Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads


Pop up ad problem Firefox Chrome and Edge probably

This is a discussion on Pop up ad problem Firefox Chrome and Edge probably within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have a problem with pop up ads where when a pop up sometimes occurs it redirects to unwanted ads


 
 
Thread Tools Search this Thread
Old 11-26-2016, 07:51 PM   #1
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



I have a problem with pop up ads where when a pop up sometimes occurs it redirects to unwanted ads not where it supposed to pop up to. I know this came from a free download I did and even though I realized fairly quickly what it was it got on my system and infected it. It has installed something somewhere that causes redirection of pop ups.

I have done all normal advertised steps and repeated:

AdwCleaner

Malwarebytes Anti-Malware Free

HitmanPro

Reset browsers to default and rebooted.

I think these programs and steps have done something but something is still present as sometimes when a pop up occurs it redirects to unwanted ads. Probably making a new user would solve I think but would be good to solve it on this user. I know if the right file was deleted it would be gone but I do not know where it is and I am running out of steps to follow.

Anyone have some experience with where it might be and how to remove it? Thank you in advance.

Here is what I was advised to provide to you:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.111.2
Run by theun at 2:44:34 on 2016-11-27
Microsoft Windows 10 Pro 10.0.14393.0.1252.44.1033.18.3918.1000 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Updated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\AVG\Av\avgrsa.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skdh8821.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWoW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\theun\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [EE Prosumer ModemListener] C:\Program Files (x86)\Web Connection\Y854\BackgroundService\ModemListener.exe start
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0E13DCB2-D079-49C7-AD08-DB4B89350786} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{12c77793-624f-40c6-98fb-26cdf5780080} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3ed23349-6bc2-4068-805c-2c152fc1ab09} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94eafdf7-98ab-42b6-84cc-2dbd2e4bf9cd} : DHCPNameServer = 172.20.10.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} -
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Skd8821] C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\theun\AppData\Roaming\Mozilla\Firefox\Profiles\rr1ognzc.default-1480128198913\
FF - prefs.js: browser.startup.homepage - outlook.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2016-6-1 267008]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2016-9-26 254208]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2016-6-1 52992]
R0 Avguniva;AVG Universal Driver;C:\WINDOWS\System32\drivers\avguniva.sys [2016-6-1 77056]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2016-5-13 163072]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2016-10-17 312576]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2016-10-19 267520]
R1 avgtp;avgtp;C:\WINDOWS\System32\drivers\avgtpx64.sys [2013-9-10 46368]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2016-8-4 313096]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2013-9-10 27008]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-2-23 65408]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2016-1-7 21632]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-9-30 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2016-11-25 54736]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
.
=============== Created Last 30 ================
.
2016-11-26 03:34:41 203680 ----a-w- C:\WINDOWS\System32\drivers\zam64.sys
2016-11-26 03:34:38 203680 ----a-w- C:\WINDOWS\System32\drivers\zamguard64.sys
2016-11-26 03:34:36 -------- d-----w- C:\Users\theun\AppData\Local\Zemana
2016-11-25 23:53:18 -------- d-----w- C:\Users\theun\AppData\Roaming\TeamViewer
2016-11-25 04:18:20 -------- d--h--w- C:\OneDriveTemp
2016-11-25 03:35:23 54736 ----a-w- C:\WINDOWS\System32\drivers\hitmanpro37.sys
2016-11-25 03:35:00 -------- d-----w- C:\ProgramData\HitmanPro
2016-11-25 03:31:04 -------- d-----w- C:\AdwCleaner
2016-11-25 01:28:25 -------- d-----w- C:\Users\theun\AppData\Local\Programs
2016-11-23 23:41:33 -------- d-----w- C:\Users\theun\AppData\Local\LogMeIn Rescue Applet
2016-11-18 14:31:22 41928 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IA2Marshal.dll
2016-11-10 16:10:07 -------- d-----w- C:\Program Files\iPod
2016-11-10 16:09:42 -------- d---a-w- C:\Program Files\iTunes
2016-11-08 21:45:55 65536 ----a-w- C:\WINDOWS\SysWow64\wininetlui.dll
2016-11-08 21:44:59 3892352 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-11-08 21:33:09 2104320 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2016-11-08 21:31:59 659968 ----a-w- C:\Program Files\Windows NT\TableTextService\TableTextService.dll
2016-11-08 21:30:57 4130432 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-11-08 21:28:55 942080 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2016-11-08 21:27:57 714592 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2016-10-30 07:28:00 29432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-10-30 07:25:36 380192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-10-30 07:18:24 209104 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-10-28 14:17:08 498952 ----a-w- C:\WINDOWS\System32\DolbyDecMFT.dll
2016-10-28 14:17:08 1557808 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2016-10-28 14:17:08 1472536 ----a-w- C:\WINDOWS\System32\mfplat.dll
2016-10-28 14:17:07 1990648 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-10-28 14:17:05 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-10-28 14:17:04 244816 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-10-28 14:17:03 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-10-28 14:15:58 619368 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
.
==================== Find3M ====================
.
2016-11-27 00:55:52 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-11-02 12:01:41 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2016-11-02 12:01:37 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2016-11-02 11:22:59 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2016-11-02 11:22:59 1570672 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2016-11-02 11:20:37 590960 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2016-11-02 11:20:36 378720 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-11-02 11:15:35 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-11-02 11:15:33 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-11-02 11:14:00 7816544 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-11-02 11:13:51 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-11-02 11:13:51 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-11-02 11:13:47 1883784 ----a-w- C:\WINDOWS\System32\ntdll.dll
2016-11-02 11:13:43 773720 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2016-11-02 11:13:36 423776 ----a-w- C:\WINDOWS\System32\wifitask.exe
2016-11-02 11:12:57 341344 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-11-02 11:12:35 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2016-11-02 11:12:07 376672 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-11-02 11:10:44 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-11-02 11:08:52 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-11-02 11:08:43 186424 ----a-w- C:\WINDOWS\SysWow64\weretw.dll
2016-11-02 11:08:01 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-11-02 11:08:00 602464 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-11-02 11:05:53 6657176 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-11-02 11:05:40 951904 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-11-02 11:05:29 405856 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-11-02 11:05:13 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-11-02 11:04:46 596832 ----a-w- C:\WINDOWS\SysWow64\comctl32.dll
2016-11-02 11:04:36 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-11-02 11:04:08 2678056 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-11-02 11:02:55 682816 ----a-w- C:\WINDOWS\System32\wer.dll
2016-11-02 11:02:53 238056 ----a-w- C:\WINDOWS\System32\weretw.dll
2016-11-02 11:02:31 848736 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-11-02 11:02:31 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-11-02 11:01:37 1425000 ----a-w- C:\WINDOWS\SysWow64\d3d9.dll
2016-11-02 11:01:31 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2016-11-02 11:01:30 1415744 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-11-02 11:01:28 545936 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-11-02 11:01:20 1263856 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2016-11-02 11:01:00 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-11-02 11:00:30 8156080 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-11-02 11:00:17 534096 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2016-11-02 11:00:17 1061968 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-11-02 11:00:06 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-11-02 10:59:45 4673304 ----a-w- C:\WINDOWS\explorer.exe
2016-11-02 10:56:52 1609920 ----a-w- C:\WINDOWS\System32\d3d9.dll
2016-11-02 10:56:50 322912 ----a-w- C:\WINDOWS\System32\input.dll
2016-11-02 10:56:42 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-11-02 10:56:39 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-11-02 10:56:38 1418312 ----a-w- C:\WINDOWS\System32\msctf.dll
2016-11-02 10:55:52 48992 ----a-w- C:\WINDOWS\System32\drivers\iorate.sys
2016-11-02 10:50:35 34304 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2016-11-02 10:49:47 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2016-11-02 10:49:42 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-11-02 10:49:20 32768 ----a-w- C:\WINDOWS\apppatch\AcWinRT.dll
2016-11-02 10:48:56 32768 ----a-w- C:\WINDOWS\SysWow64\efsext.dll
2016-11-02 10:48:24 88064 ----a-w- C:\WINDOWS\apppatch\AcXtrnal.dll
2016-11-02 10:48:00 95232 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2016-11-02 10:47:36 156672 ----a-w- C:\WINDOWS\SysWow64\BcastDVRHelper.dll
2016-11-02 10:47:26 47104 ----a-w- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
2016-11-02 10:47:04 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2016-11-02 10:46:26 140288 ----a-w- C:\WINDOWS\SysWow64\AppCapture.dll
2016-11-02 10:45:49 253952 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
2016-11-02 10:45:37 331776 ----a-w- C:\WINDOWS\apppatch\AcLayers.dll
2016-11-02 10:45:17 492032 ----a-w- C:\WINDOWS\SysWow64\bcastdvr.exe
2016-11-02 10:45:09 182784 ----a-w- C:\WINDOWS\SysWow64\mfsensorgroup.dll
2016-11-02 10:44:50 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-11-02 10:44:45 180224 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2016-11-02 10:44:34 89088 ----a-w- C:\WINDOWS\SysWow64\AuthExt.dll
2016-11-02 10:43:53 557568 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2016-11-02 10:43:43 198144 ----a-w- C:\WINDOWS\SysWow64\FSClient.dll
2016-11-02 10:43:29 731136 ----a-w- C:\WINDOWS\SysWow64\d3d8.dll
2016-11-02 10:42:55 549376 ----a-w- C:\WINDOWS\SysWow64\ActionCenterCPL.dll
2016-11-02 10:42:48 223232 ----a-w- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
2016-11-02 10:42:44 306176 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2016-11-02 10:42:35 202752 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-02 10:42:32 866816 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
2016-11-02 10:42:22 506880 ----a-w- C:\WINDOWS\SysWow64\DevicePairing.dll
2016-11-02 10:42:19 632832 ----a-w- C:\WINDOWS\SysWow64\sud.dll
2016-11-02 10:41:26 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-11-02 10:40:36 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2016-11-02 10:40:34 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-11-02 10:40:21 548352 ----a-w- C:\WINDOWS\SysWow64\ddraw.dll
2016-11-02 10:39:53 236544 ----a-w- C:\WINDOWS\SysWow64\UIAnimation.dll
2016-11-02 10:39:24 348672 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2016-11-02 10:39:06 465920 ----a-w- C:\WINDOWS\SysWow64\LockAppBroker.dll
2016-11-02 10:38:52 760832 ----a-w- C:\WINDOWS\SysWow64\appwiz.cpl
2016-11-02 10:38:35 22563840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-11-02 10:37:46 19415040 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-11-02 10:37:08 299008 ----a-w- C:\WINDOWS\System32\rdpinit.exe
2016-11-02 10:36:53 415744 ----a-w- C:\WINDOWS\System32\rdpshell.exe
2016-11-02 10:36:34 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-11-02 10:36:05 63488 ----a-w- C:\WINDOWS\SysWow64\ErrorDetailsUpdate.dll
2016-11-02 10:35:13 336896 ----a-w- C:\WINDOWS\SysWow64\msinfo32.exe
2016-11-02 10:34:44 327168 ----a-w- C:\WINDOWS\System32\microsoft-windows-system-events.dll
2016-11-02 10:34:23 43008 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2016-11-02 10:34:11 15360 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcXtrnal.dll
2016-11-02 10:33:56 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-11-02 10:33:48 3307520 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-11-02 10:33:42 32768 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcWinRT.dll
.
============= FINISH: 2:47:21.16 ===============
Attached Files
File Type: txt attach.txt (17.3 KB, 10 views)
fastrack23 is offline  
Sponsored Links
Advertisement
 
