System32\Tasks\{7A29D9AC-DA27-4B8A-91AA-4A4CF587F34F} => pcalua.exe -a "C:\Users\Admin\Documents\Portable Apps\Run-Command_Portable\Run-Command.exe" -d "C:\Users\Admin\Documents\Portable Apps\Run-Command_Portable"
Task: {6332CE2F-B663-4CA4-A6D3-85E81DCDE8DB} - System32\Tasks\{AC80573D-0AA5-4B4D-8553-FD03C267C616} => pcalua.exe -a C:\Users\Admin\Downloads\RadioSure-2.2.1042-setup.exe -d C:\Users\Admin\Downloads
Task: {6A1A4980-94A3-4196-B8E4-C9BEE6E331A6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6FD69B4D-0954-457D-A356-F99E8DE7F66A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-09] (Adobe Systems Incorporated)
Task: {839C36E0-A2C6-4132-AB19-F139D5127B08} - System32\Tasks\Disk Health Monitor => C:\Program Files\Foolish IT\Disk Health Monitor\DiskHealthMonitor.exe [2017-01-07] (Foolish IT)
Task: {83CC019C-4EA1-44EB-8D75-A65513407DA4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A041FFA0-FF63-43B4-ADA6-320DD6C16D77} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AE9BB3CF-7CB2-478F-9E30-202D6D7B5721} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe
Task: {C2104AA1-5F73-4E53-83AB-D159E987EFC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C8407602-7437-4362-A7C5-2113695853FF} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {CD874F40-6675-40DF-8C7A-8B63F1A55CB1} - System32\Tasks\PCMeter\Startup => C:\Users\Admin\Desktop\pc meter\PCMeterV4\PCMeterV0.4.exe
Task: {CFEC208B-4E48-484E-BAAE-98583CD5E6FF} - System32\Tasks\ParkControl => C:\Program Files\ParkControl\parkcontrol.exe [2016-12-11] (Bitsum LLC)
Task: {D5C7F03E-E3B7-4C4F-BE7F-39D6D180555B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {EF0996BD-D0CB-4141-AAD6-5C508524A43E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO)
Task: {F5C6D626-D5A0-4D37-B4D6-D0F11256EFDC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {FFCACD98-3583-4D31-AB51-EE068ACF455F} - System32\Tasks\0116avzUpdateInfo => C:\ProgramData\Avg_Update_0116avz\0116avz_AVG-Secure-Search-Update.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0116avzUpdateInfo.job => C:\ProgramData\Avg_Update_0116avz\0116avz_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe o-backgroundmon scripts\defaultscan.xml

