Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VBS:malware-gen threat notices from AVG and BSOD


  • This topic is locked This topic is locked
86 replies to this topic

#1 AmyD10

AmyD10

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 24 February 2017 - 01:17 AM

I was getting BSOD every week or so.  I switched from Avast to AVG Free about a week ago. A couple days ago I started getting pop ups that AVG was blocking this VBS:malware-gen.  Then I started getting the BSOD to the point that I can not use my computer unless I'm in safe mode.  Please help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by Amy (administrator) on AMY-PC (24-02-2017 01:04:18)
Running from C:\Users\Amy\Google Drive\Documents\Documents\Computer
Loaded Profiles: Amy (Available Profiles: Amy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3008800 2011-12-28] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-13] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [350184 2012-08-03] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9511480 2017-02-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-07] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [GoogleChromeAutoLaunch_6C099CC1D08F8E3594D1CD726B240377] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [183072 2011-12-28] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [153888 2011-12-28] (Lucidlogix Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk [2013-12-26]
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-26]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2012-09-16]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-06-03]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{23FF4EDB-B69D-400B-9C6A-D21320D5C59D}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{FAB918DC-3154-4209-9307-DA5BB8317B0A}: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9MSE&PC=UP09
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {29C5BF76-0E1A-49EE-B95E-A4E444396568} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120938,17118,0,18,0
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {52AB73F7-796C-415A-BF7F-1721DF412DCC} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-07-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-07] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-07] (AVG)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-07-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-07] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {0D859AF0-C75E-11D4-B760-00E0B81077E8} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/FileCruiser.cab
DPF: HKLM-x32 {16FD824B-8E7B-11D2-9855-00802962956C} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/Specfile.cab
DPF: HKLM-x32 {6FD482A3-7B57-438B-B040-52CAA30147EE} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/MLSClientUtils.cab
DPF: HKLM-x32 {78523E50-56EB-11D3-B739-CAA1986A452F} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/LiteGrid.cab
DPF: HKLM-x32 {7A7537FC-5988-11D3-8B33-00104B9E5A4A} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/IRCWebPrint.cab
DPF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/IRCSharc.cab
DPF: HKLM-x32 {B198A72B-B4C3-42B5-B8DA-B364E76429AA} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/WebDog.cab
DPF: HKLM-x32 {F060A272-A18A-11D3-B75B-00E0B81077E8} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/AspCustomCtrls.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-19] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354 [2017-02-22]
FF Extension: (AVG Web TuneUp) - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354\Extensions\avg@toolbar.xpi [2017-02-07]
FF Extension: (Firefox Hotfix) - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-07]
FF SearchPlugin: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354\searchplugins\avg-secure-search.xml [2017-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-17] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-02-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-15] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3605894463-1819794935-3665149236-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Amy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-10-25] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.450.15) - C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U45) - C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Amy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => No File
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Boomerang Calendar) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\annmcneienljahlbfoaomcfghmomhfho [2017-01-30]
CHR Extension: (Google Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-21]
CHR Extension: (Adblock Plus) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
CHR Extension: (AVG Secure Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-01-25]
CHR Extension: (Adblock for Youtube™) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-01-08]
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-08-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-17]
CHR Extension: (IE Tab) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2017-02-17]
CHR Extension: (Invite All Friends on Facebook) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-02-17]
CHR Extension: (Grammarly for Chrome) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-06]
CHR Extension: (Google Hangouts) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (StayFocusd) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-03-20]
CHR Extension: (Smooth Gestures) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-08-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-09]
CHR Extension: (ShareThis) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplpcpijdokpnbjcklakgabohjgneidi [2015-07-22]
CHR Extension: (Boomerang for Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-17]
CHR Extension: (Timewarp) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmhadpnjmokjbmgamifipkjddhlfkhi [2015-03-26]
CHR Extension: (Wikibuy) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-02-21]
CHR Extension: (Save to Pocket) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\System Profile [2015-12-09]
CHR HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] () [File not signed]
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [1478272 2012-01-12] (ASUSTeK Computer Inc.)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [260080 2017-01-25] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [6183576 2017-01-25] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1256872 2017-02-20] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950848 2016-07-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-29] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
S2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
S2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
S2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1017832 2012-08-03] (Cyber Power Systems, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2017-02-21] (AVG Technologies CZ, s.r.o.)
S2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2017-02-21] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-07] (AVG Secure Search)
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [File not signed]
S2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
S2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-07] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S3 ATSZIO; C:\Program Files (x86)\ASUS\ASUS PC Diagnostics\ATSZIO64.sys [19584 2011-03-04] ()
S1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [165624 2017-01-25] (AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [311592 2017-01-25] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-01-25] (AVG Technologies CZ, s.r.o.)
S0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336920 2017-01-25] (AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-01-25] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-01-25] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [127072 2017-01-25] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [101624 2017-01-25] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [75664 2017-01-25] (AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [992488 2017-01-25] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\Windows\system32\drivers\avgSP.sys [555152 2017-01-25] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [163512 2017-01-25] (AVG Technologies CZ, s.r.o.)
S0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [311472 2017-01-25] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [59904 2008-11-18] (ASIX Electronics Corp.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2013-02-13] (CSR/PLT)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-04] (Citrix Systems, Inc.)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-20] (REALiX™)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2017-02-20] (Intel Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2013-01-24] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3728088 2017-02-20] (Realtek Semiconductor Corporation                           )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2017-02-22] (SlimWare Utilities, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-01-09] (AVG Netherlands B.V.)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-22 20:03 - 2017-02-22 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-02-22 20:03 - 2017-02-22 20:03 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-02-22 18:33 - 2017-02-22 18:33 - 00390264 _____ C:\Windows\Minidump\022217-70933-01.dmp
2017-02-22 18:27 - 2017-02-22 18:27 - 00389168 _____ C:\Windows\Minidump\022217-35724-01.dmp
2017-02-22 12:51 - 2017-02-22 12:51 - 00379728 _____ C:\Windows\Minidump\022217-53289-01.dmp
2017-02-22 12:43 - 2017-02-22 12:43 - 00393448 _____ C:\Windows\Minidump\022217-62057-01.dmp
2017-02-22 12:31 - 2017-02-22 12:31 - 00380680 _____ C:\Windows\Minidump\022217-20982-01.dmp
2017-02-22 12:23 - 2017-02-22 12:23 - 00377936 _____ C:\Windows\Minidump\022217-29842-01.dmp
2017-02-22 11:54 - 2017-02-22 11:54 - 00376896 _____ C:\Windows\Minidump\022217-41387-01.dmp
2017-02-22 11:28 - 2017-02-22 11:28 - 00312008 _____ C:\Windows\Minidump\022217-22323-01.dmp
2017-02-22 10:43 - 2017-02-22 10:43 - 00314184 _____ C:\Windows\Minidump\022217-15241-01.dmp
2017-02-22 10:35 - 2017-02-22 10:35 - 00312392 _____ C:\Windows\Minidump\022217-15553-01.dmp
2017-02-22 10:26 - 2017-02-22 10:26 - 00312392 _____ C:\Windows\Minidump\022217-18969-01.dmp
2017-02-22 10:15 - 2017-02-22 10:15 - 00312648 _____ C:\Windows\Minidump\022217-19562-01.dmp
2017-02-22 10:12 - 2017-02-22 10:12 - 00001341 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-22 10:12 - 2017-02-22 10:12 - 00001341 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-22 10:11 - 2017-02-22 10:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2017-02-22 10:11 - 2017-02-22 10:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2017-02-22 10:08 - 2017-02-22 10:08 - 00312392 _____ C:\Windows\Minidump\022217-22432-01.dmp
2017-02-22 10:00 - 2017-02-22 10:00 - 00312392 _____ C:\Windows\Minidump\022217-17222-01.dmp
2017-02-22 09:51 - 2017-02-22 09:51 - 00379968 _____ C:\Windows\Minidump\022217-58593-01.dmp
2017-02-22 02:24 - 2017-02-22 02:24 - 00408672 _____ C:\Windows\Minidump\022217-19671-01.dmp
2017-02-21 21:25 - 2017-02-21 21:25 - 00404144 _____ C:\Windows\Minidump\022117-44054-01.dmp
2017-02-21 21:14 - 2017-02-21 21:14 - 00400432 _____ C:\Windows\Minidump\022117-30810-01.dmp
2017-02-21 20:35 - 2017-02-21 20:35 - 00386856 _____ C:\Windows\Minidump\022117-14554-01.dmp
2017-02-21 20:29 - 2017-02-21 20:29 - 00454290 ____R C:\Windows\system32\Drivers\etc\hosts.20170221-202935.backup
2017-02-21 20:12 - 2017-02-21 20:12 - 00403160 _____ C:\Windows\Minidump\022117-35755-01.dmp
2017-02-21 18:57 - 2017-02-21 18:57 - 00379472 _____ C:\Windows\Minidump\022117-58625-01.dmp
2017-02-21 18:44 - 2017-02-21 18:44 - 00408632 _____ C:\Windows\Minidump\022117-33399-01.dmp
2017-02-20 15:15 - 2017-02-20 15:15 - 01037832 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2017-02-20 15:15 - 2017-02-20 15:15 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-02-20 15:13 - 2017-02-20 15:13 - 00451320 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys
2017-02-20 15:12 - 2017-02-20 15:12 - 00334984 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvs91xx.sys
2017-02-20 15:12 - 2017-02-20 15:12 - 00036352 _____ (<Marvell>) C:\Windows\system32\mv91xxm.dll
2017-02-20 15:12 - 2017-02-20 15:12 - 00015496 _____ (Marvell Semiconductor Inc.) C:\Windows\system32\Drivers\mvxxmm.sys
2017-02-20 14:22 - 2017-02-20 14:22 - 03728088 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2017-02-20 14:20 - 2017-02-20 14:20 - 00181304 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2017-02-20 14:20 - 2017-02-20 14:20 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-02-20 14:16 - 2017-02-20 14:16 - 00000000 ____D C:\Windows\IObit
2017-02-20 14:16 - 2017-02-20 14:16 - 00000000 ____D C:\ProgramData\ProductData
2017-02-20 14:15 - 2017-02-22 12:38 - 00003246 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-02-20 14:15 - 2017-02-22 12:38 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Amy)
2017-02-20 14:15 - 2017-02-21 20:09 - 00002278 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-02-20 14:15 - 2017-02-20 14:15 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-20 14:15 - 2017-02-20 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-20 13:50 - 2017-02-20 13:50 - 00389944 _____ C:\Windows\Minidump\022017-28844-01.dmp