Old 11-27-2016, 03:34 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,112
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please post the latest AdwCleaner log. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt

------------------------------------------------------

Check for additional security risks:
  • Please download CKScannerę by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-27-2016, 04:34 PM   #3
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



Thank you for your response. I have carried out the instructions that you gave and provided everything below:

# AdwCleaner v6.030 - Logfile created 25/11/2016 at 03:42:44
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-25.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : theun - DAVID-OFFICE
# Running from : C:\Users\theun\Downloads\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: vToolbarUpdater40.3.6
[-] Service deleted: WtuSystemSupport


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Connection
[-] Folder deleted: C:\Program Files (x86)\Web Connection
[-] Folder deleted: C:\Users\David\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Users\David\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\Users\David\AppData\Roaming\digitalsite
[-] Folder deleted: C:\Users\David\AppData\Roaming\DriverCure
[-] Folder deleted: C:\Users\David\AppData\Roaming\myturbopc.com
[-] Folder deleted: C:\Users\theun\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Enigma Software Group
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\myturbopc.com
[-] Folder deleted: C:\ProgramData\Partner
[-] Folder deleted: C:\ProgramData\QuickSet
[-] Folder deleted: C:\ProgramData\avg web tuneup
[-] Folder deleted: C:\ProgramData\FFinder LTD
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\myturbopc.com
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Partner
[#] Folder deleted on reboot: C:\ProgramData\Application Data\QuickSet
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\FFinder LTD
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search


***** [ Files ] *****

[-] File deleted: C:\Users\David\daemonprocess.txt
[-] File deleted: C:\WINDOWS\SysNative\roboot64.exe
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[-] File deleted: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ym04920j.default\extensions\Avg@toolbar.xpi
[-] File deleted: C:\Users\theun\AppData\Roaming\Mozilla\Firefox\Profiles\bq9mqx2j.default\extensions\Avg@toolbar.xpi
[-] File deleted: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ym04920j.default\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Users\theun\AppData\Roaming\Mozilla\Firefox\Profiles\bq9mqx2j.default\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[-] File deleted: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EE Prosumer Web Connection_is1
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EE Prosumer Web Connection_is1_is1
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Registry Helper Service
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Registry Helper Service
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\MyTurboPC.com
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Key deleted: HKLM\SOFTWARE\FFinder LTD
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Data restored: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Value deleted: HKLM\SOFTWARE\Classes\.torrent [iLivid.torrent_backup]


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "avg.wtu.ext.extParams" - "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{96e4754f-25fe-42cc-b316-e0e369cf8ee0}\",\"mid\":\"a2238b9f0c5c47d3a6c9a56eac835722-8e2ebd9cff0de0ef50db0825f0588c5f03e0efb6\",\"ds\":\"AVG\",\"v\":\"4.3.5.160\",\"lang\":\"en\",\"pr\":\"fr\",\"d\":\"2016-04-29%2014%3A44%3A01\",\"ud\":\"2016-07-22%2003%3A29%3A32\",\"cmpid\":\"0816tb\",\"domain\":\"mysearch.avg.com\",\"protocol\":\"hxxps\",\"FileUpdateDate\":\"\",\"form\":\"AVGSDF\",\"pc\":\"AVG2\"},\"cmpIds\":{\"hp\":\"0816tb\",\"nt\":\"0816tb\",\"dsp\":\"0516av\"},\"install\":{\"RevertUrlHp\":\"outlook.com\",\"RevertUrlSp\":\"Google\",\"RevertUrlNt\":\"about:newtab\",\"hp\":1,\"sp\":1,\"nt\":1},\"manifest\":{\"domain_display_name\":\"AVG Secure Search\"}}}"
[-] Chrome preferences cleaned: "browser.search.defaultenginename" - "AVG Secure Search"
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask search
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aaaaaiabcopkplhgaedhbloeejhhankf


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11382 Bytes] - [25/11/2016 03:42:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [10711 Bytes] - [25/11/2016 03:35:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11530 Bytes] ##########

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.OILBT0
----- EOF -----

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by theun (administrator) on DAVID-OFFICE (27-11-2016 23:08:47)
Running from C:\Users\theun\Downloads
Loaded Profiles: theun (Available Profiles: David & theun & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LITEON) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\skdh8821.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\theun\Downloads\CKScanner (1).exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-11] (Realtek Semiconductor)
HKLM\...\Run: [Skd8821] => C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe [384512 2011-03-23] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [EE Prosumer ModemListener] => C:\Program Files (x86)\Web Connection\Y854\BackgroundService\ModemListener.exe start
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0E13DCB2-D079-49C7-AD08-DB4B89350786}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{12c77793-624f-40c6-98fb-26cdf5780080}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3ed23349-6bc2-4068-805c-2c152fc1ab09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{94eafdf7-98ab-42b6-84cc-2dbd2e4bf9cd}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\theun\AppData\Roaming\Mozilla\Firefox\Profiles\rr1ognzc.default-1480128198913 [2016-11-27]
FF Homepage: Mozilla\Firefox\Profiles\rr1ognzc.default-1480128198913 -> outlook.com/
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2013-03-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-05-19] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://outlook.com/
CHR Profile: C:\Users\theun\AppData\Local\Google\Chrome\User Data\Default [2016-11-26]
CHR Profile: C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-27]
CHR Extension: (Google Slides) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-26]
CHR Extension: (Google Docs) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-26]
CHR Extension: (Google Drive) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-26]
CHR Extension: (Rapport) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-11-26]
CHR Extension: (YouTube) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26]
CHR Extension: (Google Sheets) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-26]
CHR Extension: (AVG SafePrice) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2016-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-26]
CHR Extension: (Gmail) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-26]
CHR HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2009-03-25] (Nero AG)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 Sks8821; C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [137216 2010-05-04] () [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
S2 EE Prosumer Modem Device Helper; C:\Program Files (x86)\Web Connection\Y854\BackgroundService\ServiceManager.exe -start [X]