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-11 17:27 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-11 17:27 - 2016-12-14 12:55 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebExaminer => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2017-01-11 16:23 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-983945671-1128886989-1093207546-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: Dell Magneto Popup => C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2989B9B8-DEEA-4706-93DD-D183C4B9C357}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{16A85D2E-6CDC-4FEA-AE33-494860E8A683}] => C:\Windows\System32\javaw.exe
FirewallRules: [{7BB58A3B-24B9-4889-B8A2-9D4BAD60B508}] => C:\Windows\System32\javaw.exe
FirewallRules: [{1E358463-EC3D-4234-BEB8-BD4DF51083BB}] => LPort=5353
FirewallRules: [{C13656CC-518E-4B5C-BAE9-16D1DD27EB6C}] => LPort=8182
FirewallRules: [{4380ED31-05DF-452D-8F6E-41BA0A5EAC1A}] => C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8271B68C-9138-450E-A5FD-FB838BFD8853}] => LPort=2869
FirewallRules: [{4624906C-AEEE-4C83-A339-92B25DFA6149}] => LPort=1900
FirewallRules: [{9D1C4737-242C-44A5-A91B-7C5CBECC4193}] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{05B1001D-9AD3-4A80-8965-6B407996F81A}] => C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{08AAE39B-BF0C-4479-AEEB-D5174338A715}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{67C4DE65-49A1-4574-8187-2777477E6D11}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{31D11633-FE0E-419F-8532-C642EE4B3B49}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C6BBAABA-AF16-419F-8F78-292385204415}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B28AFDA7-CD90-410E-B872-D9547F7534FF}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9771C7CF-F791-4D87-B720-FB170CE848F0}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F8D25BFB-C949-403C-9443-654326FB4AC2}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{05D56983-99CD-4761-9BC4-440E3803A586}] => C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{612F7A55-9A83-4DC0-AC0C-A1E02B209C83}] => C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{CEB8A879-CE47-4047-94DE-5674D849FAE0}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E40052D1-6E4B-479E-AA94-08EF9FAFFD84}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F033577-20B9-4180-AFD6-32A6845193CD}] => C:\Program Files\X-Mirage\x-mirage.exe
FirewallRules: [{05EA8F07-138E-4B2D-82AA-601CBD95916E}] => C:\Windows\SysWOW64\regsvr32.exe
FirewallRules: [{8D097CAE-46F9-40E0-86A8-2B935047D66B}] => C:\Windows\system32\regsvr32.exe
FirewallRules: [{D5604094-3401-4899-AA8D-CB879A18C633}] => C:\Program Files\Aml Pages\AmlPages.exe
FirewallRules: [{1455FE63-B426-4061-B520-E512E6F18168}] => C:\Program Files\Aml Pages\AmlPages.exe
FirewallRules: [{EDBB94E2-4B2A-4764-83AA-3B29B0D06CE7}] => LPort=5353
FirewallRules: [{259E0CC8-FC41-4B7E-A19B-4282550EB225}] => LPort=8182
FirewallRules: [{CF8952CB-EBD9-4A46-9E98-73B8F440F57B}] => C:\Users\Admin\Documents\Portable Apps\vivaldi browser\Application\vivaldi.exe
FirewallRules: [TCP Query User{27DD88DC-A98E-4090-83DE-010DBA0DB0B6}C:\users\admin\appdata\local\temp\pylf2dc.tmp\pyrun.exe] => C:\users\admin\appdata\local\temp\pylf2dc.tmp\pyrun.exe
FirewallRules: [UDP Query User{5080F982-7152-4073-AC62-31269337D0FA}C:\users\admin\appdata\local\temp\pylf2dc.tmp\pyrun.exe] => C:\users\admin\appdata\local\temp\pylf2dc.tmp\pyrun.exe
FirewallRules: [{57CE38F1-6D91-48D7-8037-3B8C91F4FA7E}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{F12EFDDB-8534-43C0-8C27-5FF4FBFE64B6}] => C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{9C52BE45-8903-4990-9BB2-74B5500D13B0}] => C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{7718D2C6-4709-482A-A53C-9492F12F8340}] => C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{888221C1-2F7F-4DD6-B18B-A976356F8C68}] => C:\Program Files\AVG\Av\avgemcx.exe

==================== Restore Points =========================

03-01-2017 16:57:02 Installed Terragen
04-01-2017 00:13:22 Admin_jan_main
05-01-2017 21:59:08 Installed StExBar
06-01-2017 14:35:54 Installed FilerFrog
06-01-2017 18:19:13 Revo Uninstaller's restore point - FilerFrog
06-01-2017 18:20:00 Removed FilerFrog
07-01-2017 12:34:19 Admin_sysok279
07-01-2017 18:51:39 Installed MSXML 4.0 SP2 Parser and SDK
07-01-2017 19:42:06 Admin_7 jan_2017
08-01-2017 15:57:04 Revo Uninstaller's restore point - RoboTask
08-01-2017 18:49:19 Checkpoint by HitmanPro
08-01-2017 19:22:40 Revo Uninstaller's restore point - CyberLink YouPaint
08-01-2017 19:23:40 Configured YouPaint
08-01-2017 19:33:38 Revo Uninstaller's restore point - CyberLink YouPaint
08-01-2017 19:42:28 Revo Uninstaller's restore point - Dell duo Stage
08-01-2017 19:46:05 Revo Uninstaller's restore point - Dell Getting Started Guide
08-01-2017 19:49:18 Revo Uninstaller's restore point - Dell Edoc Viewer
08-01-2017 19:50:36 Revo Uninstaller's restore point - Bluetooth Win7 Suite
08-01-2017 19:51:26 Removed .
08-01-2017 19:55:58 Revo Uninstaller's restore point - WinHotKey 0.70
08-01-2017 20:10:36 Revo Uninstaller's restore point - WinHotKey 0.70
08-01-2017 20:11:38 Revo Uninstaller's restore point - WinHotKey 0.70
11-01-2017 00:46:34 Installed Intel® Processor Identification Utility
11-01-2017 11:12:29 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2017 09:36:33 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (01/11/2017 05:32:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.7.15.281, time stamp: 0x57fb594e
Faulting module name: HitmanPro.exe, version: 3.7.15.281, time stamp: 0x57fb594e
Exception code: 0xc0000005
Fault offset: 0x002c6359
Faulting process id: 0x98c
Faulting application start time: 0x01d26c2f336af033
Faulting application path: C:\Users\Admin\Downloads\HitmanPro.exe
Faulting module path: C:\Users\Admin\Downloads\HitmanPro.exe
Report Id: dcd4b184-d823-11e6-8fdf-eaf85e2a1152