2017-02-20 13:28 - 2017-02-20 13:28 - 00379416 _____ C:\Windows\Minidump\022017-47174-01.dmp
2017-02-20 13:21 - 2017-02-20 13:21 - 00408576 _____ C:\Windows\Minidump\022017-25194-01.dmp
2017-02-18 13:52 - 2017-02-21 09:25 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2017-02-18 13:52 - 2017-02-21 09:25 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2017-02-18 13:52 - 2017-02-18 13:52 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2017-02-18 13:52 - 2017-02-18 13:52 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2017-02-17 17:08 - 2017-02-17 17:08 - 00395416 _____ C:\Windows\Minidump\021717-30061-01.dmp
2017-02-17 16:38 - 2017-02-17 16:38 - 00408616 _____ C:\Windows\Minidump\021717-61947-01.dmp
2017-02-17 13:18 - 2017-02-17 13:18 - 00312224 _____ C:\Windows\Minidump\021717-21652-01.dmp
2017-02-17 13:01 - 2017-02-17 13:01 - 00332408 _____ C:\Windows\Minidump\021717-24710-01.dmp
2017-02-17 12:48 - 2017-02-17 12:48 - 00398512 _____ C:\Windows\Minidump\021717-55754-01.dmp
2017-02-17 12:37 - 2017-02-17 12:37 - 00408592 _____ C:\Windows\Minidump\021717-51854-01.dmp
2017-02-11 11:13 - 2017-02-11 11:13 - 00389344 _____ C:\Windows\Minidump\021117-63508-01.dmp
2017-02-11 11:00 - 2017-02-11 11:00 - 00384304 _____ C:\Windows\Minidump\021117-53991-01.dmp
2017-02-11 10:57 - 2017-02-11 10:57 - 00000000 ____H C:\Users\Amy\AppData\Local\BIT51D1.tmp
2017-02-11 10:56 - 2017-02-11 10:56 - 00000000 _____ C:\Users\Amy\AppData\Local\{99D7EB61-3375-4564-9C24-737055E5B3D5}
2017-02-11 01:49 - 2017-02-11 01:49 - 00408648 _____ C:\Windows\Minidump\021117-44429-01.dmp
2017-02-08 22:21 - 2017-02-08 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-02-08 22:10 - 2017-02-08 22:10 - 00408576 _____ C:\Windows\Minidump\020817-39405-01.dmp
2017-02-08 21:51 - 2017-02-08 21:56 - 00003212 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-02-08 21:51 - 2017-02-08 21:51 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-02-08 18:47 - 2017-02-08 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-08 14:03 - 2017-02-08 14:03 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-08 13:51 - 2017-02-08 13:51 - 00003688 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:51 - 2016-11-17 08:44 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-02-08 13:51 - 2016-11-17 08:44 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-02-08 13:51 - 2016-11-17 08:44 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-02-08 13:51 - 2016-11-17 08:44 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-02-08 13:51 - 2016-11-17 08:44 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-08 13:50 - 2017-02-08 13:50 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:50 - 2017-02-08 13:50 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:50 - 2017-02-08 13:50 - 00003676 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:50 - 2017-02-08 13:50 - 00003500 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:50 - 2017-02-08 13:50 - 00003440 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:49 - 2017-02-08 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 13:48 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-08 13:46 - 2016-11-16 11:42 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-08 13:43 - 2017-01-23 18:04 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-08 13:43 - 2017-01-23 18:04 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 34934720 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 28209720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 19008392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 14677456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 14286392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-08 13:43 - 2017-01-20 11:36 - 13378448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 11123424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 03623992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 03185720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 01051072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00990264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00496680 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00412720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00173272 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00156792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00150760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00135840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-08 13:43 - 2017-01-20 11:36 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-08 13:43 - 2016-11-17 08:44 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-08 13:43 - 2016-11-17 08:44 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-08 13:43 - 2016-11-17 08:44 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-02-07 13:08 - 2017-02-07 13:08 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (6).zip
2017-02-06 23:38 - 2017-02-06 23:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-06 19:12 - 2017-02-06 19:12 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (5).zip
2017-02-06 19:12 - 2017-02-06 19:12 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (4).zip
2017-02-06 11:31 - 2017-02-06 11:31 - 02052607 ____N C:\Users\Amy\Downloads\KellerWilliamsFormal.zip
2017-02-06 11:26 - 2017-02-06 11:26 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (3).zip
2017-02-06 11:10 - 2017-02-06 11:10 - 00184055 ____N C:\Users\Amy\Downloads\businesscard.zip
2017-02-06 11:10 - 2017-02-06 11:10 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (2).zip
2017-02-06 11:10 - 2017-02-06 11:10 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (1).zip
2017-02-06 10:58 - 2017-02-22 18:30 - 00002884 _____ C:\Windows\System32\Tasks\AVG Driver Updater Startup
2017-02-06 10:58 - 2017-02-22 18:30 - 00000462 _____ C:\Windows\Tasks\AVG Driver Updater Startup.job
2017-02-06 10:58 - 2017-02-22 18:28 - 00025608 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2017-02-06 10:58 - 2017-02-22 10:58 - 00000516 _____ C:\Windows\Tasks\AVG Driver Updater Scan.job
2017-02-06 10:58 - 2017-02-18 11:45 - 00003240 _____ C:\Windows\System32\Tasks\AVG Driver Updater Scan
2017-02-06 10:58 - 2017-02-06 10:58 - 00002497 _____ C:\Users\Public\Desktop\AVG Driver Updater.lnk
2017-02-06 10:58 - 2017-02-06 10:58 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2017-02-06 10:58 - 2017-02-06 10:58 - 00000000 ____D C:\Users\Amy\AppData\Local\AVG Netherlands BV
2017-02-06 10:58 - 2017-02-06 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Driver Updater
2017-02-06 10:58 - 2017-02-06 10:58 - 00000000 ____D C:\Program Files (x86)\AVG Driver Updater
2017-01-29 01:17 - 2017-02-22 18:33 - 818914557 _____ C:\Windows\MEMORY.DMP
2017-01-29 01:17 - 2017-01-29 01:17 - 00408600 _____ C:\Windows\Minidump\012917-29296-01.dmp
2017-01-28 10:20 - 2017-01-28 10:20 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2017-01-25 12:58 - 2017-01-25 12:58 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2017-01-25 12:02 - 2017-02-21 09:29 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2017-01-25 12:01 - 2017-02-21 09:25 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2017-01-25 12:01 - 2017-02-21 09:25 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2017-01-25 12:01 - 2017-01-25 12:01 - 00002596 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-01-25 12:01 - 2017-01-25 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2017-01-25 11:59 - 2017-01-25 12:00 - 00000000 ____D C:\Users\Amy\AppData\Local\AVG Web TuneUp
2017-01-25 11:59 - 2017-01-25 11:59 - 00000000 ____D C:\Users\Amy\AppData\Roaming\AVG
2017-01-25 11:59 - 2017-01-25 11:59 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2017-01-25 11:58 - 2017-02-22 12:20 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-01-25 11:58 - 2017-02-07 10:51 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-01-25 11:58 - 2017-02-07 10:50 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-01-25 11:57 - 2017-01-25 11:58 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00397800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-01-25 11:57 - 2017-01-25 11:57 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-01-25 11:57 - 2017-01-25 11:57 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-01-25 11:55 - 2017-02-18 13:53 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2017-01-25 11:55 - 2017-02-18 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-01-25 11:54 - 2017-02-22 10:37 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-25 11:54 - 2017-01-25 12:01 - 00000000 ____D C:\Program Files (x86)\AVG
2017-01-25 11:43 - 2017-01-25 13:06 - 00000000 ____D C:\ProgramData\Avg
2017-01-25 11:43 - 2017-01-25 12:01 - 00000000 ____D C:\Users\Amy\AppData\Local\AvgSetupLog
2017-01-25 11:43 - 2017-01-25 12:01 - 00000000 ____D C:\Users\Amy\AppData\Local\Avg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 01:04 - 2016-02-03 10:09 - 00000000 ____D C:\FRST
2017-02-22 18:33 - 2015-09-08 18:07 - 01121936 _____ C:\Windows\ntbtlog.txt
2017-02-22 18:33 - 2012-11-28 18:08 - 00000000 ____D C:\Windows\Minidump
2017-02-22 18:28 - 2012-11-29 10:18 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2017-02-22 18:28 - 2012-09-10 11:28 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-22 18:27 - 2016-11-05 11:18 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore1d2378041ed8fe9.job
2017-02-22 18:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-22 18:23 - 2016-11-05 11:18 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA1d2378042941900.job
2017-02-22 13:01 - 2009-07-13 23:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-22 13:01 - 2009-07-13 23:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 12:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-22 11:59 - 2012-09-21 13:02 - 00000000 ____D C:\Users\Amy\AppData\Local\ElevatedDiagnostics
2017-02-22 10:12 - 2015-03-10 01:44 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-02-22 10:12 - 2015-03-10 01:44 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-02-22 10:12 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-22 09:46 - 2016-01-24 18:43 - 00000000 ____D C:\Users\Amy\AppData\Local\CrashDumps
2017-02-21 20:21 - 2014-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-21 20:08 - 2012-09-16 21:52 - 00000000 ____D C:\Users\Amy\AppData\Roaming\IObit
2017-02-21 19:13 - 2012-09-10 10:20 - 00000000 ____D C:\Users\Amy
2017-02-21 14:33 - 2013-11-15 14:15 - 00776704 ___SH C:\Users\Amy\Documents\Thumbs.db
2017-02-21 14:03 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-21 14:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-20 15:15 - 2012-09-10 10:44 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2017-02-20 14:17 - 2012-10-24 20:00 - 00000000 ____D C:\Users\Amy\AppData\LocalLow\IObit
2017-02-20 14:15 - 2012-09-16 21:52 - 00000000 ____D C:\ProgramData\IObit
2017-02-20 14:15 - 2012-09-16 21:52 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-12 11:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-08 22:22 - 2014-01-24 00:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-08 22:21 - 2016-10-08 22:46 - 00001170 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.6.lnk
2017-02-08 22:21 - 2016-08-03 16:06 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-02-08 22:11 - 2014-09-18 09:24 - 00000000 ____D C:\Users\Amy\AppData\Local\NVIDIA Corporation
2017-02-08 22:10 - 2016-05-29 15:19 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-08 21:51 - 2016-08-03 16:06 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2017-02-08 14:20 - 2012-09-12 16:02 - 00015606 _____ C:\Users\Amy\Documents\password.txt
2017-02-08 14:04 - 2012-09-10 11:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 13:51 - 2014-09-18 09:24 - 00000000 ____D C:\Users\Amy\AppData\Local\NVIDIA
2017-02-08 13:51 - 2012-09-10 11:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 13:50 - 2012-09-10 11:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 13:47 - 2016-08-03 16:44 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-06 17:42 - 2013-10-15 12:14 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:42 - 2013-10-15 12:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 11:53 - 2012-09-22 08:53 - 00000000 ____D C:\Users\Amy\Real Estate
2017-02-02 15:20 - 2012-11-27 13:54 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2017-02-02 15:20 - 2012-11-27 13:54 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2017-02-02 15:20 - 2012-11-27 13:54 - 00000000 ____D C:\Program Files\Paint.NET
2017-01-25 12:58 - 2015-08-18 14:24 - 00000000 ____D C:\Users\Amy\AppData\Local\Microsoft Help
2017-01-25 12:58 - 2014-09-17 14:06 - 00000000 ____D C:\Users\Amy\AppData\Local\Battle.net
2017-01-25 12:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2017-01-25 12:55 - 2015-07-25 17:04 - 00000000 ____D C:\Users\Amy\Desktop\Microsoft Office 2013
2017-01-25 12:55 - 2015-05-31 19:55 - 00000000 ____D C:\Users\Amy\Desktop\Desktop icons
2017-01-25 12:54 - 2013-01-15 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2017-01-25 11:59 - 2016-03-21 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 11:38 - 2016-01-26 00:46 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-25 08:15 - 2016-11-17 14:48 - 00000000 ____D C:\Users\Amy\Documents\Computer
 