===================== Drivers (Whitelisted) ======================
fastrack23 is offline  
Old 11-27-2016, 04:36 PM   #4
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-11-25] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2015-04-30] (Riverbed Technology, Inc.)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-10-06] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [235184 2016-10-06] (IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [489712 2016-10-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [547888 2016-10-06] (IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 Tvti2c; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-11-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-11-26] (Zemana Ltd.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 23:08 - 2016-11-27 23:12 - 00024867 _____ C:\Users\theun\Downloads\FRST.txt
2016-11-27 23:08 - 2016-11-27 23:08 - 00000000 ____D C:\FRST
2016-11-27 23:07 - 2016-11-27 23:07 - 02411520 _____ (Farbar) C:\Users\theun\Downloads\FRST64.exe
2016-11-27 23:04 - 2016-11-27 23:05 - 00000127 _____ C:\Users\theun\Downloads\ckfiles.txt
2016-11-27 23:03 - 2016-11-27 23:03 - 00468480 _____ () C:\Users\theun\Downloads\CKScanner (1).exe
2016-11-27 23:00 - 2016-11-27 23:00 - 00468480 _____ () C:\Users\theun\Downloads\CKScanner.exe
2016-11-27 14:44 - 2016-11-27 14:44 - 00000000 ___HD C:\OneDriveTemp
2016-11-27 02:47 - 2016-11-27 02:47 - 00030469 _____ C:\Users\theun\Desktop\dds.txt
2016-11-27 02:47 - 2016-11-27 02:47 - 00017697 _____ C:\Users\theun\Desktop\attach.txt
2016-11-27 02:44 - 2016-11-27 02:44 - 00688992 ____R (Swearware) C:\Users\theun\Downloads\dds.scr
2016-11-26 15:54 - 2016-11-26 15:54 - 00000068 _____ C:\Users\theun\Downloads\355444714.txt
2016-11-26 04:09 - 2016-11-26 04:09 - 01631928 _____ (Malwarebytes) C:\Users\theun\Downloads\JRT.exe
2016-11-26 03:42 - 2016-11-27 04:14 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87E28CFE-3B83-4B29-8575-2D9B7B3D69ED}
2016-11-26 03:34 - 2016-11-27 23:09 - 00726083 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-11-26 03:34 - 2016-11-27 23:09 - 00721369 _____ C:\WINDOWS\ZAM.krnl.trace
2016-11-26 03:34 - 2016-11-26 03:34 - 05188032 _____ (Zemana Ltd.) C:\Users\theun\Downloads\Zemana.AntiMalware.Portable.exe
2016-11-26 03:34 - 2016-11-26 03:34 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-11-26 03:34 - 2016-11-26 03:34 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-11-26 03:34 - 2016-11-26 03:34 - 00000000 ____D C:\Users\theun\AppData\Local\Zemana
2016-11-26 02:43 - 2016-11-26 02:43 - 00000000 ____D C:\Users\theun\Desktop\Old Firefox Data
2016-11-26 01:06 - 2016-11-26 01:04 - 00453485 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161126-010627.backup
2016-11-26 01:04 - 2016-11-06 23:33 - 00453485 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161126-010404.backup
2016-11-26 00:42 - 2016-11-26 00:42 - 03910208 _____ C:\Users\theun\Downloads\adwcleaner_6.030(1).exe
2016-11-25 23:53 - 2016-11-25 23:53 - 00000000 ____D C:\Users\theun\AppData\Roaming\TeamViewer
2016-11-25 14:22 - 2016-11-25 14:22 - 11581544 _____ (SurfRight B.V.) C:\Users\theun\Downloads\hitmanpro_x64(1).exe
2016-11-25 04:12 - 2016-11-25 04:12 - 00001106 _____ C:\WINDOWS\system32\.crusader
2016-11-25 03:55 - 2016-11-25 03:55 - 11581544 _____ (SurfRight B.V.) C:\Users\theun\Downloads\hitmanpro_x64(2).exe
2016-11-25 03:35 - 2016-11-25 04:15 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-11-25 03:35 - 2016-11-25 04:14 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-25 03:34 - 2016-11-25 03:34 - 11581544 _____ (SurfRight B.V.) C:\Users\theun\Downloads\hitmanpro_x64.exe
2016-11-25 03:31 - 2016-11-26 00:59 - 00000000 ____D C:\AdwCleaner
2016-11-25 03:30 - 2016-11-25 03:30 - 03910208 _____ C:\Users\theun\Downloads\adwcleaner_6.030.exe
2016-11-25 03:29 - 2016-11-25 03:29 - 04790784 _____ C:\Users\theun\Downloads\adwarecleanerdemo.msi
2016-11-25 03:02 - 2016-11-25 03:02 - 00026112 _____ C:\Users\theun\Documents\EE1.xls
2016-11-25 02:53 - 2016-11-25 02:54 - 02217080 _____ (Lepide Software Pvt. Ltd. ) C:\Users\theun\Downloads\repaircorruptexcel.exe
2016-11-24 21:50 - 2016-11-24 21:53 - 14516065 _____ C:\Users\theun\Downloads\Greenstar 24-28 i Junior Combi Installation and Servicing Instructions.pdf
2016-11-23 23:41 - 2016-11-24 00:01 - 00000000 ____D C:\Users\theun\AppData\Local\LogMeIn Rescue Applet
2016-11-23 23:41 - 2016-11-23 23:41 - 01874472 _____ (LogMeIn, Inc.) C:\Users\theun\Downloads\Support-LogMeInRescue (5).exe
2016-11-23 23:41 - 2016-11-23 23:41 - 01874472 _____ (LogMeIn, Inc.) C:\Users\theun\Downloads\Support-LogMeInRescue (4).exe
2016-11-21 20:12 - 2016-11-21 20:12 - 00000119 _____ C:\Users\theun\Downloads\223967152.txt
2016-11-19 15:16 - 2016-11-27 21:38 - 00000000 ____D C:\Users\theun\AppData\LocalLow\Mozilla
2016-11-18 14:30 - 2016-11-25 03:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-18 04:47 - 2016-11-18 04:47 - 00000000 ____D C:\Users\theun\AppData\Roaming\WinRAR
2016-11-18 04:46 - 2016-11-18 04:47 - 09631460 _____ C:\Users\theun\Downloads\WhatsApp Chat - Ultraunlock.com.zip
2016-11-16 23:31 - 2016-11-16 23:31 - 00006621 _____ C:\Users\theun\Downloads\00015aBYM57BX73V (1).html
2016-11-16 23:30 - 2016-11-16 23:30 - 00001980 _____ C:\Users\theun\Downloads\00015aBYM57BX6YU (1).html
2016-11-16 23:22 - 2016-11-16 23:22 - 00006621 _____ C:\Users\theun\Downloads\00015aBYM57BX73V.html
2016-11-16 22:41 - 2016-11-16 22:41 - 00001980 _____ C:\Users\theun\Downloads\00015aBYM57BX6YU.html
2016-11-16 19:19 - 2016-11-16 19:20 - 01874472 _____ (LogMeIn, Inc.) C:\Users\theun\Downloads\Support-LogMeInRescue (3).exe
2016-11-15 22:17 - 2016-11-15 22:17 - 01874472 _____ (LogMeIn, Inc.) C:\Users\theun\Downloads\Support-LogMeInRescue (2).exe
2016-11-15 17:22 - 2016-11-15 17:22 - 01874472 _____ (LogMeIn, Inc.) C:\Users\theun\Downloads\Support-LogMeInRescue (1).exe
2016-11-10 23:38 - 2016-11-10 23:39 - 00016935 _____ C:\Users\theun\Downloads\00015aBYM57BDXND.html
2016-11-10 16:11 - 2016-11-10 16:11 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-10 16:11 - 2016-11-10 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-10 16:10 - 2016-11-10 16:10 - 00000000 ____D C:\Program Files\iPod
2016-11-10 16:09 - 2016-11-10 16:11 - 00000000 ____D C:\Program Files\iTunes
2016-11-09 01:28 - 2016-11-27 02:43 - 00014017 _____ C:\Users\theun\Documents\EE.xlsx
2016-11-08 21:46 - 2016-11-02 11:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-08 21:46 - 2016-11-02 11:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-08 21:46 - 2016-11-02 11:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-08 21:46 - 2016-11-02 11:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-08 21:46 - 2016-11-02 10:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-08 21:46 - 2016-11-02 10:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-08 21:46 - 2016-11-02 10:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-08 21:46 - 2016-11-02 10:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-08 21:46 - 2016-11-02 10:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-08 21:46 - 2016-11-02 10:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-08 21:46 - 2016-11-02 10:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-08 21:46 - 2016-11-02 10:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-08 21:46 - 2016-11-02 10:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-08 21:46 - 2016-11-02 10:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-08 21:46 - 2016-11-02 10:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-08 21:46 - 2016-11-02 10:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-08 21:45 - 2016-11-02 11:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-08 21:45 - 2016-11-02 11:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-08 21:45 - 2016-11-02 11:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-08 21:45 - 2016-11-02 11:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-08 21:45 - 2016-11-02 11:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-08 21:45 - 2016-11-02 11:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-08 21:45 - 2016-11-02 11:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-08 21:45 - 2016-11-02 11:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-08 21:45 - 2016-11-02 10:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-08 21:45 - 2016-11-02 10:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-08 21:45 - 2016-11-02 10:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-08 21:45 - 2016-11-02 10:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-08 21:45 - 2016-11-02 10:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-08 21:45 - 2016-11-02 10:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-08 21:45 - 2016-11-02 10:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-08 21:45 - 2016-11-02 10:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-08 21:45 - 2016-11-02 10:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-08 21:45 - 2016-11-02 10:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-08 21:45 - 2016-11-02 10:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-08 21:45 - 2016-11-02 10:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-08 21:45 - 2016-11-02 10:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-08 21:45 - 2016-11-02 10:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-08 21:45 - 2016-11-02 10:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-08 21:45 - 2016-11-02 10:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-08 21:45 - 2016-11-02 10:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-08 21:45 - 2016-11-02 10:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-08 21:45 - 2016-11-02 10:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-08 21:45 - 2016-11-02 10:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-08 21:45 - 2016-11-02 10:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-08 21:45 - 2016-11-02 10:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-08 21:45 - 2016-11-02 10:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-08 21:45 - 2016-11-02 10:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-08 21:45 - 2016-11-02 10:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-08 21:45 - 2016-11-02 10:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-08 21:45 - 2016-11-02 10:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-08 21:45 - 2016-11-02 10:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-08 21:45 - 2016-11-02 10:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-08 21:45 - 2016-11-02 10:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-08 21:45 - 2016-11-02 10:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-08 21:45 - 2016-11-02 10:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-08 21:45 - 2016-11-02 10:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-08 21:45 - 2016-11-02 10:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-08 21:45 - 2016-11-02 10:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-08 21:45 - 2016-11-02 10:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-08 21:45 - 2016-11-02 10:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-08 21:45 - 2016-11-02 10:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-08 21:45 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-08 21:44 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-08 21:44 - 2016-11-02 12:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-08 21:44 - 2016-11-02 11:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-08 21:44 - 2016-11-02 11:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-08 21:44 - 2016-11-02 11:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-08 21:44 - 2016-11-02 11:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-08 21:44 - 2016-11-02 11:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-08 21:44 - 2016-11-02 11:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-08 21:44 - 2016-11-02 11:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-08 21:44 - 2016-11-02 11:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-08 21:44 - 2016-11-02 11:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-08 21:44 - 2016-11-02 10:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-08 21:44 - 2016-11-02 10:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-08 21:44 - 2016-11-02 10:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-08 21:44 - 2016-11-02 10:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-08 21:44 - 2016-11-02 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-08 21:44 - 2016-11-02 10:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-08 21:44 - 2016-11-02 10:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-08 21:44 - 2016-11-02 10:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 21:44 - 2016-11-02 10:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-08 21:44 - 2016-11-02 10:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-08 21:44 - 2016-11-02 10:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-08 21:44 - 2016-11-02 10:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 21:44 - 2016-11-02 10:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-08 21:44 - 2016-11-02 10:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-08 21:44 - 2016-11-02 10:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-08 21:44 - 2016-11-02 10:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-08 21:44 - 2016-11-02 10:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-08 21:44 - 2016-11-02 10:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-08 21:44 - 2016-11-02 10:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-08 21:44 - 2016-11-02 10:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-08 21:44 - 2016-11-02 10:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-08 21:44 - 2016-11-02 10:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-08 21:44 - 2016-11-02 10:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-08 21:44 - 2016-11-02 10:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-08 21:44 - 2016-11-02 10:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-08 21:44 - 2016-11-02 10:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-08 21:44 - 2016-11-02 10:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-08 21:44 - 2016-11-02 10:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-08 21:44 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-08 21:44 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-08 21:33 - 2016-11-02 10:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-08 21:32 - 2016-11-02 11:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-08 21:32 - 2016-11-02 11:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-08 21:32 - 2016-11-02 10:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-08 21:32 - 2016-11-02 10:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-08 21:32 - 2016-11-02 10:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-08 21:32 - 2016-11-02 10:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 21:32 - 2016-11-02 10:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-08 21:32 - 2016-11-02 10:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 21:32 - 2016-11-02 10:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-08 21:32 - 2016-11-02 10:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-08 21:32 - 2016-11-02 10:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-08 21:32 - 2016-11-02 10:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-08 21:32 - 2016-11-02 10:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 21:32 - 2016-11-02 10:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-08 21:32 - 2016-11-02 10:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-08 21:32 - 2016-11-02 10:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 21:32 - 2016-11-02 10:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 21:32 - 2016-11-02 10:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-08 21:32 - 2016-11-02 10:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 21:32 - 2016-11-02 10:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 21:32 - 2016-11-02 10:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-08 21:32 - 2016-11-02 10:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-08 21:32 - 2016-11-02 10:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-08 21:32 - 2016-11-02 10:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-08 21:32 - 2016-11-02 10:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 21:32 - 2016-11-02 10:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-08 21:32 - 2016-11-02 10:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 21:32 - 2016-11-02 10:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 21:32 - 2016-11-02 08:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-08 21:31 - 2016-11-02 11:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 21:31 - 2016-11-02 11:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-08 21:31 - 2016-11-02 11:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-08 21:31 - 2016-11-02 11:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-08 21:31 - 2016-11-02 11:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-08 21:31 - 2016-11-02 11:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-08 21:31 - 2016-11-02 11:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-08 21:31 - 2016-11-02 11:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-08 21:31 - 2016-11-02 11:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-08 21:31 - 2016-11-02 10:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-08 21:31 - 2016-11-02 10:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-08 21:31 - 2016-11-02 10:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-08 21:31 - 2016-11-02 10:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-08 21:31 - 2016-11-02 10:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 21:31 - 2016-11-02 10:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-08 21:31 - 2016-11-02 10:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-08 21:31 - 2016-11-02 10:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-08 21:31 - 2016-11-02 10:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-08 21:31 - 2016-11-02 10:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 21:31 - 2016-11-02 10:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-08 21:31 - 2016-11-02 10:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 21:31 - 2016-11-02 10:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-08 21:31 - 2016-11-02 10:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-08 21:31 - 2016-11-02 10:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-08 21:31 - 2016-11-02 10:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 21:31 - 2016-11-02 10:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 21:31 - 2016-11-02 10:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-08 21:31 - 2016-11-02 10:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-08 21:31 - 2016-11-02 10:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-08 21:31 - 2016-11-02 10:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-08 21:31 - 2016-11-02 10:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-08 21:31 - 2016-11-02 10:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-08 21:31 - 2016-11-02 10:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-08 21:31 - 2016-11-02 10:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-08 21:31 - 2016-11-02 10:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-08 21:31 - 2016-11-02 10:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-08 21:31 - 2016-11-02 10:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 21:31 - 2016-11-02 10:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 21:31 - 2016-11-02 10:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-08 21:31 - 2016-11-02 10:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-08 21:31 - 2016-11-02 10:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-08 21:31 - 2016-11-02 10:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-08 21:30 - 2016-11-02 11:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-08 21:30 - 2016-11-02 11:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-08 21:30 - 2016-11-02 11:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-08 21:30 - 2016-11-02 10:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-08 21:30 - 2016-11-02 10:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-08 21:30 - 2016-11-02 10:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-08 21:30 - 2016-11-02 10:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-08 21:30 - 2016-11-02 10:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-08 21:30 - 2016-11-02 10:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-08 21:30 - 2016-11-02 10:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-08 21:30 - 2016-11-02 10:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-08 21:30 - 2016-11-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 21:30 - 2016-11-02 10:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-08 21:30 - 2016-11-02 10:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-08 21:30 - 2016-11-02 10:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-08 21:30 - 2016-11-02 10:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 21:30 - 2016-11-02 10:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-08 21:30 - 2016-11-02 10:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-08 21:30 - 2016-11-02 10:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-08 21:30 - 2016-11-02 10:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-08 21:30 - 2016-11-02 10:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-08 21:30 - 2016-11-02 10:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 21:30 - 2016-11-02 10:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-08 21:30 - 2016-11-02 10:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 21:29 - 2016-11-02 11:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-08 21:29 - 2016-11-02 11:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-08 21:29 - 2016-11-02 11:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-08 21:29 - 2016-11-02 11:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-08 21:29 - 2016-11-02 11:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-08 21:29 - 2016-11-02 11:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-08 21:29 - 2016-11-02 11:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-08 21:29 - 2016-11-02 11:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-08 21:29 - 2016-11-02 11:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-08 21:29 - 2016-11-02 11:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-08 21:29 - 2016-11-02 10:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-08 21:29 - 2016-11-02 10:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-08 21:29 - 2016-11-02 10:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-08 21:29 - 2016-11-02 10:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 21:29 - 2016-11-02 10:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-08 21:29 - 2016-11-02 10:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-08 21:29 - 2016-11-02 10:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-08 21:29 - 2016-11-02 10:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-08 21:29 - 2016-11-02 10:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-08 21:29 - 2016-11-02 10:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 21:29 - 2016-11-02 10:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-08 21:29 - 2016-11-02 10:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-08 21:29 - 2016-11-02 10:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-08 21:29 - 2016-11-02 10:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-08 21:29 - 2016-11-02 10:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 21:29 - 2016-11-02 10:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-08 21:29 - 2016-11-02 10:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-08 21:29 - 2016-11-02 10:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-08 21:29 - 2016-11-02 10:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-08 21:29 - 2016-11-02 10:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-08 21:29 - 2016-11-02 10:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 21:29 - 2016-11-02 10:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-08 21:29 - 2016-11-02 10:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-08 21:29 - 2016-11-02 10:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-08 21:29 - 2016-11-02 10:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-08 21:29 - 2016-11-02 10:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 21:29 - 2016-11-02 10:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-08 21:29 - 2016-11-02 10:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-08 21:29 - 2016-11-02 10:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 21:29 - 2016-11-02 10:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-08 21:29 - 2016-11-02 10:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-08 21:28 - 2016-11-02 11:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-08 21:28 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-08 21:28 - 2016-11-02 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-08 21:28 - 2016-11-02 10:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-08 21:28 - 2016-11-02 10:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-08 21:28 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 21:28 - 2016-11-02 10:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-08 21:28 - 2016-11-02 10:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-08 21:28 - 2016-11-02 10:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-08 21:28 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-08 21:28 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-08 21:28 - 2016-11-02 10:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 21:28 - 2016-11-02 10:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-08 21:28 - 2016-11-02 10:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-08 21:28 - 2016-11-02 10:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-08 21:28 - 2016-11-02 10:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-08 21:27 - 2016-11-02 11:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-06 23:33 - 2016-11-06 23:32 - 00453485 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161106-233338.backup
2016-11-06 23:32 - 2016-11-06 18:36 - 00453485 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161106-233231.backup
2016-11-06 18:36 - 2016-08-12 04:11 - 00451075 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161106-183637.backup
2016-10-31 02:59 - 2016-10-31 02:59 - 00000102 _____ C:\Users\theun\Downloads\448308400.txt
2016-10-28 14:17 - 2016-10-15 04:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-28 14:17 - 2016-10-15 04:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-28 14:17 - 2016-10-15 04:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-28 14:17 - 2016-10-15 04:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-28 14:17 - 2016-10-15 03:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-28 14:17 - 2016-10-15 03:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-28 14:17 - 2016-08-27 05:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-28 14:16 - 2016-10-15 04:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-28 14:16 - 2016-10-15 04:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-28 14:16 - 2016-10-15 04:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-28 14:16 - 2016-10-15 04:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-28 14:16 - 2016-10-15 04:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-28 14:16 - 2016-10-15 04:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-28 14:16 - 2016-10-15 04:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-28 14:16 - 2016-10-15 04:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-28 14:16 - 2016-10-15 04:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-28 14:16 - 2016-10-15 04:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-28 14:16 - 2016-10-15 04:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-28 14:16 - 2016-10-15 04:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-28 14:16 - 2016-10-15 04:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-28 14:16 - 2016-10-15 04:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-28 14:16 - 2016-10-15 04:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-28 14:16 - 2016-10-15 04:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-28 14:16 - 2016-10-15 04:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-28 14:16 - 2016-10-15 04:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-28 14:16 - 2016-10-15 04:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-28 14:16 - 2016-10-15 04:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-28 14:16 - 2016-10-15 04:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-28 14:16 - 2016-10-15 04:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-28 14:16 - 2016-10-15 04:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-28 14:16 - 2016-10-15 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-28 14:16 - 2016-10-15 04:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-28 14:16 - 2016-10-15 03:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-28 14:16 - 2016-10-15 03:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-28 14:16 - 2016-10-15 03:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-28 14:16 - 2016-10-15 03:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-28 14:16 - 2016-10-15 03:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-28 14:16 - 2016-10-15 03:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-28 14:16 - 2016-10-15 03:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-28 14:16 - 2016-10-15 03:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-28 14:16 - 2016-10-15 03:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-28 14:16 - 2016-10-15 03:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-28 14:16 - 2016-10-15 03:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-28 14:16 - 2016-10-15 03:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-28 14:16 - 2016-10-15 03:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-28 14:16 - 2016-10-15 03:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-28 14:16 - 2016-10-15 03:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-28 14:16 - 2016-10-15 03:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-28 14:16 - 2016-10-15 03:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-28 14:16 - 2016-10-15 03:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-28 14:16 - 2016-10-15 03:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-28 14:16 - 2016-10-15 03:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-28 14:16 - 2016-10-15 03:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-28 14:16 - 2016-10-15 03:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-28 14:16 - 2016-10-15 03:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-28 14:16 - 2016-10-15 03:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-28 14:16 - 2016-10-15 03:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-28 14:16 - 2016-10-15 03:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-28 14:16 - 2016-10-15 03:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-28 14:16 - 2016-10-15 03:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-28 14:16 - 2016-10-15 03:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-28 14:16 - 2016-10-15 03:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-28 14:16 - 2016-10-15 03:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-28 14:16 - 2016-10-15 03:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-28 14:16 - 2016-10-15 03:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-28 14:16 - 2016-10-15 03:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-28 14:16 - 2016-10-15 03:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-28 14:16 - 2016-10-15 03:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-28 14:16 - 2016-10-15 03:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-28 14:16 - 2016-10-15 03:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-28 14:16 - 2016-10-15 03:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-28 14:16 - 2016-10-15 03:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 14:16 - 2016-10-15 03:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-28 14:16 - 2016-10-15 03:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-28 14:16 - 2016-10-15 03:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 14:16 - 2016-10-15 03:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-28 14:16 - 2016-10-15 03:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-28 14:16 - 2016-10-15 03:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-28 14:16 - 2016-10-15 03:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-28 14:16 - 2016-10-15 03:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-28 14:16 - 2016-10-15 03:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-28 14:16 - 2016-10-15 03:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-28 14:16 - 2016-10-15 03:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 14:16 - 2016-10-15 03:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-28 14:16 - 2016-10-15 03:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-28 14:16 - 2016-10-15 03:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-28 14:16 - 2016-10-15 03:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-28 14:16 - 2016-10-15 03:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-28 14:16 - 2016-10-15 03:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-28 14:16 - 2016-10-15 03:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-28 14:16 - 2016-10-15 03:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-28 14:16 - 2016-10-15 03:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-28 14:16 - 2016-10-15 03:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-28 14:16 - 2016-10-15 03:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-28 14:16 - 2016-10-15 03:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-28 14:16 - 2016-10-15 03:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-28 14:16 - 2016-10-15 03:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-28 14:16 - 2016-10-15 03:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-28 14:16 - 2016-10-15 03:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-28 14:16 - 2016-10-15 03:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-28 14:16 - 2016-10-15 03:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-28 14:16 - 2016-10-15 03:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-28 14:16 - 2016-10-15 03:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-28 14:16 - 2016-10-15 03:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-28 14:16 - 2016-10-15 03:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-28 14:16 - 2016-10-15 03:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-28 14:16 - 2016-10-15 03:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-28 14:16 - 2016-10-15 03:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-28 14:16 - 2016-10-15 03:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-28 14:16 - 2016-10-15 03:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-28 14:16 - 2016-09-10 13:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-28 14:15 - 2016-10-15 04:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-28 14:15 - 2016-10-15 04:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-28 14:15 - 2016-10-15 04:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-28 14:15 - 2016-10-15 04:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-28 14:15 - 2016-10-15 04:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-28 14:15 - 2016-10-15 04:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-28 14:15 - 2016-10-15 04:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-28 14:15 - 2016-10-15 04:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-28 14:15 - 2016-10-15 04:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-28 14:15 - 2016-10-15 04:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-28 14:15 - 2016-10-15 04:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-28 14:15 - 2016-10-15 04:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-28 14:15 - 2016-10-15 04:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-28 14:15 - 2016-10-15 04:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-28 14:15 - 2016-10-15 04:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-28 14:15 - 2016-10-15 04:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-28 14:15 - 2016-10-15 04:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-28 14:15 - 2016-10-15 04:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-28 14:15 - 2016-10-15 04:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-28 14:15 - 2016-10-15 04:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-28 14:15 - 2016-10-15 04:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-28 14:15 - 2016-10-15 04:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-28 14:15 - 2016-10-15 04:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-28 14:15 - 2016-10-15 04:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-28 14:15 - 2016-10-15 04:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-28 14:15 - 2016-10-15 04:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-28 14:15 - 2016-10-15 04:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-28 14:15 - 2016-10-15 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-28 14:15 - 2016-10-15 03:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-28 14:15 - 2016-10-15 03:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-28 14:15 - 2016-10-15 03:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-28 14:15 - 2016-10-15 03:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-28 14:15 - 2016-10-15 03:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-28 14:15 - 2016-10-15 03:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-28 14:15 - 2016-10-15 03:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-28 14:15 - 2016-10-15 03:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-28 14:15 - 2016-10-15 03:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-28 14:15 - 2016-10-15 03:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-28 14:15 - 2016-10-15 03:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-28 14:15 - 2016-10-15 03:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-28 14:15 - 2016-10-15 03:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-28 14:15 - 2016-10-15 03:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-28 14:15 - 2016-10-15 03:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-28 14:15 - 2016-10-15 03:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-28 14:15 - 2016-10-15 03:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-28 14:15 - 2016-10-15 03:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-28 14:15 - 2016-10-15 03:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-28 14:15 - 2016-10-15 03:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-28 14:15 - 2016-10-15 03:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-28 14:15 - 2016-10-15 03:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-28 14:15 - 2016-10-15 03:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-28 14:15 - 2016-10-15 03:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-28 14:15 - 2016-10-15 03:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-28 14:15 - 2016-10-15 03:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 14:15 - 2016-10-15 03:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 14:15 - 2016-10-15 03:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-28 14:15 - 2016-10-15 03:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 14:15 - 2016-10-15 03:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-28 14:15 - 2016-10-15 03:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-28 14:15 - 2016-10-15 03:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-28 14:15 - 2016-10-15 03:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-28 14:15 - 2016-10-15 03:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-28 14:15 - 2016-10-15 03:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-28 14:15 - 2016-10-15 03:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-28 14:15 - 2016-10-15 03:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-28 14:15 - 2016-10-15 03:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-28 14:15 - 2016-10-15 03:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-28 14:15 - 2016-10-15 03:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-28 14:15 - 2016-10-15 03:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-28 14:15 - 2016-10-15 03:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-28 14:15 - 2016-10-15 03:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-28 14:15 - 2016-10-15 03:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-28 14:15 - 2016-10-15 03:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-28 14:15 - 2016-10-15 03:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-28 14:15 - 2016-10-15 03:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-28 14:15 - 2016-10-15 03:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-28 14:15 - 2016-10-15 03:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-28 14:15 - 2016-10-15 03:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-28 14:15 - 2016-08-06 04:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 22:49 - 2016-09-23 02:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-27 21:55 - 2015-02-23 16:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-27 20:38 - 2016-09-23 03:12 - 00003658 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2016-11-27 20:21 - 2016-09-08 03:40 - 00000000 ___RD C:\Users\theun\OneDrive - UNLOCKING SERVICES
2016-11-27 15:18 - 2015-12-01 19:49 - 00000000 ____D C:\ProgramData\MFAData
2016-11-27 14:44 - 2016-09-08 02:35 - 00000000 ___RD C:\Users\theun\OneDrive
2016-11-27 02:47 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-26 21:14 - 2013-09-11 00:18 - 00263399 _____ C:\Users\theun\Documents\Scan.pdf
2016-11-26 00:52 - 2016-09-23 03:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-26 00:52 - 2016-09-23 02:31 - 00388696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-26 00:51 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-25 23:53 - 2014-09-28 13:30 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-25 03:42 - 2016-09-23 02:39 - 00000000 ____D C:\Users\David
2016-11-25 02:05 - 2016-09-23 02:38 - 01120862 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-25 01:58 - 2016-09-23 02:31 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-11-25 01:58 - 2014-05-19 05:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-25 01:28 - 2015-02-23 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-25 01:28 - 2015-02-23 16:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-25 01:28 - 2013-09-10 18:00 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-24 13:01 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-23 13:34 - 2015-12-16 01:39 - 00026918 _____ C:\Users\theun\Desktop\Templates NW corrected.txt
2016-11-23 12:34 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-23 03:21 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-22 15:43 - 2016-09-08 02:30 - 00000000 ____D C:\Users\theun\AppData\Local\Packages
2016-11-21 18:59 - 2016-02-11 23:58 - 00001020 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-11-21 18:59 - 2016-02-11 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-11-21 15:39 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-21 15:36 - 2013-09-10 17:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-15 01:09 - 2013-03-08 01:23 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-12 14:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 17:50 - 2016-09-23 02:39 - 00000000 ____D C:\Users\theun
2016-11-10 16:10 - 2014-07-08 15:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-10 00:07 - 2016-04-27 06:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-09 22:58 - 2013-09-11 19:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-09 22:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 22:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 22:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 22:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 22:54 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 22:54 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 21:57 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 21:39 - 2013-09-15 14:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 21:30 - 2013-09-15 14:25 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 17:41 - 2016-09-23 03:12 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 17:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-08 17:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-06 18:31 - 2016-08-12 02:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-11-03 14:35 - 2015-11-01 20:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-29 02:18 - 2014-04-28 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-10-29 02:07 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-29 02:07 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-10-29 02:05 - 2016-07-16 11:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-28 23:56 - 2016-07-16 11:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 23:56 - 2016-07-16 11:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-09-10 18:46 - 2013-11-11 02:21 - 0003725 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-09-06 10:28 - 2013-09-06 10:28 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-18 04:21