Error: (01/11/2017 04:49:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (01/11/2017 04:40:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/11/2017 01:18:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Repair_Windows.exe version 3.9.0.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ab8

Start Time: 01d26c0cab238088

Termination Time: 140

Application Path: C:\Users\Admin\Desktop\Tweaking.com - Windows Repair\Tweaking.com - Windows Repair\Repair_Windows.exe

Report Id: 1b4b9cb5-d800-11e6-bc23-a451cee15f3b

Error: (01/11/2017 01:18:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (01/11/2017 12:58:53 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (01/11/2017 12:36:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (01/11/2017 11:35:45 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (01/11/2017 11:07:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.


System errors:
=============
Error: (01/12/2017 09:26:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/12/2017 09:26:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/12/2017 09:26:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/12/2017 09:26:15 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/12/2017 09:26:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgdiskx
AVGIDSDriver
AVGIDSShim
Avgldx86
Avglogx
Avgunivx
cdrom
cmdGuard
discache
GUSBootStartup
mbmiodrvr
spldr
Wanarpv6

Error: (01/12/2017 09:26:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/12/2017 09:25:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/12/2017 09:25:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/12/2017 09:25:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/12/2017 09:25:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
A device attached to the system is not functioning.


CodeIntegrity:
===================================
  Date: 2017-01-01 17:07:41.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 17:07:41.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 17:06:59.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\iseguard32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 17:06:59.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 17:06:59.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 16:50:30.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\iseguard32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 16:50:30.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 16:50:30.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 16:29:59.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\iseguard32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 16:29:59.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Atom™ CPU N550 @ 1.50GHz
Percentage of memory in use: 29%
Total physical RAM: 2035.87 MB
Available physical RAM: 1434.66 MB
Total Virtual: 4071.73 MB
Available Virtual: 3547.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:28.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DC8D03E9)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 15 January 2017 - 09:27 AM

I suggest you check the Scanboxie forum. I have never used it.

http://forums.sandboxie.com/phpBB3/

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {27CD09CA-9F3C-4202-9E2E-42B88C317777} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {383C3B9C-56C7-4D76-8B77-640B53094148} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {513F90D8-0E8E-4E4F-9ADC-C18120C71244} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6A1A4980-94A3-4196-B8E4-C9BEE6E331A6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {83CC019C-4EA1-44EB-8D75-A65513407DA4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A041FFA0-FF63-43B4-ADA6-320DD6C16D77} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C2104AA1-5F73-4E53-83AB-D159E987EFC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FFCACD98-3583-4D31-AB51-EE068ACF455F} - System32\Tasks\0116avzUpdateInfo => C:\ProgramData\Avg_Update_0116avz\0116avz_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0116avzUpdateInfo.job => C:\ProgramData\Avg_Update_0116avz\0116avz_AVG-Secure-Search-Update.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update remove the old version(s) via the Control Panel > Programs > Programs and Features.
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)

===

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#6 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:12:47 AM

Posted 15 January 2017 - 12:04 PM

Ok thanks  again will be back asap.



#7 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:12:47 AM

Posted 15 January 2017 - 07:18 PM

Hi,sorry for late reply,bound up with work.