==================== Files in the root of some directories =======
 
2012-11-11 13:14 - 2014-01-06 08:05 - 0000154 _____ () C:\Users\Amy\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-11 13:14 - 2013-05-11 15:03 - 0003174 _____ () C:\Users\Amy\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-11-11 13:14 - 2014-01-06 08:05 - 0000308 _____ () C:\Users\Amy\AppData\Roaming\Rim.DesktopHelper.Exception.log
2017-02-11 10:57 - 2017-02-11 10:57 - 0000000 ____H () C:\Users\Amy\AppData\Local\BIT51D1.tmp
2012-09-13 14:27 - 2012-09-17 20:26 - 0010240 _____ () C:\Users\Amy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-11 10:56 - 2017-02-11 10:56 - 0000000 _____ () C:\Users\Amy\AppData\Local\{99D7EB61-3375-4564-9C24-737055E5B3D5}
2012-09-10 11:19 - 2012-09-10 12:06 - 0000996 _____ () C:\ProgramData\Gpu.log
 
Files to move or delete:
====================
C:\Users\Amy\mbam-setup-2.0.2.1012.exe
C:\Users\Amy\PandaCloudAntivirus.exe
 
 
Some files in TEMP:
====================
2017-02-22 12:21 - 2017-02-22 12:21 - 0000000 _____ () C:\Users\Amy\AppData\Local\Temp\tud8cnz-.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 11:13
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 24 February 2017 - 05:02 AM

Hello AmyD10 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
    
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
============================
Please uninstall: SlimWare Utilities
===========================
My suggestion,  please you uninstall following  softwares:

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
AVG Web TuneUp
Spybot - Search and Destroy
C:\Windows\IObit
IObit Driver Booster

 
If you delete it,please do PC reboot.

 

Sincerely
:hello:


Edited by olgun52, 28 February 2017 - 05:40 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 24 February 2017 - 04:31 PM

Are you still with our ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 AmyD10

AmyD10
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 26 February 2017 - 03:45 PM

Yes sorry.  I didn't see the notification of a response.



#5 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 26 February 2017 - 04:21 PM

Hello,

Thanks for the feedback.

 

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 AmyD10

AmyD10
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 28 February 2017 - 04:54 PM

I could not get on my computer at all so I did a system restore.  I can get on but It's running slowly so far.  I know some drivers need updates, is it safe to run a driver update program? What should I do next?



#7 AmyD10

AmyD10
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 28 February 2017 - 05:00 PM

Yilmaz,

 

Where can I find the thread tools?



#8 AmyD10

AmyD10
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 28 February 2017 - 05:20 PM

Frequent BSOD is back. Please help!