==================== End of FRST.txt ============================
fastrack23 is offline  
Old 11-27-2016, 04:36 PM   #5
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by theun (27-11-2016 23:14:29)
Running from C:\Users\theun\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-23 03:18:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2998682740-2014816626-3770708905-500 - Administrator - Disabled)
David (S-1-5-21-2998682740-2014816626-3770708905-1000 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-2998682740-2014816626-3770708905-503 - Limited - Disabled)
Guest (S-1-5-21-2998682740-2014816626-3770708905-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2998682740-2014816626-3770708905-1002 - Limited - Enabled)
theun (S-1-5-21-2998682740-2014816626-3770708905-1004 - Administrator - Enabled) => C:\Users\theun

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (Version: 16.131.7924 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4728 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.131.7924 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Hik_DSFilters 6.1.2.2 (HKLM-x32\...\Hik_DSFilters_is1) (Version: - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel« Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
iVMS-4200(v2.03) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.3.1.3 - hikvision)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Slim USB Keyboard (HKLM\...\{494D80C4-3557-4D73-A153-65FE4B3ECDC3}) (Version: 1.10 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Nero 8 Essentials (HKLM-x32\...\{C9FFC925-E27E-436E-A2DF-652324D51033}) (Version: 8.3.630 - Nero AG)
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Rapport (x32 Version: 3.5.1609.103 - Trusteer) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.2.1 - Shark007)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Sothink Media Toolkit 1.0.0.0 (24/08/2015) (HKLM-x32\...\Sothink Media Toolkit_is1) (Version: - Zhang Qingming)
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Tixati (HKLM-x32\...\tixati) (Version: - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
View Management Utility (HKLM-x32\...\InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}) (Version: 3.0.12.0329 - Lenovo)
View Management Utility (Version: 3.0.12.0329 - Lenovo) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.1.8 - Vudu)
VUDU To Go (x32 Version: 2.1.8 - Vudu) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Intel Corporation (igfx) Display (03/19/2012 8.15.10.2696) (HKLM\...\6AF882A8E50505CE490495746E271C3F586F9110) (Version: 03/19/2012 8.15.10.2696 - Intel Corporation)
Windows Driver Package - Intel hdc (09/10/2010 9.2.0.1011) (HKLM\...\171901D8B4D5484C362A709BF264A50F065A14FB) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/03/2012 6.0.1.6543) (HKLM\...\5DE3700033F94FCFD8726BE46A6727E460254CD5) (Version: 01/03/2012 6.0.1.6543 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
x64 Components v2.8.3 (HKLM\...\x64 Components_is1) (Version: 2.8.3 - Shark007)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0182DED3-CDF1-4E78-8D2E-CD2C39E6A409} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {042E1470-DFE2-4A94-88EC-8B5F587B8045} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0E922E55-42B8-497C-B5E8-0161A478980F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1894D9E5-8D97-41C9-AE3A-A4450BE4A62C} - System32\Tasks\{C8F33CD5-7134-4B5F-A69B-4668DA7F7EE0} => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HP Photosmart 7520 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {197C299E-2ED7-4E5A-ADA8-40418BC17984} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {1CDFE396-73CB-4F23-A5B2-8184B3746E38} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24529325-983D-4F4F-A891-D1ABFB2A7EFD} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {2AD9B311-9087-4E98-BFA0-B731BB06575F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {33963B6B-1BDA-49C7-AA52-A4B46059E834} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {37E21FAC-6734-40D0-8F04-797B6CD03F40} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {40351835-9F62-4204-97D7-2E2BDA43D445} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {41995C03-E87E-41E2-AA40-76D73968DE30} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {43402FF3-3D45-4C29-B492-B4EA0A5AC012} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {48B2ECC0-8510-491A-AC58-F381C99DA919} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {496C0E59-CDC3-4FB2-8D2E-6524055B8D0C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B3E9D99-BD45-4556-90B7-58ED83416DAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {4D3DA4F8-0489-4755-8552-33B979660F17} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4DE16B16-5A32-459C-82F5-D36E80247544} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {5911CD46-883C-4647-BF0C-6E0ECDEA5E68} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {59EF4978-D3C0-44AF-B613-C3C5A837465B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D1D8972-2E7D-41BB-8556-68DE2C817520} - System32\Tasks\{415164B2-3D8A-4123-B31C-A0330A2BA2A0} => Firefox.exe
Task: {5F99B8E1-25D4-44DC-805E-60680BEBA1AE} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {60CCC176-338D-40D2-9507-68C225A0C65F} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {650C0825-2A44-4F40-BFD9-D2AA39C52523} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6684A7F2-67B9-4CFA-AC0F-84D6D723510A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {686F4804-5CE3-4E92-985D-51FE76DCDD22} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {69F57534-F141-467F-B5B8-64D7DFF35114} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7AE850A2-3E9B-4299-BAEA-94ED87D5ACA9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {7C0449CC-E397-452C-A4F0-159608E5D7EE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {7D6A868F-FA5D-43A8-8E46-1ADCE0F0DC42} - System32\Tasks\{381C7FB2-C73E-4241-B9EF-46D921850888} => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HP Photosmart 7520 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7D917828-6EED-4057-8A5C-C809DEE12CCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {87CFB5B8-8FBB-4564-A58E-4120C9C9C717} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8C06867F-FCF1-471E-8EDF-B816944D2BBF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {8D111581-5049-4913-A94F-7677CB14CAAE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {8FD9563B-62D2-48A7-882B-B3E50DFCB822} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {936354C3-613B-489E-B528-D786D2411DDD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {984523D6-101C-44E0-B7BE-EB05D00C7F58} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9C66B779-CAE1-45F7-B53D-7552FE4640B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9F4311A5-43AE-40B1-92CE-5F28D39E31E2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A0EF666F-BC62-4A83-82F6-1BE99B61D925} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {A9ECC8D6-C436-4A13-8E4C-9487A402B2E8} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B069E960-F5AA-4480-BFCB-FA8AF406428B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B29A2FFC-8F37-4207-B91D-F937AFDD5660} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CAEEC9BD-7D86-4EBD-BBE5-03CB514E98F0} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {D01F21F7-9CD5-4C5C-8EC4-1BA7F863C5A8} - \Lenovo\SimpleTap\Start SimpleTap for David-Office.David -> No File <==== ATTENTION
Task: {D4B17D0B-2401-4BAF-8743-FACB66B97C75} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D5B6F143-0D8A-4157-816A-CC6183F717BB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-02] (Microsoft Corporation)
Task: {D6EE6342-00A5-485F-AB44-E2DBAA71BE02} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {D844C09E-41A0-4BCD-881E-23C12C4F962F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {D9F20632-02D3-4515-BA56-26CF74652C5C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE6A3AF9-05C3-46BF-8646-7CFADBE22539} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E97DF978-9666-4F56-8E36-DB692C55953D} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {F16BDF1C-2D00-44B2-B4AC-C2DFC64E24F0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F8B7ACF2-A925-4892-AB52-0EEF1A3AED4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB25104C-BF11-4B6A-A7E3-761142401FCD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\theun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-04 18:47 - 2010-05-04 18:47 - 00137216 _____ () C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
2015-12-01 18:27 - 2013-05-15 15:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 15:52 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-30 15:52 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-30 15:52 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 11:05 - 2016-09-23 11:05 - 01864384 _____ () C:\Users\theun\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-08 02:56 - 2016-10-30 16:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-23 11:22 - 2016-09-23 11:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 21:32 - 2016-11-02 10:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 21:29 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 21:29 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 21:29 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 21:29 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 21:29 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 21:29 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-17 15:18 - 2016-11-17 15:21 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 15:18 - 2016-11-17 15:21 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 15:18 - 2016-11-17 15:21 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-11-17 15:06 - 2016-11-17 15:06 - 03766272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-11-27 23:03 - 2016-11-27 23:03 - 00468480 _____ () C:\Users\theun\Downloads\CKScanner (1).exe
2016-08-12 02:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-12 02:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-12 02:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-12 02:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-03-08 01:10 - 2011-12-16 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-09-08 02:56 - 2016-10-30 14:18 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-09-23 11:04 - 2016-09-23 11:05 - 01383616 _____ () C:\Users\theun\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-23 11:05 - 2016-09-23 11:05 - 00118976 _____ () C:\Users\theun\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-02-11 23:54 - 2016-04-07 14:33 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-11-15 01:09 - 2016-11-08 20:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 01:09 - 2016-11-08 20:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\CN3143B19N05VV:NW [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> 2005 Web Search Tips – Search Engine Optimization Insights
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> Life Through Words - Living Life to the Fullest
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> 123 Haustiere Und Mehr
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123Movies Stream Movies Online - Watch Free Movies
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> WebMD - Better information. Better health.