 

Computer seems okay,cpu much more stable now,much lower while running browsers.(Actually much lower cpu now 15 to 20 percent running FF)

 

Was aware of updates needed,was going to do them with next win updates thanks for reminder

 

Here are requested logs,thanks again fso much for your assist.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-01-2017
Ran by Admin (15-01-2017 17:02:38) Run:3
Running from C:\Users\Admin\Desktop\HomePage Maker
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {27CD09CA-9F3C-4202-9E2E-42B88C317777} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {383C3B9C-56C7-4D76-8B77-640B53094148} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {513F90D8-0E8E-4E4F-9ADC-C18120C71244} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6A1A4980-94A3-4196-B8E4-C9BEE6E331A6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {83CC019C-4EA1-44EB-8D75-A65513407DA4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A041FFA0-FF63-43B4-ADA6-320DD6C16D77} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C2104AA1-5F73-4E53-83AB-D159E987EFC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FFCACD98-3583-4D31-AB51-EE068ACF455F} - System32\Tasks\0116avzUpdateInfo => C:\ProgramData\Avg_Update_0116avz\0116avz_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0116avzUpdateInfo.job => C:\ProgramData\Avg_Update_0116avz\0116avz_AVG-Secure-Search-Update.exe

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27CD09CA-9F3C-4202-9E2E-42B88C317777} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27CD09CA-9F3C-4202-9E2E-42B88C317777} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{383C3B9C-56C7-4D76-8B77-640B53094148} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{383C3B9C-56C7-4D76-8B77-640B53094148} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{513F90D8-0E8E-4E4F-9ADC-C18120C71244} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{513F90D8-0E8E-4E4F-9ADC-C18120C71244} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A1A4980-94A3-4196-B8E4-C9BEE6E331A6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A1A4980-94A3-4196-B8E4-C9BEE6E331A6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83CC019C-4EA1-44EB-8D75-A65513407DA4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83CC019C-4EA1-44EB-8D75-A65513407DA4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A041FFA0-FF63-43B4-ADA6-320DD6C16D77} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A041FFA0-FF63-43B4-ADA6-320DD6C16D77} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2104AA1-5F73-4E53-83AB-D159E987EFC2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2104AA1-5F73-4E53-83AB-D159E987EFC2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFCACD98-3583-4D31-AB51-EE068ACF455F} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFCACD98-3583-4D31-AB51-EE068ACF455F} => key removed successfully.
C:\Windows\System32\Tasks\0116avzUpdateInfo => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0116avzUpdateInfo => key removed successfully.
C:\Windows\Tasks\0116avzUpdateInfo.job => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2592195 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 321841 B
Edge => 0 B
Chrome => 81167697 B
Firefox => 76887607 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 804 B
LocalService => 66668 B
NetworkService => 66228 B
CeX => 0 B
Admin => 14010583 B

RecycleBin => 31857258 B
EmptyTemp: => 205.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:04:31 ====

 

===

 

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Admin on 15/01/2017 at 23:36:50.89.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15/01/2017 23:40:39 Zoek.exe System Restore Point Created Successfully.
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 16 January 2017 - 08:27 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:12:47 AM

Posted 16 January 2017 - 04:10 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

 

Thanks for your assist..very much appreciate your help and work you do.

 

Systems not really totally right,little errors creeping in and cpu usge on net still occasionaly skyrockets,so i think i,ll groove with it for a while and reinstall when ive a minute.2 yrs into this install so wont hurt to start fresh.

 

Far as online goes,im usually pretty carefull and i have scanners coming out of my ears (might be why people think im going deaf);-)

 

Anyway im good to go fr now so thanks again for all your work and help,hugly appreciated.

 

W7



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 17 January 2017 - 07:45 AM

It could be just a matter of an old driver that needs to be updated.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.


http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

===

#11 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:12:47 AM

Posted 17 January 2017 - 05:05 PM

Ok,thanks,will check that out,was just about to go through the system with Sumo as it goes...what ive done is uninstall AVG Antivirus (after a struggle) and installed Avast,which seems to have solved the online high cpu ,so with a bit of updating i should be good to go again :thumbup2:

 

Thanks again,very much for your help.

 

W7



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 18 January 2017 - 08:56 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users