#9 AmyD10

AmyD10
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 28 February 2017 - 05:35 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by Amy (administrator) on AMY-PC (28-02-2017 17:31:04)
Running from C:\Users\Amy\Google Drive\Documents\Documents\Computer
Loaded Profiles: Amy (Available Profiles: Amy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3008800 2011-12-28] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [78336 2013-02-13] (Plantronics)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-13] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [350184 2012-08-03] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9511480 2017-02-02] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [GoogleChromeAutoLaunch_6C099CC1D08F8E3594D1CD726B240377] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [183072 2011-12-28] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [153888 2011-12-28] (Lucidlogix Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk [2013-12-26]
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-26]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2012-09-16]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-06-03]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{23FF4EDB-B69D-400B-9C6A-D21320D5C59D}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{2AA10DCB-552F-4FE3-A1C4-34A3961CC102}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{FAB918DC-3154-4209-9307-DA5BB8317B0A}: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9MSE&PC=UP09
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {29C5BF76-0E1A-49EE-B95E-A4E444396568} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120938,17118,0,18,0
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {52AB73F7-796C-415A-BF7F-1721DF412DCC} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-07-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-07] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-07-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-07] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {0D859AF0-C75E-11D4-B760-00E0B81077E8} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/FileCruiser.cab
DPF: HKLM-x32 {16FD824B-8E7B-11D2-9855-00802962956C} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/Specfile.cab
DPF: HKLM-x32 {6FD482A3-7B57-438B-B040-52CAA30147EE} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/MLSClientUtils.cab
DPF: HKLM-x32 {78523E50-56EB-11D3-B739-CAA1986A452F} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/LiteGrid.cab
DPF: HKLM-x32 {7A7537FC-5988-11D3-8B33-00104B9E5A4A} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/IRCWebPrint.cab
DPF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/IRCSharc.cab
DPF: HKLM-x32 {B198A72B-B4C3-42B5-B8DA-B364E76429AA} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/WebDog.cab
DPF: HKLM-x32 {F060A272-A18A-11D3-B75B-00E0B81077E8} hxxp://mfr.mlxchange.com/5.6.05.28693/Control/AspCustomCtrls.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-19] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354 [2017-02-28]
FF Extension: (Firefox Hotfix) - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-07]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-17] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-02-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3605894463-1819794935-3665149236-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Amy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-10-25] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.450.15) - C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U45) - C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Amy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => No File
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default [2017-02-28]
CHR Extension: (Boomerang Calendar) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\annmcneienljahlbfoaomcfghmomhfho [2017-01-30]
CHR Extension: (Google Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-28]
CHR Extension: (Adblock Plus) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
CHR Extension: (Adblock for Youtube™) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-01-08]
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-08-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-28]
CHR Extension: (IE Tab) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2017-02-28]
CHR Extension: (Invite All Friends on Facebook) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-02-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-28]
CHR Extension: (Google Hangouts) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-25]
CHR Extension: (StayFocusd) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-03-20]
CHR Extension: (Smooth Gestures) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-08-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-09]
CHR Extension: (ShareThis) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplpcpijdokpnbjcklakgabohjgneidi [2015-07-22]
CHR Extension: (Boomerang for Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-17]
CHR Extension: (Timewarp) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmhadpnjmokjbmgamifipkjddhlfkhi [2015-03-26]
CHR Extension: (Wikibuy) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-02-28]
CHR Extension: (Save to Pocket) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-25]
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\System Profile [2015-12-09]
CHR HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] () [File not signed]
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [1478272 2012-01-12] (ASUSTeK Computer Inc.)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [260080 2017-01-25] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [6183576 2017-01-25] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1257384 2017-02-27] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950848 2016-07-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-29] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
S2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
S2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
S2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1017832 2012-08-03] (Cyber Power Systems, Inc.)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2017-02-21] (AVG Technologies CZ, s.r.o.)
S2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2017-02-21] (AVG Technologies CZ, s.r.o.)
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [File not signed]
S2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
S2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S3 ATSZIO; C:\Program Files (x86)\ASUS\ASUS PC Diagnostics\ATSZIO64.sys [19584 2011-03-04] ()
S1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [165624 2017-01-25] (AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [311592 2017-01-25] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-01-25] (AVG Technologies CZ, s.r.o.)
S0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336920 2017-01-25] (AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-01-25] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-01-25] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [127072 2017-01-25] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [101624 2017-01-25] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [75664 2017-01-25] (AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [992488 2017-01-25] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\Windows\system32\drivers\avgSP.sys [555152 2017-01-25] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [163512 2017-01-25] (AVG Technologies CZ, s.r.o.)
S0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [311472 2017-01-25] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [59904 2008-11-18] (ASIX Electronics Corp.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2013-02-13] (CSR/PLT)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-04] (Citrix Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2013-01-24] (Realtek Semiconductor Corporation                           )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2017-02-28] (SlimWare Utilities, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-01-09] (AVG Netherlands B.V.)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-28 17:23 - 2017-02-28 17:23 - 00391248 _____ C:\Windows\Minidump\022817-44475-01.dmp
2017-02-28 17:13 - 2017-02-28 17:13 - 00378440 _____ C:\Windows\Minidump\022817-48313-01.dmp
2017-02-28 03:06 - 2017-02-28 03:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 15:11 - 2017-02-21 09:25 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2017-02-27 15:11 - 2017-02-21 09:25 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2017-02-26 13:59 - 2017-01-25 11:57 - 00397800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-02-26 13:58 - 2017-02-26 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-02-26 13:21 - 2017-02-28 17:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-02-22 20:03 - 2017-02-25 04:59 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-02-22 10:11 - 2017-02-22 10:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2017-02-22 10:11 - 2017-02-22 10:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2017-02-22 02:24 - 2017-02-22 02:24 - 00408672 _____ C:\Windows\Minidump\022217-19671-01.dmp
2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-20 15:12 - 2017-02-20 15:12 - 00015496 _____ (Marvell Semiconductor Inc.) C:\Windows\system32\Drivers\mvxxmm.sys
2017-02-20 14:16 - 2017-02-25 04:59 - 00000000 ____D C:\ProgramData\ProductData
2017-02-20 14:16 - 2017-02-20 14:16 - 00000000 ____D C:\Windows\IObit
2017-02-20 14:15 - 2017-02-24 21:49 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Amy)
2017-02-20 14:15 - 2017-02-20 14:15 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-20 14:15 - 2017-02-20 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-18 13:52 - 2017-02-18 13:52 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2017-02-18 13:52 - 2017-02-18 13:52 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2017-02-11 10:57 - 2017-02-11 10:57 - 00000000 ____H C:\Users\Amy\AppData\Local\BIT51D1.tmp
2017-02-11 10:56 - 2017-02-11 10:56 - 00000000 _____ C:\Users\Amy\AppData\Local\{99D7EB61-3375-4564-9C24-737055E5B3D5}
2017-02-09 03:33 - 2017-02-09 03:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-09 03:33 - 2017-02-09 03:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-08 22:21 - 2017-02-08 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-02-08 22:10 - 2017-02-08 22:10 - 00408576 _____ C:\Windows\Minidump\020817-39405-01.dmp
2017-02-08 21:51 - 2017-02-08 21:56 - 00003212 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-02-08 21:51 - 2017-02-08 21:51 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-02-08 14:03 - 2017-02-08 14:03 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-08 13:51 - 2017-02-08 13:51 - 00003688 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:51 - 2016-11-17 08:44 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-02-08 13:51 - 2016-11-17 08:44 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-02-08 13:51 - 2016-11-17 08:44 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-02-08 13:51 - 2016-11-17 08:44 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-02-08 13:51 - 2016-11-17 08:44 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-08 13:50 - 2017-02-08 13:50 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:50 - 2017-02-08 13:50 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:50 - 2017-02-08 13:50 - 00003676 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:50 - 2017-02-08 13:50 - 00003500 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:50 - 2017-02-08 13:50 - 00003440 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-08 13:49 - 2017-02-08 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 13:48 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-08 13:46 - 2016-11-16 11:42 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-08 13:43 - 2017-01-23 18:04 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-08 13:43 - 2017-01-23 18:04 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 34934720 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 28209720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 19008392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 14677456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 14286392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-08 13:43 - 2017-01-20 11:36 - 13378448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 11123424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 03623992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 03185720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 01051072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00990264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00496680 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00412720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00173272 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00156792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00150760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00135840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-08 13:43 - 2017-01-20 11:36 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-08 13:43 - 2017-01-20 11:36 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-08 13:43 - 2016-11-17 08:44 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-08 13:43 - 2016-11-17 08:44 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-08 13:43 - 2016-11-17 08:44 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-02-07 13:08 - 2017-02-07 13:08 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (6).zip
2017-02-06 19:12 - 2017-02-06 19:12 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (5).zip
2017-02-06 19:12 - 2017-02-06 19:12 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (4).zip
2017-02-06 11:31 - 2017-02-06 11:31 - 02052607 ____N C:\Users\Amy\Downloads\KellerWilliamsFormal.zip
2017-02-06 11:26 - 2017-02-06 11:26 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (3).zip
2017-02-06 11:10 - 2017-02-06 11:10 - 00184055 ____N C:\Users\Amy\Downloads\businesscard.zip
2017-02-06 11:10 - 2017-02-06 11:10 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (2).zip
2017-02-06 11:10 - 2017-02-06 11:10 - 00184055 ____N C:\Users\Amy\Downloads\businesscard (1).zip
2017-02-06 10:58 - 2017-02-28 17:17 - 00025608 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2017-02-06 10:58 - 2017-02-28 17:17 - 00002884 _____ C:\Windows\System32\Tasks\AVG Driver Updater Startup
2017-02-06 10:58 - 2017-02-28 17:17 - 00000462 _____ C:\Windows\Tasks\AVG Driver Updater Startup.job
2017-02-06 10:58 - 2017-02-26 12:56 - 00003382 _____ C:\Windows\System32\Tasks\AVG Driver Updater Scan
2017-02-06 10:58 - 2017-02-26 12:56 - 00000516 _____ C:\Windows\Tasks\AVG Driver Updater Scan.job
2017-02-06 10:58 - 2017-02-06 10:58 - 00002497 _____ C:\Users\Public\Desktop\AVG Driver Updater.lnk
2017-02-06 10:58 - 2017-02-06 10:58 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2017-02-06 10:58 - 2017-02-06 10:58 - 00000000 ____D C:\Users\Amy\AppData\Local\AVG Netherlands BV
2017-02-06 10:58 - 2017-02-06 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Driver Updater
2017-02-06 10:58 - 2017-02-06 10:58 - 00000000 ____D C:\Program Files (x86)\AVG Driver Updater
2017-01-29 01:17 - 2017-02-28 17:23 - 707761237 _____ C:\Windows\MEMORY.DMP
2017-01-29 01:17 - 2017-01-29 01:17 - 00408600 _____ C:\Windows\Minidump\012917-29296-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-28 17:31 - 2016-02-03 10:09 - 00000000 ____D C:\FRST
2017-02-28 17:23 - 2015-09-08 18:07 - 00747858 _____ C:\Windows\ntbtlog.txt
2017-02-28 17:23 - 2012-11-28 18:08 - 00000000 ____D C:\Windows\Minidump
2017-02-28 17:17 - 2016-11-05 11:18 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore1d2378041ed8fe9.job
2017-02-28 17:17 - 2012-09-10 11:28 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-28 17:15 - 2012-11-29 10:18 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2017-02-28 17:14 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-28 17:04 - 2016-05-29 15:19 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-28 17:04 - 2014-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-28 17:03 - 2015-01-10 02:54 - 00000145 _____ C:\Windows\wininit.ini
2017-02-28 16:55 - 2017-01-25 11:43 - 00000000 ____D C:\Users\Amy\AppData\Local\AvgSetupLog
2017-02-28 16:44 - 2016-11-05 11:18 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA1d2378042941900.job
2017-02-28 16:22 - 2017-01-25 11:54 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-02-28 13:46 - 2009-07-13 23:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-28 13:46 - 2009-07-13 23:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-28 03:10 - 2013-08-19 02:01 - 00000000 ____D C:\Windows\system32\MRT
2017-02-28 03:01 - 2012-09-13 14:17 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-27 16:14 - 2016-12-16 12:28 - 00000000 ____D C:\Users\Amy\Documents\Gift receipts
2017-02-26 17:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2017-02-26 16:26 - 2016-05-20 09:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-26 14:00 - 2017-01-25 11:58 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-02-26 13:58 - 2017-01-25 11:55 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-02-26 13:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-25 04:59 - 2017-01-25 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-02-25 04:59 - 2016-10-08 22:43 - 00000000 ____D C:\Users\Amy\Downloads\Temp
2017-02-25 04:59 - 2016-03-24 17:17 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-25 04:59 - 2015-07-25 17:13 - 00000000 ___RD C:\Users\Amy\OneDrive
2017-02-25 04:59 - 2015-05-31 19:55 - 00000000 ____D C:\Users\Amy\Desktop\Desktop icons
2017-02-25 04:59 - 2015-04-26 14:34 - 00000000 ____D C:\Users\Amy\AppData\Local\WinZip
2017-02-25 04:59 - 2014-12-10 11:38 - 00000000 ____D C:\Users\Amy\computer
2017-02-25 04:59 - 2014-11-29 18:47 - 00000000 ___RD C:\Users\Amy\Dropbox
2017-02-25 04:59 - 2014-11-15 20:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-25 04:59 - 2014-10-04 14:11 - 00000000 ____D C:\Users\Amy\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2017-02-25 04:59 - 2014-09-17 14:06 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Battle.net
2017-02-25 04:59 - 2014-06-30 12:15 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Blackboard
2017-02-25 04:59 - 2014-05-24 09:19 - 00000000 ____D C:\Users\Amy\AppData\Local\join.me
2017-02-25 04:59 - 2014-04-01 22:58 - 00000000 ____D C:\Users\Amy\Downloads\Individual Application Charlie Abrahams - Application summary_files
2017-02-25 04:59 - 2013-08-02 14:06 - 00000000 ____D C:\Users\Amy\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
2017-02-25 04:59 - 2013-01-15 22:58 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Ventrilo
2017-02-25 04:59 - 2012-12-14 14:22 - 00000000 ____D C:\Users\Amy\AppData\LocalLow\WebEx
2017-02-25 04:59 - 2012-09-25 13:37 - 00000000 ____D C:\Users\Amy\Desktop\RTL8111F_LAN_V5796_V761_V82612_XPWin7_8
2017-02-25 04:59 - 2012-09-21 09:15 - 00000000 ____D C:\Users\Amy\AppData\Local\Akamai
2017-02-25 04:59 - 2012-09-17 19:51 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-25 04:59 - 2012-09-16 21:52 - 00000000 ____D C:\ProgramData\IObit
2017-02-25 04:59 - 2012-09-10 12:07 - 00000000 ____D C:\Users\Amy\Lucidlogix
2017-02-25 04:59 - 2012-09-10 11:34 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
2017-02-25 04:59 - 2012-09-10 10:20 - 00000000 ____D C:\Users\Amy
2017-02-25 04:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-25 04:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-02-25 04:57 - 2012-10-24 20:00 - 00000000 ____D C:\Users\Amy\AppData\LocalLow\IObit
2017-02-25 04:57 - 2012-09-16 21:52 - 00000000 ____D C:\Users\Amy\AppData\Roaming\IObit
2017-02-25 03:06 - 2016-01-25 18:05 - 00000000 ____D C:\Program Files (x86)\96368BC0-1453763150-11DD-82EE-C86000C15E99
2017-02-25 02:41 - 2016-01-25 18:07 - 00000000 ____D C:\Users\Amy\AppData\Local\96368BC0-1453745231-11DD-82EE-C86000C15E99
2017-02-22 11:59 - 2012-09-21 13:02 - 00000000 ____D C:\Users\Amy\AppData\Local\ElevatedDiagnostics
2017-02-22 10:12 - 2015-03-10 01:44 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-02-22 10:12 - 2015-03-10 01:44 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-02-22 09:46 - 2016-01-24 18:43 - 00000000 ____D C:\Users\Amy\AppData\Local\CrashDumps
2017-02-21 14:33 - 2013-11-15 14:15 - 00776704 ___SH C:\Users\Amy\Documents\Thumbs.db
2017-02-21 09:29 - 2017-01-25 12:02 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2017-02-21 09:25 - 2017-01-25 12:01 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2017-02-21 09:25 - 2017-01-25 12:01 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2017-02-12 11:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-08 22:22 - 2014-01-24 00:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-08 22:21 - 2016-10-08 22:46 - 00001170 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.6.lnk
2017-02-08 22:21 - 2016-08-03 16:06 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-02-08 22:11 - 2014-09-18 09:24 - 00000000 ____D C:\Users\Amy\AppData\Local\NVIDIA Corporation
2017-02-08 21:51 - 2016-08-03 16:06 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2017-02-08 14:20 - 2012-09-12 16:02 - 00015606 _____ C:\Users\Amy\Documents\password.txt
2017-02-08 14:04 - 2012-09-10 11:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 13:51 - 2014-09-18 09:24 - 00000000 ____D C:\Users\Amy\AppData\Local\NVIDIA
2017-02-08 13:51 - 2012-09-10 11:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 13:50 - 2012-09-10 11:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 13:47 - 2016-08-03 16:44 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-06 17:42 - 2013-10-15 12:14 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:42 - 2013-10-15 12:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 11:53 - 2012-09-22 08:53 - 00000000 ____D C:\Users\Amy\Real Estate
2017-02-02 15:20 - 2012-11-27 13:54 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2017-02-02 15:20 - 2012-11-27 13:54 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2017-02-02 15:20 - 2012-11-27 13:54 - 00000000 ____D C:\Program Files\Paint.NET
 