There are 7916 more sites.

IE trusted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\sharepoint.com -> hxxps://unlockingservices-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\1-2005-search.com -> 2005 Web Search Tips – Search Engine Optimization Insights
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\1000gratisproben.com -> 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\1001namen.com -> Life Through Words - Living Life to the Fullest
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\100sexlinks.com -> 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\123haustiereundmehr.com -> 123 Haustiere Und Mehr
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\123moviedownload.com -> 123Movies Stream Movies Online - Watch Free Movies
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\123simsen.com -> WebMD - Better information. Better health.

There are 7916 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2016-11-26 01:06 - 00453485 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
127.0.0.1 1001namen.com
127.0.0.1 Life Through Words - Living Life to the Fullest
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 2005 Web Search Tips – Search Engine Optimization Insights
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123 Haustiere Und Mehr
127.0.0.1 123moviedownload.com
127.0.0.1 123Movies Stream Movies Online - Watch Free Movies

There are 15559 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\Windows\pss\ZooskMessenger.lnk.Startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B66A2FAC-9284-49BD-86D8-9241CD7ACB01}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AE217036-F028-44EF-BCFA-52EE263A3CFE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{791D6DDD-88D7-42FF-BB19-DCB7BD1B9267}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3BA1025F-7E4D-49EC-A35D-160CFEA62469}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0D66280A-5DDB-4B01-BB9E-B4BB781BF73B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{04B8DDCE-CDFA-4307-BCD4-E74446612488}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BC68E56A-374A-46DB-93CE-69C200398FD1}] => (Allow) LPort=2869
FirewallRules: [{BB571E1E-DE73-41EC-A55A-B5607DCB4B2C}] => (Allow) LPort=1900
FirewallRules: [{8C5D4ED5-DD06-4F75-9209-00342D7C80DB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{41D2975E-A216-4A35-A53E-A49853077D6F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{5C9A2A18-6069-44E3-B2C1-95AE1E71308B}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{A618B650-8EFD-44E3-B35B-C68FBD4E2C52}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{91E772AD-3137-4DA5-BF59-A5F04DCB25B5}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{1D999098-43E0-4EA9-921D-8E2ADCCBBDB1}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{13B0147F-8C64-4090-B953-D4A2882700DA}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{42102B93-418A-496D-B9B7-746753583F39}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{22EB5408-DAC6-4B50-B5B9-D57656A37958}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{544D3AEF-DF6F-46BF-BC44-C83274EC9157}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{789BBD70-38B3-4D13-86DE-C49468266C3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{133DD1B0-5EF3-4842-B960-EBD273BECB6F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CFDB6EF5-3C31-45F7-8687-CE953B8FBC53}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FA7C6116-213C-43DE-A25B-9BBD52551A3F}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
FirewallRules: [{B11E9322-FB59-4A7C-8E70-39799696FACD}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
FirewallRules: [{DB583D4F-526C-44CE-9A73-2189BD8BBE3B}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
FirewallRules: [{216F36D8-C3E1-4467-BB12-CD1149C80CC3}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
FirewallRules: [{0951FEE1-5322-4B17-864B-D2D6C67D0515}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{23A80C02-988C-456F-9584-F496610B1C17}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{3B8CF8FF-239F-4CE0-BFB6-DB4386DC859D}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{8FDD6073-510D-4311-A0A8-139F550D1007}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{ECB72015-6D50-4A63-8F40-CB4D56F3CB06}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{2C855462-353D-4319-95D4-B7269D501EE9}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9B89D941-D144-412B-993A-7797937EBB13}] => (Allow) C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{EE881BE3-F761-459C-BB47-B10FC19CFCFD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D801CD5A-46E8-4047-A031-D53BF6A19131}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A46195C-552A-4491-995C-CF04386E9C6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{43F57B67-6A37-45EA-95EB-AF200DD1ABC9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5C7D2AA1-AAE3-41F7-B7BE-B30A5A3A1DD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B4ADED5-CE4D-40F9-B2FC-D5F7417C4067}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7754CBD4-7644-4FA8-B34B-1BB6EA629369}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC266A0D-9DFF-4E6E-9DAE-ABE433AF0468}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E61D3309-7A1B-4F99-A29A-4AC063516C6D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{658F3D3C-4411-47FE-946D-9FAD2454EC7D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{29CFF702-3A93-402F-80A4-86A7F3B53E78}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{1EFAAF66-BA72-47B0-81E6-BCBF706EC987}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{B3157F1C-40D9-4477-BCD4-21BC4B743E10}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{82F74EDA-B885-406E-AC48-4FB5BF44FB76}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2F71D93F-6D77-41BE-8B37-84DE6E9448A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7CD3FCC0-348F-43B5-AD12-8481713D03A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BB7282E5-39F9-4A23-9412-4AC7958BAE30}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F270E44C-7EFA-4AF3-9C6F-42F178674B64}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E3764942-4994-4C76-8B8F-9D7399093157}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{9DF4735A-3A2C-40C5-88FD-5FBEB2F56805}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

17-11-2016 01:44:34 Windows Update
20-11-2016 03:04:18 Windows Update
23-11-2016 15:24:40 Windows Update
26-11-2016 04:09:37 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2016 04:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15531

Error: (11/27/2016 04:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15531

Error: (11/27/2016 04:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/27/2016 04:26:54 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.


System errors:
=============
Error: (11/27/2016 02:43:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/27/2016 02:02:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.

Error: (11/27/2016 02:02:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Hewlett-Packard - Imaging, Other hardware - Null Print - HP Photosmart 7520 series.

Error: (11/26/2016 03:12:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2016 12:58:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.

Error: (11/26/2016 12:58:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Hewlett-Packard - Imaging, Other hardware - Null Print - HP Photosmart 7520 series.

Error: (11/26/2016 12:53:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2016 12:52:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/26/2016 12:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (11/26/2016 12:52:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPSupportSolutionsFrameworkService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2016-11-27 23:08:15.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:08:15.702
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:07:53.643
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:07:53.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:03:55.782
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:03:55.767
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:00:18.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:00:18.859
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 15:30:21.376
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 15:30:21.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470S CPU @ 2.90GHz
Percentage of memory in use: 87%
Total physical RAM: 3917.78 MB
Available physical RAM: 503.49 MB
Total Virtual: 8128.34 MB
Available Virtual: 2201.15 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:444.62 GB) (Free:245.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Removable) (Total:14.57 GB) (Free:14.57 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:19.53 GB) (Free:9.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7B4835A2)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 02D1CC61)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End of Addition.txt ============================
fastrack23 is offline  
Old 11-27-2016, 04:37 PM   #6
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by theun (27-11-2016 23:14:29)
Running from C:\Users\theun\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-23 03:18:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2998682740-2014816626-3770708905-500 - Administrator - Disabled)
David (S-1-5-21-2998682740-2014816626-3770708905-1000 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-2998682740-2014816626-3770708905-503 - Limited - Disabled)
Guest (S-1-5-21-2998682740-2014816626-3770708905-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2998682740-2014816626-3770708905-1002 - Limited - Enabled)
theun (S-1-5-21-2998682740-2014816626-3770708905-1004 - Administrator - Enabled) => C:\Users\theun

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (Version: 16.131.7924 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4728 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.131.7924 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Hik_DSFilters 6.1.2.2 (HKLM-x32\...\Hik_DSFilters_is1) (Version: - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel« Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
iVMS-4200(v2.03) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.3.1.3 - hikvision)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Slim USB Keyboard (HKLM\...\{494D80C4-3557-4D73-A153-65FE4B3ECDC3}) (Version: 1.10 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Nero 8 Essentials (HKLM-x32\...\{C9FFC925-E27E-436E-A2DF-652324D51033}) (Version: 8.3.630 - Nero AG)
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Rapport (x32 Version: 3.5.1609.103 - Trusteer) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.2.1 - Shark007)
SkypeÖ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Sothink Media Toolkit 1.0.0.0 (24/08/2015) (HKLM-x32\...\Sothink Media Toolkit_is1) (Version: - Zhang Qingming)
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Tixati (HKLM-x32\...\tixati) (Version: - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
View Management Utility (HKLM-x32\...\InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}) (Version: 3.0.12.0329 - Lenovo)
View Management Utility (Version: 3.0.12.0329 - Lenovo) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.1.8 - Vudu)
VUDU To Go (x32 Version: 2.1.8 - Vudu) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Intel Corporation (igfx) Display (03/19/2012 8.15.10.2696) (HKLM\...\6AF882A8E50505CE490495746E271C3F586F9110) (Version: 03/19/2012 8.15.10.2696 - Intel Corporation)
Windows Driver Package - Intel hdc (09/10/2010 9.2.0.1011) (HKLM\...\171901D8B4D5484C362A709BF264A50F065A14FB) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/03/2012 6.0.1.6543) (HKLM\...\5DE3700033F94FCFD8726BE46A6727E460254CD5) (Version: 01/03/2012 6.0.1.6543 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
x64 Components v2.8.3 (HKLM\...\x64 Components_is1) (Version: 2.8.3 - Shark007)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0182DED3-CDF1-4E78-8D2E-CD2C39E6A409} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {042E1470-DFE2-4A94-88EC-8B5F587B8045} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0E922E55-42B8-497C-B5E8-0161A478980F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1894D9E5-8D97-41C9-AE3A-A4450BE4A62C} - System32\Tasks\{C8F33CD5-7134-4B5F-A69B-4668DA7F7EE0} => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HP Photosmart 7520 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {197C299E-2ED7-4E5A-ADA8-40418BC17984} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {1CDFE396-73CB-4F23-A5B2-8184B3746E38} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24529325-983D-4F4F-A891-D1ABFB2A7EFD} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {2AD9B311-9087-4E98-BFA0-B731BB06575F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {33963B6B-1BDA-49C7-AA52-A4B46059E834} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {37E21FAC-6734-40D0-8F04-797B6CD03F40} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {40351835-9F62-4204-97D7-2E2BDA43D445} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {41995C03-E87E-41E2-AA40-76D73968DE30} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {43402FF3-3D45-4C29-B492-B4EA0A5AC012} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {48B2ECC0-8510-491A-AC58-F381C99DA919} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {496C0E59-CDC3-4FB2-8D2E-6524055B8D0C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B3E9D99-BD45-4556-90B7-58ED83416DAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {4D3DA4F8-0489-4755-8552-33B979660F17} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4DE16B16-5A32-459C-82F5-D36E80247544} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {5911CD46-883C-4647-BF0C-6E0ECDEA5E68} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {59EF4978-D3C0-44AF-B613-C3C5A837465B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D1D8972-2E7D-41BB-8556-68DE2C817520} - System32\Tasks\{415164B2-3D8A-4123-B31C-A0330A2BA2A0} => Firefox.exe
Task: {5F99B8E1-25D4-44DC-805E-60680BEBA1AE} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {60CCC176-338D-40D2-9507-68C225A0C65F} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {650C0825-2A44-4F40-BFD9-D2AA39C52523} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6684A7F2-67B9-4CFA-AC0F-84D6D723510A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {686F4804-5CE3-4E92-985D-51FE76DCDD22} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {69F57534-F141-467F-B5B8-64D7DFF35114} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7AE850A2-3E9B-4299-BAEA-94ED87D5ACA9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {7C0449CC-E397-452C-A4F0-159608E5D7EE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {7D6A868F-FA5D-43A8-8E46-1ADCE0F0DC42} - System32\Tasks\{381C7FB2-C73E-4241-B9EF-46D921850888} => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HP Photosmart 7520 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7D917828-6EED-4057-8A5C-C809DEE12CCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {87CFB5B8-8FBB-4564-A58E-4120C9C9C717} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8C06867F-FCF1-471E-8EDF-B816944D2BBF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {8D111581-5049-4913-A94F-7677CB14CAAE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {8FD9563B-62D2-48A7-882B-B3E50DFCB822} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {936354C3-613B-489E-B528-D786D2411DDD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {984523D6-101C-44E0-B7BE-EB05D00C7F58} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9C66B779-CAE1-45F7-B53D-7552FE4640B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9F4311A5-43AE-40B1-92CE-5F28D39E31E2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A0EF666F-BC62-4A83-82F6-1BE99B61D925} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {A9ECC8D6-C436-4A13-8E4C-9487A402B2E8} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B069E960-F5AA-4480-BFCB-FA8AF406428B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B29A2FFC-8F37-4207-B91D-F937AFDD5660} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CAEEC9BD-7D86-4EBD-BBE5-03CB514E98F0} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {D01F21F7-9CD5-4C5C-8EC4-1BA7F863C5A8} - \Lenovo\SimpleTap\Start SimpleTap for David-Office.David -> No File <==== ATTENTION
Task: {D4B17D0B-2401-4BAF-8743-FACB66B97C75} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D5B6F143-0D8A-4157-816A-CC6183F717BB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-02] (Microsoft Corporation)
Task: {D6EE6342-00A5-485F-AB44-E2DBAA71BE02} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {D844C09E-41A0-4BCD-881E-23C12C4F962F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {D9F20632-02D3-4515-BA56-26CF74652C5C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE6A3AF9-05C3-46BF-8646-7CFADBE22539} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E97DF978-9666-4F56-8E36-DB692C55953D} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {F16BDF1C-2D00-44B2-B4AC-C2DFC64E24F0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F8B7ACF2-A925-4892-AB52-0EEF1A3AED4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB25104C-BF11-4B6A-A7E3-761142401FCD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\theun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-04 18:47 - 2010-05-04 18:47 - 00137216 _____ () C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
2015-12-01 18:27 - 2013-05-15 15:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 15:52 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-30 15:52 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-30 15:52 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 11:05 - 2016-09-23 11:05 - 01864384 _____ () C:\Users\theun\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-08 02:56 - 2016-10-30 16:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-23 11:22 - 2016-09-23 11:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 21:32 - 2016-11-02 10:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 21:29 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 21:29 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 21:29 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 21:29 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 21:29 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 21:29 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-17 15:18 - 2016-11-17 15:21 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 15:18 - 2016-11-17 15:21 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 15:18 - 2016-11-17 15:21 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-11-17 15:06 - 2016-11-17 15:06 - 03766272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-11-27 23:03 - 2016-11-27 23:03 - 00468480 _____ () C:\Users\theun\Downloads\CKScanner (1).exe
2016-08-12 02:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-12 02:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-12 02:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-12 02:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-03-08 01:10 - 2011-12-16 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-09-08 02:56 - 2016-10-30 14:18 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-09-23 11:04 - 2016-09-23 11:05 - 01383616 _____ () C:\Users\theun\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-23 11:05 - 2016-09-23 11:05 - 00118976 _____ () C:\Users\theun\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-03-08 01:24 - 2012-07-12 12:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-02-11 23:54 - 2016-04-07 14:33 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-11-15 01:09 - 2016-11-08 20:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 01:09 - 2016-11-08 20:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\CN3143B19N05VV:NW [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> 2005 Web Search Tips ľ Search Engine Optimization Insights
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-Domains-Registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> Life Through Words - Living Life to the Fullest
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> 123 Haustiere Und Mehr
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123Movies Stream Movies Online - Watch Free Movies
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> WebMD - Better information. Better health.

There are 7916 more sites.

IE trusted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\sharepoint.com -> hxxps://unlockingservices-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\1-2005-search.com -> 2005 Web Search Tips ľ Search Engine Optimization Insights
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\1-domains-registrations.com -> 1-Domains-Registrations.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\1000gratisproben.com -> 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\1001namen.com -> Life Through Words - Living Life to the Fullest
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\100sexlinks.com -> 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\123haustiereundmehr.com -> 123 Haustiere Und Mehr
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\123moviedownload.com -> 123Movies Stream Movies Online - Watch Free Movies
IE restricted site: HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\...\123simsen.com -> WebMD - Better information. Better health.