==================== Files in the root of some directories =======
 
2012-11-11 13:14 - 2014-01-06 08:05 - 0000154 _____ () C:\Users\Amy\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-11 13:14 - 2013-05-11 15:03 - 0003174 _____ () C:\Users\Amy\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-11-11 13:14 - 2014-01-06 08:05 - 0000308 _____ () C:\Users\Amy\AppData\Roaming\Rim.DesktopHelper.Exception.log
2017-02-11 10:57 - 2017-02-11 10:57 - 0000000 ____H () C:\Users\Amy\AppData\Local\BIT51D1.tmp
2012-09-13 14:27 - 2012-09-17 20:26 - 0010240 _____ () C:\Users\Amy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-11 10:56 - 2017-02-11 10:56 - 0000000 _____ () C:\Users\Amy\AppData\Local\{99D7EB61-3375-4564-9C24-737055E5B3D5}
2012-09-10 11:19 - 2012-09-10 12:06 - 0000996 _____ () C:\ProgramData\Gpu.log
 
Files to move or delete:
====================
C:\Users\Amy\mbam-setup-2.0.2.1012.exe
C:\Users\Amy\PandaCloudAntivirus.exe
 
 
Some files in TEMP:
====================
2017-01-27 00:12 - 2017-01-27 00:12 - 0012288 _____ () C:\Users\Amy\AppData\Local\Temp\bkl_5v4k.dll
2016-09-07 13:11 - 2016-07-10 17:36 - 0859984 _____ (NVIDIA Corporation) C:\Users\Amy\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-08 13:43 - 2016-07-10 17:36 - 0335296 _____ (NVIDIA Corporation) C:\Users\Amy\AppData\Local\Temp\nvStInst.exe
2017-01-18 13:53 - 2017-01-18 13:53 - 75703976 _____ (Dropbox, Inc.) C:\Users\Amy\AppData\Local\Temp\{09B14565-99CC-43E2-902F-25400B3AC653}-DropboxClient_18.4.32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 11:13
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Amy (28-02-2017 17:31:49)
Running from C:\Users\Amy\Google Drive\Documents\Documents\Computer
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-10 15:20:46)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3605894463-1819794935-3665149236-500 - Administrator - Disabled)
Amy (S-1-5-21-3605894463-1819794935-3665149236-1000 - Administrator - Enabled) => C:\Users\Amy
Guest (S-1-5-21-3605894463-1819794935-3665149236-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3605894463-1819794935-3665149236-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe SVG Viewer 6.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  6.0 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.27 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.2.0 - ASUSTeK Computer Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.161.2.61210 - AVG Technologies)
AVG (Version: 1.161.2 - AVG Technologies) Hidden
AVG Driver Updater (HKLM-x32\...\AVG Driver Updater) (Version: 2.3.0 - AVG Netherlands B.V)
AVG Driver Updater (x32 Version: 2.3.0 - AVG Netherlands B.V) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.1.3006 - AVG Technologies)
AX88772 (HKLM-x32\...\{CAAF899F-D15F-480F-AF10-22B1431A5E9F}) (Version: 1.00.0000 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin N300 Micro USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155 - Belkin International, Inc.)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Canon PowerShot ELPH 130 IS and 120 IS_IXUS 140 and 135 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSELPH130ISand120IS_IXUS140and135) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberPower PowerPanel Personal Edition 1.3.4 (HKLM-x32\...\{612DBD6B-D073-43A9-8A26-D89DDF835137}) (Version: 1.3.4 - Cyber Power Systems, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
EVGA Precision 2.0.2 (HKLM-x32\...\Precision) (Version: 2.0.2 - EVGA Corporation)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FlipShare (HKLM-x32\...\{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}) (Version: 5.10.25.0 - Flip Video)
FMW 1 (Version: 1.172.2 - AVG Technologies) Hidden
Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.20.0.5174 (HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\GoToMeeting) (Version: 7.20.0.5174 - CitrixOnline)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66e8e99a-eb6f-4403-9fc2-0ddd4d6f353e}) (Version: 2.6.2.4 - Intel)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7070.2026 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Streets & Trips 2008 (HKLM-x32\...\{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}) (Version: 15.0.17.1600 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Plantronics MyHeadset Updater (x64) (HKLM\...\{11C2C550-7EB9-4E8D-B960-6DF230E73396}) (Version: 2.8.23209.0 - Plantronics, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16023.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16023.12 - Samsung Electronics Co., Ltd.) Hidden
SonicWALL Global VPN Client (HKLM\...\{2B0BD3DD-EF7E-43EE-AC58-061E412BFFEF}) (Version: 4.7.3 - SonicWALL)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VIRTU MVP 2.1.110 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.110 - Lucidlogix Technologies LTD)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.11.1 (Version: 1.0.11.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WD SmartWare (HKLM\...\{6F482C75-174D-42EB-A2CF-B00A1F354F7B}) (Version: 1.4.1.1 - Western Digital)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB  (08/15/2010 2.1.0.2) (HKLM\...\0799181C3332EF8BCBD444BC080F9CA0737F8279) (Version: 08/15/2010 2.1.0.2 - Cambridge Silicon Radio)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Amy\AppData\Local\Citrix\GoToMeeting\4628\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00A14FA8-E55C-4403-AD0D-3170B4849080} - System32\Tasks\{F0EF0B5E-2165-4842-B321-A7712ED47944} => C:\Program Files (x86)\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe 
Task: {00D916CD-02A0-4709-B140-926B08EBE6FF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-19] (Microsoft Corporation)
Task: {018D1A1E-26AC-4107-A943-D2834084E406} - System32\Tasks\AVG Driver Updater Scan => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2017-01-30] (AVG Netherlands B.V)
Task: {05F45ECB-BC02-4674-9781-3703168A99D0} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ec3bc453204f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {08EA4A76-F479-49D0-839B-21A561FDD34C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {0F35BFF3-0114-4FD7-A084-4F46D6B2C2D0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {17C81448-104A-4F2A-BDCC-F2C25409E794} - System32\Tasks\{A15EF9FA-B915-43C4-B7CA-5E98FAB83A92} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe 
Task: {1A5828D6-2691-4A88-B221-F856310C1575} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {219F8A47-8345-4C09-B735-4B1D192ACB85} - System32\Tasks\{3C14EE1C-06DE-407E-A36A-DB597CFDCF65} => C:\Program Files (x86)\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe 
Task: {2650A1C1-8395-4D6A-AE80-DED78058634B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {29DDFAD3-D74A-499C-83D3-EF8C14340864} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {2C7768A7-D05A-4557-BBEB-649A3166128B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {2FD851D3-43D0-4BEF-8B5A-553791DA9F1B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {355D0380-1DF3-43DD-B599-05593FD32EC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-04] (Microsoft Corporation)
Task: {37C12A08-149B-4E8B-916F-6FEAE5EE1331} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3D93FD80-75F7-459C-A632-7AE797CB2575} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {5502FBA3-FAD1-42C5-9E09-8B8347DC6251} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {56186B29-08EF-4075-BB13-9B26C6BA14CC} - System32\Tasks\AVG Driver Updater Startup => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2017-01-30] (AVG Netherlands B.V)
Task: {5A021BB9-0373-4ADF-9F98-37A417F92FB8} - System32\Tasks\{2BFB3ACB-36FB-447D-9E23-B5C39C662BF2} => pcalua.exe -a "C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\InstallerUtils\InstallerUtils.exe" -c /UninstallDesktop
Task: {5E5E6C29-67BF-4457-90D4-14C235EB8A98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5F981C00-80FA-40F5-A026-1CAC29E42F6E} - System32\Tasks\{169489BA-AC5D-4E54-9339-03D4142A55F3} => C:\Program Files (x86)\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe 
Task: {62B7D585-4A62-4CA1-ADEB-78AF7212E3CC} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {640441B9-7DA5-4807-A9B4-9BFDF15E2FEC} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ec3bc4f5e845 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6DF713C7-75CE-4C64-BDDD-B369E2C850F5} - System32\Tasks\{F86ECC4C-9BDF-4814-965B-145D35943ADD} => pcalua.exe -a "C:\Users\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ6LWX57\epson13145.exe" -d C:\Users\Amy\Desktop
Task: {6E16F34C-2F3B-42D2-966C-43687F89F4F1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {70FF382A-6D58-49F4-A0E5-87FB25C0EF28} - System32\Tasks\{8A331E28-0ECA-4B60-93FD-FBDBD01A7A46} => pcalua.exe -a C:\Users\Amy\Documents\epson15563.exe -d C:\Users\Amy\Documents
Task: {7F590DF2-3801-4C01-92E7-88234DA18901} - System32\Tasks\DropboxUpdateTaskMachineUA1d2378042941900 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-29] (Dropbox, Inc.)
Task: {8C80F399-C6A4-40B1-AD0E-4CA1E5ECDB94} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {8DC8D432-11A2-4DB5-B50C-FC0407FA19B3} - System32\Tasks\{1058C1EE-ACF1-49E7-86B3-31E9840D241E} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe 
Task: {916650B2-EC37-414D-997D-DCA11789D034} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {91BC3FD9-5D90-41B6-B32E-D2565F468953} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2011-12-30] (ASUSTeK Computer Inc.)
Task: {92810FD0-94C6-454D-823E-B387A0F3546A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {9C4CD2EF-775F-4F65-9CED-EA6BAFF718AA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {A18683F1-0865-46AE-A27E-EDCE5EBAB813} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {A52DB78C-43EA-4DF4-AD16-BDA183E6B5CB} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-01-30] (ASUSTeK Computer Inc.)
Task: {AB69479C-6071-4209-BB08-44DA53688514} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C2FE21C5-04C8-46EB-B66C-02A7F9BBE3A8} - System32\Tasks\{DBE6CCD2-70EE-45E2-9C0D-4B822B815FF0} => pcalua.exe -a D:\setup.exe -d D:\
Task: {C3C704CA-D808-49FC-9E4D-D4DC94A3C5BB} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-01-25] (AVG Technologies CZ, s.r.o.)
Task: {C4D8201A-27A0-442F-A8EC-E656A06BF557} - System32\Tasks\DropboxUpdateTaskMachineCore1d2378041ed8fe9 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-29] (Dropbox, Inc.)
Task: {C5C2CD1E-2F51-4BA7-B560-EE9CB2E942FA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {CF4DBBB4-3CE9-47EF-8B09-60484708418D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D1E23820-0775-435B-9C87-C8C79B397BDB} - System32\Tasks\G2MUpdateTask-S-1-5-21-3605894463-1819794935-3665149236-1000 => C:\Users\Amy\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D8B59D9A-3E34-4C45-B329-EC9B7358B18A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-04] (Microsoft Corporation)
Task: {D8C672C2-D96E-4E79-BAB4-DB9816C48D5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DC645104-738A-4882-80DE-677B522DABE2} - System32\Tasks\{B1B760FA-0069-44A5-BA7A-6DC0F2605AB4} => pcalua.exe -a D:\Software\LAN_Utility\WIN7\64\EXE\RtlStartInstall.exe -d D:\Software\LAN_Utility\WIN7\64\EXE
Task: {DCB1DE6B-674B-4405-8B0D-6E0A44D063F4} - System32\Tasks\G2MUploadTask-S-1-5-21-3605894463-1819794935-3665149236-1000 => C:\Users\Amy\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E06C6213-A126-49B1-8446-5D515E4BDF52} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {F042461D-95FB-475E-95EC-85E33C67545E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {F7E89D54-4F0B-4B35-8D80-9CD720F9E69D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {F93A8B3E-1A6E-44A2-9956-A25C259262AF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FB49B730-8200-476F-8565-9E6A207F21B3} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG Driver Updater Scan.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\Windows\Tasks\AVG Driver Updater Startup.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore1d2378041ed8fe9.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA1d2378042941900.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3605894463-1819794935-3665149236-1000.job => C:\Users\Amy\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3605894463-1819794935-3665149236-1000.job => C:\Users\Amy\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Amy\Desktop\Google Hangouts (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\Desktop\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_knipolnnllmklapflnccelgolnpehhpl\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Hangouts (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.25.29.jpg:com.dropbox.attributes [1440]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.26.03.jpg:com.dropbox.attributes [1434]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.26.38.jpg:com.dropbox.attributes [1440]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.26.52.jpg:com.dropbox.attributes [1434]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.26.59.jpg:com.dropbox.attributes [1228]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.27.44.jpg:com.dropbox.attributes [1224]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.27.52.jpg:com.dropbox.attributes [1224]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 14.50.28.jpg:com.dropbox.attributes [1226]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-29 13.10.33.jpg:com.dropbox.attributes [1438]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-29 13.10.40.jpg:com.dropbox.attributes [1436]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-29 17.17.07.jpg:com.dropbox.attributes [1428]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-29 17.17.11.jpg:com.dropbox.attributes [1436]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7924 more sites.
 
IE trusted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\mlxchange.com -> mfr.mlxchange.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\1-se.com -> 1-se.com
 
There are 11468 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-01-13 14:35 - 00453906 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15573 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdvancedSystemCareService5 => 2
MSCONFIG\startupreg: Advanced SystemCare 5 => "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9B134365-6FC0-4C56-8196-3CC065059741}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{4EA3595A-48F8-471E-ACFC-CE83AEA2C95D}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{7E5ADC7C-9E2A-4BC3-B240-586CE39EE244}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{E29932DB-C67D-4AAB-9760-9F1802E72A87}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [TCP Query User{FE9A173D-7733-420B-85E3-122A7D2D74D3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{915DC25F-EE13-47D7-B9F3-510BF6324DA9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{0A0DFF21-2496-4C68-A51F-DF6C0DA1E544}] => (Allow) LPort=24726
FirewallRules: [{6DD71784-93F7-44EE-943D-85EEEA7D794C}] => (Allow) LPort=24727
FirewallRules: [TCP Query User{46E0D815-4B97-46E9-9B7A-FBD098989BFB}C:\users\amy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C872D1DF-C4B8-4C0E-B0FE-2E3DD8A5A683}C:\users\amy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{F2080D32-28A5-407D-905F-FB1CCC8E0A1C}] => (Block) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{AD1A37E0-96FF-4F5B-AB2C-F9AD680993BA}] => (Block) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{27A1447B-CDBD-4B98-A298-0DB14105DB43}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{04FE7808-8984-4ABF-85D9-D33949EC0B57}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{EC4E9F21-64A4-4903-B617-9429E34A251D}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{9A093666-B468-4FE1-B56B-4144798AB39D}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [TCP Query User{B4FDEC98-1B73-4F05-86AC-35E5F2D13900}C:\windows\system32\spool\drivers\x64\3\e_gupa30.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\e_gupa30.exe
FirewallRules: [UDP Query User{983ABF86-F2F8-4196-904D-799FC66EDC6E}C:\windows\system32\spool\drivers\x64\3\e_gupa30.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\e_gupa30.exe
FirewallRules: [{D0703124-0FB8-43C5-B17A-257DB434C52C}] => (Block) C:\windows\system32\spool\drivers\x64\3\e_gupa30.exe
FirewallRules: [{832E01A0-E1B6-4185-950B-DE7E409F128E}] => (Block) C:\windows\system32\spool\drivers\x64\3\e_gupa30.exe
FirewallRules: [{17C25040-C858-4F72-85B2-3BE4A3AA0BE9}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{C9170D65-4BCB-4FF8-A8EA-547D2E95D3F1}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{41A7B54E-0D5B-4FBE-8B50-5F33AADC8747}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C6A4622D-3589-4709-82EE-6DA92EDCFFBC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{186AB80C-D7AE-4D9D-9294-C9A0D7414BD9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{CA35B0F0-454D-4ED5-89FF-B9E8D05424AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{39D77C15-F274-4546-A1D0-E540039B7A40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{496AB915-954A-4B72-94CB-5513C47E7163}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{3E738031-BB4F-492A-AA98-76B8F155914E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9309586-F0C6-4A14-9C4B-3096BA4B62C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B0BBEA6-60F9-48F6-8381-71FB4552BA2C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B619AD58-7CD2-4AAD-BC7B-F4E65F88C636}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DEC3B2E9-E115-4A67-A7A4-40173A29FB37}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{5E64F4DD-0B87-4410-B3A0-3032916D8779}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{57691A8B-018A-4E11-9B49-BC220ED9EC78}] => (Allow) LPort=4481
FirewallRules: [{C8953F11-CD76-4DAD-999A-8DEF49DB85C5}] => (Allow) LPort=4481
FirewallRules: [{1C22D72F-8D12-45B0-845C-D65D10A185B8}] => (Allow) LPort=4482
FirewallRules: [{852F0E80-9A82-4677-BF3F-20F5191DCFFC}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{1FDFC5BD-CBCE-4B01-AFEB-6CC48CE1EA20}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{E1A82BDB-CB7F-4EA4-BFAE-618511F8DA09}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{E63FA0D4-EF4E-4015-BFD5-D22503204048}] => (Allow) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe
FirewallRules: [{4B5C3268-1C01-4675-876E-C231852194EA}] => (Allow) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe
FirewallRules: [{A0F2BF86-7B21-4C4D-AD2E-4395A71690F9}] => (Allow) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe
FirewallRules: [{D2F5B788-7E16-4340-87CD-582E9565EE37}] => (Allow) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe
FirewallRules: [{4F1E9D22-34F0-4313-8FC3-FBDD0C39DD9E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8479C75C-9F93-46EF-AEB9-7812AD2DCE08}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{646D01CF-AEBB-46DC-955F-F5C1DE0B006C}] => (Allow) C:\Users\Amy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4E7C88ED-FF92-431C-ACC0-57B44757FDE4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F13D8F0F-FB45-47E4-BC29-F0A5002D3DD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{125B82CF-4357-46AD-8750-4EA8FAB273AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{427FE180-AF8C-44A5-A501-2DF378467F01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA56050C-C473-4F28-8A7B-7510B9B40507}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B80A277B-269B-4AAB-B886-8514B3A3872C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{4FD70511-9765-4969-AE14-F09F797BC398}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{4350686C-0331-46EC-BA11-0F24B7F6F555}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C9C3E19E-DA5D-4D86-8D15-2DDBA315D815}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{CF43B219-A9B9-47E1-9799-4070FB544F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B510E950-0086-4414-94B4-F2803F1B462E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C73F1855-69FE-49E9-9C13-EF2B34C59503}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9F42DEB2-7761-4E1B-BF35-3B1B1C035F79}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5EB7EFB5-3E15-46D1-84DF-2834894106B7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
26-02-2017 15:26:21 Windows Update
28-02-2017 03:00:27 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: avgRvrt
Description: avgRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avgRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avgVmm
Description: avgVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avgVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2017 05:24:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 05:16:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 05:06:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 03:06:31 AM) (Source: DbxSvc) (EventID: 270) (User: )
Description: (-2145452013) The system could not find the filter specified.
 
Error: (02/26/2017 01:07:26 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (02/26/2017 01:07:26 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {EA4D0A44-D802-4232-B129-049242F55C15}
 
Error: (02/26/2017 01:07:26 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {EA4D0A44-D802-4232-B129-049242F55C15}
 
Error: (02/26/2017 12:57:23 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (02/26/2017 12:57:23 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {79C19CAF-ABB4-47B8-B90C-149DC6183EA5}
 
Error: (02/26/2017 12:57:23 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {79C19CAF-ABB4-47B8-B90C-149DC6183EA5}
 
 
System errors:
=============
Error: (02/28/2017 05:25:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/28/2017 05:25:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/28/2017 05:25:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/28/2017 05:25:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/28/2017 05:24:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/28/2017 05:24:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (02/28/2017 05:24:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/28/2017 05:24:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (02/28/2017 05:23:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/28/2017 05:23:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-13 14:23:17.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-13 14:19:28.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-13 14:19:28.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-13 14:03:28.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-13 14:03:27.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-11 03:26:52.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-11 03:26:51.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 23:24:25.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 23:18:27.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 23:18:27.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8147.51 MB
Available physical RAM: 6303.14 MB
Total Virtual: 16293.2 MB
Available Virtual: 14360.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1600.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D2B0B3BC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 28 February 2017 - 05:49 PM

Frequent BSOD is back. Please help!

Do you uninstall the softwares. I am waiting for your removal.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 AmyD10

AmyD10
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 28 February 2017 - 06:04 PM

I did not see the Slimware, C:\Windows\IObit or

IObit Driver Booster. I removed Spybot and AVG Web Tune up



#12 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 28 February 2017 - 06:45 PM

Hi again, thanks.

 

Please do the following.

Step 1:
FRST Script:
Please download this attached  Attached File  Fixlist.txt   17.09KB   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 AmyD10

AmyD10
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 01 March 2017 - 11:45 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Amy (01-03-2017 10:36:39) Run:1
Running from C:\Users\Amy\Google Drive\Documents\Documents\Computer
Loaded Profiles: Amy (Available Profiles: Amy & Guest)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2017-01-25 11:59 - 2017-01-25 11:59 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
S2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-07] (AVG Secure Search)
CHR Extension: (AVG Secure Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-01-25]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-02-07]
FF SearchPlugin: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354\searchplugins\avg-secure-search.xml [2017-02-07]
FF Extension: (AVG Web TuneUp) - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354\Extensions\avg@toolbar.xpi [2017-02-07]
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-07] ()
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-07] (AVG)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2017-02-21] (AVG Technologies CZ, s.r.o.)
S2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-01-09] (AVG Netherlands B.V.)
2017-02-18 13:52 - 2017-02-21 09:25 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2017-02-18 13:52 - 2017-02-21 09:25 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2017-01-28 10:20 - 2017-01-28 10:20 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2017-01-25 12:01 - 2017-01-25 12:01 - 00002596 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-01-25 12:01 - 2017-01-25 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2017-01-25 11:59 - 2017-01-25 12:00 - 00000000 ____D C:\Users\Amy\AppData\Local\AVG Web TuneUp
2017-01-25 11:58 - 2017-02-07 10:51 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-01-25 11:58 - 2017-02-07 10:50 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-02-21 20:21 - 2014-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
C:\Windows\IObit
2017-02-20 14:15 - 2017-02-22 12:38 - 00003246 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-02-20 14:15 - 2017-02-22 12:38 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Amy)
2017-02-20 14:15 - 2017-02-21 20:09 - 00002278 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-21 20:08 - 2012-09-16 21:52 - 00000000 ____D C:\Users\Amy\AppData\Roaming\IObit
2017-02-20 14:17 - 2012-10-24 20:00 - 00000000 ____D C:\Users\Amy\AppData\LocalLow\IObit
2017-02-20 14:15 - 2012-09-16 21:52 - 00000000 ____D C:\ProgramData\IObit
2017-02-20 14:15 - 2012-09-16 21:52 - 00000000 ____D C:\Program Files (x86)\IObit
2012-11-11 13:14 - 2014-01-06 08:05 - 0000154 _____ () C:\Users\Amy\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-11 13:14 - 2013-05-11 15:03 - 0003174 _____ () C:\Users\Amy\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-11-11 13:14 - 2014-01-06 08:05 - 0000308 _____ () C:\Users\Amy\AppData\Roaming\Rim.DesktopHelper.Exception.log
2017-02-11 10:57 - 2017-02-11 10:57 - 0000000 ____H () C:\Users\Amy\AppData\Local\BIT51D1.tmp
C:\Users\Amy\Documents\Thumbs.db
C:\Users\Amy\AppData\Local\BIT51D1.tmp
C:\Windows\system32\Drivers\etc\hosts.20170221-202935.backup
CHR HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.450.15) - C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U45) - C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicyScripts-x32: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {29C5BF76-0E1A-49EE-B95E-A4E444396568} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120938,17118,0,18,0
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
C:\ProgramData\ProductData
C:\Users\Amy\PandaCloudAntivirus.exe
 C:\Users\Amy\AppData\Local\Temp\tud8cnz-.dll
Task: {2C7768A7-D05A-4557-BBEB-649A3166128B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {92810FD0-94C6-454D-823E-B387A0F3546A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Amy\Desktop\Google Hangouts (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Hangouts (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.25.29.jpg:com.dropbox.attributes [1440]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.26.03.jpg:com.dropbox.attributes [1434]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.26.38.jpg:com.dropbox.attributes [1440]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.26.52.jpg:com.dropbox.attributes [1434]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.26.59.jpg:com.dropbox.attributes [1228]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.27.44.jpg:com.dropbox.attributes [1224]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 10.27.52.jpg:com.dropbox.attributes [1224]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-28 14.50.28.jpg:com.dropbox.attributes [1226]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-29 13.10.33.jpg:com.dropbox.attributes [1438]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-29 13.10.40.jpg:com.dropbox.attributes [1436]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-29 17.17.07.jpg:com.dropbox.attributes [1428]
AlternateDataStreams: C:\Users\Amy\Documents\2015-03-29 17.17.11.jpg:com.dropbox.attributes [1436]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
GroupPolicyScripts-x32: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {29C5BF76-0E1A-49EE-B95E-A4E444396568} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120938,17118,0,18,0
SearchScopes: HKU\S-1-5-21-3605894463-1819794935-3665149236-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={898A6D86-C577-4B0E-9956-C7A36B87EF57}&mid=347f070e3f4c4d30a1a06288d2c4b9c1-87d8ac67fdcb6a5a8a1cbc097b79da7cb158aa02&lang=en&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_0&pr=fr&d=2017-01-25 16:58:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.450.15) - C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U45) - C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => No File
CHR HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2017-02-21] (AVG Technologies CZ, s.r.o.)
S2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2017-02-28] (SlimWare Utilities, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-01-09] (AVG Netherlands B.V.)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
2017-02-27 15:11 - 2017-02-21 09:25 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2017-02-27 15:11 - 2017-02-21 09:25 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2017-02-20 14:16 - 2017-02-25 04:59 - 00000000 ____D C:\ProgramData\ProductData
2017-02-20 14:16 - 2017-02-20 14:16 - 00000000 ____D C:\Windows\IObit
2017-02-20 14:15 - 2017-02-24 21:49 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Amy)
2017-02-20 14:15 - 2017-02-20 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-28 17:04 - 2014-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-28 17:03 - 2015-01-10 02:54 - 00000145 _____ C:\Windows\wininit.ini
2017-02-25 04:59 - 2014-11-15 20:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-25 04:59 - 2012-09-16 21:52 - 00000000 ____D C:\ProgramData\IObit
2017-02-25 04:57 - 2012-10-24 20:00 - 00000000 ____D C:\Users\Amy\AppData\LocalLow\IObit
2017-02-25 04:57 - 2012-09-16 21:52 - 00000000 ____D C:\Users\Amy\AppData\Roaming\IObit
2017-02-21 14:33 - 2013-11-15 14:15 - 00776704 ___SH C:\Users\Amy\Documents\Thumbs.db
2012-11-11 13:14 - 2014-01-06 08:05 - 0000154 _____ () C:\Users\Amy\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-11 13:14 - 2013-05-11 15:03 - 0003174 _____ () C:\Users\Amy\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-11-11 13:14 - 2014-01-06 08:05 - 0000308 _____ () C:\Users\Amy\AppData\Roaming\Rim.DesktopHelper.Exception.log
2017-02-11 10:57 - 2017-02-11 10:57 - 0000000 ____H () C:\Users\Amy\AppData\Local\BIT51D1.tmp
2012-09-10 11:19 - 2012-09-10 12:06 - 0000996 _____ () C:\ProgramData\Gpu.log
C:\Users\Amy\PandaCloudAntivirus.exe
2017-01-27 00:12 - 2017-01-27 00:12 - 0012288 _____ () C:\Users\Amy\AppData\Local\Temp\bkl_5v4k.dll
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 5" /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
"C:\Program Files\Common Files\AVG Secure Search" => not found.
vToolbarUpdater40.3.7 => service not found.
C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => not found
Chrome HomePage => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found. 
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully
"C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354\searchplugins\avg-secure-search.xml" => not found.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\knn1zxkj.default-1473269503354\Extensions\avg@toolbar.xpi => not found.
WtuSystemSupport => service not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\System\CurrentControlSet\Services\TuneUp.UtilitiesSvc => key removed successfully
TuneUp.UtilitiesSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\UxTuneUp => key removed successfully
UxTuneUp => service removed successfully
UxTuneUp => service not found.
HKLM\System\CurrentControlSet\Services\TuneUpUtilitiesDrv => key removed successfully
TuneUpUtilitiesDrv => service removed successfully
C:\Windows\system32\uxtuneup.dll => moved successfully
C:\Windows\SysWOW64\uxtuneup.dll => moved successfully
C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp => moved successfully
"C:\Users\Amy\AppData\Local\AVG Web TuneUp" => not found.
"C:\ProgramData\AVG Web TuneUp" => not found.
"C:\Program Files (x86)\AVG Web TuneUp" => not found.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value not found.
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
C:\Windows\IObit => moved successfully
"C:\Windows\System32\Tasks\Driver Booster Scheduler" => not found.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Amy) => moved successfully
"C:\Users\Public\Desktop\Driver Booster 4.lnk" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4 => moved successfully
C:\Users\Amy\AppData\Roaming\IObit => moved successfully
C:\Users\Amy\AppData\LocalLow\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Users\Amy\AppData\Roaming\Rim.Desktop.Exception.log => moved successfully
C:\Users\Amy\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => moved successfully
C:\Users\Amy\AppData\Roaming\Rim.DesktopHelper.Exception.log => moved successfully
C:\Users\Amy\AppData\Local\BIT51D1.tmp => moved successfully
C:\Users\Amy\Documents\Thumbs.db => moved successfully
"C:\Users\Amy\AppData\Local\BIT51D1.tmp" => not found.
"C:\Windows\system32\Drivers\etc\hosts.20170221-202935.backup" => not found.
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => key not found. 
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => not found.
C:\Users\Amy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe => not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{29C5BF76-0E1A-49EE-B95E-A4E444396568} => key removed successfully
HKCR\CLSID\{29C5BF76-0E1A-49EE-B95E-A4E444396568} => key not found. 
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key removed successfully
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found. 
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
C:\ProgramData\ProductData => moved successfully
C:\Users\Amy\PandaCloudAntivirus.exe => moved successfully
"C:\Users\Amy\AppData\Local\Temp\tud8cnz-.dll" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C7768A7-D05A-4557-BBEB-649A3166128B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C7768A7-D05A-4557-BBEB-649A3166128B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92810FD0-94C6-454D-823E-B387A0F3546A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92810FD0-94C6-454D-823E-B387A0F3546A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\Users\Amy\Desktop\Google Hangouts (1).lnk => Shortcut argument removed successfully.
C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts (1).lnk => Shortcut argument removed successfully.
C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Hangouts (1).lnk => Shortcut argument removed successfully.
C:\Users\Amy\Documents\2015-03-28 10.25.29.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-28 10.26.03.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-28 10.26.38.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-28 10.26.52.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-28 10.26.59.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-28 10.27.44.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-28 10.27.52.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-28 14.50.28.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-29 13.10.33.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-29 13.10.40.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-29 17.17.07.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Amy\Documents\2015-03-29 17.17.11.jpg => ":com.dropbox.attributes" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe => not found.
"C:\Windows\SysWOW64\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{29C5BF76-0E1A-49EE-B95E-A4E444396568} => key not found. 
HKCR\CLSID\{29C5BF76-0E1A-49EE-B95E-A4E444396568} => key not found. 
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found. 
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found. 
C:\Users\Amy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => not found.
HKU\S-1-5-21-3605894463-1819794935-3665149236-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key not found. 
TuneUp.UtilitiesSvc => service not found.
UxTuneUp => service not found.
UxTuneUp => service not found.
HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully
SWDUMon => service removed successfully
TuneUpUtilitiesDrv => service not found.
aswVmm => service not found.
dbx => service not found.
"C:\Windows\system32\uxtuneup.dll" => not found.
"C:\Windows\SysWOW64\uxtuneup.dll" => not found.
"C:\ProgramData\ProductData" => not found.
"C:\Windows\IObit" => not found.
"C:\Windows\System32\Tasks\Driver Booster SkipUAC (Amy)" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2" => not found.
C:\Windows\wininit.ini => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
"C:\ProgramData\IObit" => not found.
"C:\Users\Amy\AppData\LocalLow\IObit" => not found.
"C:\Users\Amy\AppData\Roaming\IObit" => not found.
"C:\Users\Amy\Documents\Thumbs.db" => not found.
"C:\Users\Amy\AppData\Roaming\Rim.Desktop.Exception.log" => not found.
"C:\Users\Amy\AppData\Roaming\Rim.Desktop.HttpServerSetup.log" => not found.
"C:\Users\Amy\AppData\Roaming\Rim.DesktopHelper.Exception.log" => not found.
"C:\Users\Amy\AppData\Local\BIT51D1.tmp" => not found.
C:\ProgramData\Gpu.log => moved successfully
"C:\Users\Amy\PandaCloudAntivirus.exe" => not found.
C:\Users\Amy\AppData\Local\Temp\bkl_5v4k.dll => moved successfully
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 5" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.
 
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28394739 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 2277663501 B
Edge => 0 B
Chrome => 200327508 B
Firefox => 10521537 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 22941 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42343782 B
systemprofile32 => 10561988 B
LocalService => 0 B
NetworkService => 15900967 B
Amy => 373596669 B
UpdatusUser => 0 B
Guest => 207998529 B
 
RecycleBin => 2437152860 B
EmptyTemp: => 5.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:37:34 ====
 
It prompted me to download the updated AdwCleaner v6.044.  I ran it and did not see AdwCleaner S1.txt so I have given you AdwCleaner S0.txt and C0.txt
 
# AdwCleaner v6.044 - Logfile created 01/03/2017 at 11:33:32
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Amy - AMY-PC
# Running from : C:\Users\Amy\Desktop\adwcleaner_6.044.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Program Files (x86)\96368BC0-1453763150-11DD-82EE-C86000C15E99
Folder Found:  C:\Users\Amy\AppData\Local\96368BC0-1453745231-11DD-82EE-C86000C15E99
Folder Found:  C:\Users\Guest\AppData\LocalLow\pandasecuritytb
Folder Found:  C:\ProgramData\FlashBeat
Folder Found:  C:\ProgramData\Application Data\FlashBeat
Folder Found:  C:\Users\Public\Documents\Downloaded Installers
Folder Found:  C:\Program Files (x86)\Consumer Input
 
 
***** [ Files ] *****
 
File Found:  C:\Windows\SysNative\drivers\swdumon.sys
File Found:  C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\da59ff0h.default\searchplugins\Search Provided by Yahoo.xml
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found:  HKLM\SOFTWARE\Uniblue
Key Found:  HKLM\SOFTWARE\Uniblue\DriverScanner
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Amy\AppData\Local\Chromium\User Data\Default\Web data] - search provided by yahoo
Chrome pref Found:  [C:\Users\Amy\AppData\Local\Chromium\User Data\Default\Secure Preferences] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_03&param1=1&param2=f%3D7%26b%3Dchmm
Chrome pref Found:  [C:\Users\Amy\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_03&param1=1&param2=f%3D1%26b%3Dchm
Chrome pref Found:  [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Amy\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Amy\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2715 Bytes] - [01/03/2017 11:33:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2788 Bytes] ##########
# AdwCleaner v6.044 - Logfile created 01/03/2017 at 11:34:01
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Amy - AMY-PC
# Running from : C:\Users\Amy\Desktop\adwcleaner_6.044.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\96368BC0-1453763150-11DD-82EE-C86000C15E99
[-] Folder deleted: C:\Users\Amy\AppData\Local\96368BC0-1453745231-11DD-82EE-C86000C15E99
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\pandasecuritytb
[-] Folder deleted: C:\ProgramData\FlashBeat
[#] Folder deleted on reboot: C:\ProgramData\Application Data\FlashBeat
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\Consumer Input
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys
[-] File deleted: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\da59ff0h.default\searchplugins\Search Provided by Yahoo.xml
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: HKLM\SOFTWARE\Uniblue\DriverScanner
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Amy\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo
[-] [C:\Users\Amy\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_03&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtC0AyDzy0DyBtByDyE0CyE0EtCzytN0D0Tzu0StCyEzztCtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyB0F0DyB0CzytGtCyEyEtAtGyBtDtDzytGyE0FyB0BtGyCyDtDzztC0D0Czyzy0DtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyC0CzzyBtBtA0DtGyB0Azy0EtGyE0FyD0FtGzy0DtDyEtGyCyB0FzyyByCtC0AyDtAyCyB2QtN0A0LzutB%26cr%3D1648743616%26a%3Dwncy_ir_16_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm
[-] [C:\Users\Amy\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_03&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtC0AyDzy0DyBtByDyE0CyE0EtCzytN0D0Tzu0StCyEzztCtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyB0F0DyB0CzytGtCyEyEtAtGyBtDtDzytGyE0FyB0BtGyCyDtDzztC0D0Czyzy0DtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyC0CzzyBtBtA0DtGyB0Azy0EtGyE0FyD0FtGzy0DtDyEtGyCyB0FzyyByCtC0AyDtAyCyB2QtN0A0LzutB%26cr%3D1648743616%26a%3Dwncy_ir_16_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Amy\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Amy\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3587 Bytes] - [01/03/2017 11:34:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [2867 Bytes] - [01/03/2017 11:33:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3733 Bytes] ##########
 
 
 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 01 March 2017 - 12:08 PM

Thanks.I am waiting ComboFix logfile.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 AmyD10

AmyD10
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:55 AM

Posted 01 March 2017 - 12:24 PM

I can't disable AVG to run combofix.  I followed the directions but I don't get the options that should come up.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users