There are 7916 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2016-11-26 01:06 - 00453485 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
127.0.0.1 1001namen.com
127.0.0.1 Life Through Words - Living Life to the Fullest
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 2005 Web Search Tips ľ Search Engine Optimization Insights
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123 Haustiere Und Mehr
127.0.0.1 123moviedownload.com
127.0.0.1 123Movies Stream Movies Online - Watch Free Movies

There are 15559 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2998682740-2014816626-3770708905-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\Windows\pss\ZooskMessenger.lnk.Startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B66A2FAC-9284-49BD-86D8-9241CD7ACB01}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AE217036-F028-44EF-BCFA-52EE263A3CFE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{791D6DDD-88D7-42FF-BB19-DCB7BD1B9267}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3BA1025F-7E4D-49EC-A35D-160CFEA62469}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0D66280A-5DDB-4B01-BB9E-B4BB781BF73B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{04B8DDCE-CDFA-4307-BCD4-E74446612488}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BC68E56A-374A-46DB-93CE-69C200398FD1}] => (Allow) LPort=2869
FirewallRules: [{BB571E1E-DE73-41EC-A55A-B5607DCB4B2C}] => (Allow) LPort=1900
FirewallRules: [{8C5D4ED5-DD06-4F75-9209-00342D7C80DB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{41D2975E-A216-4A35-A53E-A49853077D6F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{5C9A2A18-6069-44E3-B2C1-95AE1E71308B}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{A618B650-8EFD-44E3-B35B-C68FBD4E2C52}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{91E772AD-3137-4DA5-BF59-A5F04DCB25B5}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{1D999098-43E0-4EA9-921D-8E2ADCCBBDB1}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{13B0147F-8C64-4090-B953-D4A2882700DA}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{42102B93-418A-496D-B9B7-746753583F39}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{22EB5408-DAC6-4B50-B5B9-D57656A37958}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{544D3AEF-DF6F-46BF-BC44-C83274EC9157}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{789BBD70-38B3-4D13-86DE-C49468266C3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{133DD1B0-5EF3-4842-B960-EBD273BECB6F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CFDB6EF5-3C31-45F7-8687-CE953B8FBC53}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FA7C6116-213C-43DE-A25B-9BBD52551A3F}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
FirewallRules: [{B11E9322-FB59-4A7C-8E70-39799696FACD}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
FirewallRules: [{DB583D4F-526C-44CE-9A73-2189BD8BBE3B}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
FirewallRules: [{216F36D8-C3E1-4467-BB12-CD1149C80CC3}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
FirewallRules: [{0951FEE1-5322-4B17-864B-D2D6C67D0515}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{23A80C02-988C-456F-9584-F496610B1C17}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{3B8CF8FF-239F-4CE0-BFB6-DB4386DC859D}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{8FDD6073-510D-4311-A0A8-139F550D1007}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{ECB72015-6D50-4A63-8F40-CB4D56F3CB06}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{2C855462-353D-4319-95D4-B7269D501EE9}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9B89D941-D144-412B-993A-7797937EBB13}] => (Allow) C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{EE881BE3-F761-459C-BB47-B10FC19CFCFD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D801CD5A-46E8-4047-A031-D53BF6A19131}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A46195C-552A-4491-995C-CF04386E9C6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{43F57B67-6A37-45EA-95EB-AF200DD1ABC9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5C7D2AA1-AAE3-41F7-B7BE-B30A5A3A1DD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B4ADED5-CE4D-40F9-B2FC-D5F7417C4067}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7754CBD4-7644-4FA8-B34B-1BB6EA629369}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC266A0D-9DFF-4E6E-9DAE-ABE433AF0468}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E61D3309-7A1B-4F99-A29A-4AC063516C6D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{658F3D3C-4411-47FE-946D-9FAD2454EC7D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{29CFF702-3A93-402F-80A4-86A7F3B53E78}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{1EFAAF66-BA72-47B0-81E6-BCBF706EC987}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{B3157F1C-40D9-4477-BCD4-21BC4B743E10}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{82F74EDA-B885-406E-AC48-4FB5BF44FB76}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2F71D93F-6D77-41BE-8B37-84DE6E9448A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7CD3FCC0-348F-43B5-AD12-8481713D03A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BB7282E5-39F9-4A23-9412-4AC7958BAE30}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F270E44C-7EFA-4AF3-9C6F-42F178674B64}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E3764942-4994-4C76-8B8F-9D7399093157}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{9DF4735A-3A2C-40C5-88FD-5FBEB2F56805}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

17-11-2016 01:44:34 Windows Update
20-11-2016 03:04:18 Windows Update
23-11-2016 15:24:40 Windows Update
26-11-2016 04:09:37 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2016 04:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15531

Error: (11/27/2016 04:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15531

Error: (11/27/2016 04:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/27/2016 04:26:54 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.


System errors:
=============
Error: (11/27/2016 02:43:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/27/2016 02:02:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.

Error: (11/27/2016 02:02:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Hewlett-Packard - Imaging, Other hardware - Null Print - HP Photosmart 7520 series.

Error: (11/26/2016 03:12:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2016 12:58:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.

Error: (11/26/2016 12:58:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Hewlett-Packard - Imaging, Other hardware - Null Print - HP Photosmart 7520 series.

Error: (11/26/2016 12:53:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2016 12:52:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/26/2016 12:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (11/26/2016 12:52:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPSupportSolutionsFrameworkService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2016-11-27 23:08:15.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:08:15.702
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:07:53.643
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:07:53.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:03:55.782
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:03:55.767
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:00:18.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 23:00:18.859
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 15:30:21.376
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 15:30:21.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470S CPU @ 2.90GHz
Percentage of memory in use: 87%
Total physical RAM: 3917.78 MB
Available physical RAM: 503.49 MB
Total Virtual: 8128.34 MB
Available Virtual: 2201.15 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:444.62 GB) (Free:245.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Removable) (Total:14.57 GB) (Free:14.57 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:19.53 GB) (Free:9.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7B4835A2)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 02D1CC61)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End of Addition.txt ============================
fastrack23 is offline  
Old 11-27-2016, 07:42 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,112
OS: XP/Win7/Win10



Hello fastrack23.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

http://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {042E1470-DFE2-4A94-88EC-8B5F587B8045} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {33963B6B-1BDA-49C7-AA52-A4B46059E834} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {37E21FAC-6734-40D0-8F04-797B6CD03F40} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {4D3DA4F8-0489-4755-8552-33B979660F17} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {8FD9563B-62D2-48A7-882B-B3E50DFCB822} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {CAEEC9BD-7D86-4EBD-BBE5-03CB514E98F0} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
    Task: {D01F21F7-9CD5-4C5C-8EC4-1BA7F863C5A8} - \Lenovo\SimpleTap\Start SimpleTap for David-Office.David -> No File <==== ATTENTION
    Task: {DE6A3AF9-05C3-46BF-8646-7CFADBE22539} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {E97DF978-9666-4F56-8E36-DB692C55953D} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    AlternateDataStreams: C:\WINDOWS\SysWOW64\CN3143B19N05VV:NW [0]
    C:\Program Files (x86)\AVG\AVG PC TuneUp
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
    FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [No File]
    U3 idsvc; no ImagePath
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-28-2016, 08:25 AM   #8
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



I have not noticed any pop ups since this was done I am not 100% but it seems to have removed the issue:

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by theun (28-11-2016 04:45:16) Run:1
Running from C:\Users\theun\Desktop\Adware
Loaded Profiles: theun (Available Profiles: David & theun & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {042E1470-DFE2-4A94-88EC-8B5F587B8045} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {33963B6B-1BDA-49C7-AA52-A4B46059E834} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {37E21FAC-6734-40D0-8F04-797B6CD03F40} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4D3DA4F8-0489-4755-8552-33B979660F17} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8FD9563B-62D2-48A7-882B-B3E50DFCB822} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {CAEEC9BD-7D86-4EBD-BBE5-03CB514E98F0} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {D01F21F7-9CD5-4C5C-8EC4-1BA7F863C5A8} - \Lenovo\SimpleTap\Start SimpleTap for David-Office.David -> No File <==== ATTENTION
Task: {DE6A3AF9-05C3-46BF-8646-7CFADBE22539} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E97DF978-9666-4F56-8E36-DB692C55953D} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
AlternateDataStreams: C:\WINDOWS\SysWOW64\CN3143B19N05VV:NW [0]
C:\Program Files (x86)\AVG\AVG PC TuneUp
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [No File]
U3 idsvc; no ImagePath
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{042E1470-DFE2-4A94-88EC-8B5F587B8045}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{042E1470-DFE2-4A94-88EC-8B5F587B8045}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33963B6B-1BDA-49C7-AA52-A4B46059E834}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33963B6B-1BDA-49C7-AA52-A4B46059E834}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37E21FAC-6734-40D0-8F04-797B6CD03F40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E21FAC-6734-40D0-8F04-797B6CD03F40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D3DA4F8-0489-4755-8552-33B979660F17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3DA4F8-0489-4755-8552-33B979660F17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FD9563B-62D2-48A7-882B-B3E50DFCB822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FD9563B-62D2-48A7-882B-B3E50DFCB822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CAEEC9BD-7D86-4EBD-BBE5-03CB514E98F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAEEC9BD-7D86-4EBD-BBE5-03CB514E98F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D01F21F7-9CD5-4C5C-8EC4-1BA7F863C5A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D01F21F7-9CD5-4C5C-8EC4-1BA7F863C5A8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\SimpleTap\Start SimpleTap for David-Office.David => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE6A3AF9-05C3-46BF-8646-7CFADBE22539}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE6A3AF9-05C3-46BF-8646-7CFADBE22539}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E97DF978-9666-4F56-8E36-DB692C55953D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E97DF978-9666-4F56-8E36-DB692C55953D}" => key removed successfully
C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance" => key removed successfully
C:\WINDOWS\SysWOW64\CN3143B19N05VV => ":NW" ADS removed successfully.
C:\Program Files (x86)\AVG\AVG PC TuneUp => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\Web Components" => key removed successfully
idsvc => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 3080935 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47329954 B
Java, Flash, Steam htmlcache => 1995 B
Windows/system/drivers => 1074951 B
Edge => 111856880 B
Chrome => 453151970 B
Firefox => 289507171 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 24613210 B
NetworkService => 7092 B
David => 797266 B
theun => 64820637 B
DefaultAppPool => 16674 B

RecycleBin => 63750 B
EmptyTemp: => 950.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:51:07 ====
fastrack23 is offline  
Old 11-28-2016, 08:15 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,112
OS: XP/Win7/Win10



Hello again, fastrack23. Glad to hear it.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I see you have P2P software ( Tixati ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-08-2016, 06:18 PM   #10
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



Sorry for the long while in contacting you I thought everything was fine but it is not. The pop ups no longer happen but I am having freezing issues over the whole PC mainly when online in browsers I believe it is triggered in Firefox but also happens in Chrome. I have to frequently re-open a new browser in Chrome after freezing and after a while get an option to kill the tab but not always. It could be a windows 10 issue but seems to be happening a lot. In Firefox I am also getting message saying something is slowing browser down and its froze then option to stop it which I select and seems to be okay for a little while but not permanently. I removed the programs Cleaner and Tixati as you suggested as do not really need them. Hope you can do something to stop the freezing issues, wish I knew what was causing it or slowing the machine down.

Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.656
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DAVID-OFFICE\theun

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 507696
Time Elapsed: 16 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.SpyHunter, C:\USERS\THEUN\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarantined, [1669], [331753],1.0.656

Physical Sector: 0
(No malicious items detected)


(end)

Below is for ESET Online Scanner:

C:\Users\David\Downloads\TubeDimmerRemovalTool.exe a variant of Win32/SecurityStronghold.A potentially unwanted application,Win32/InstallMonetizer.AU potentially unwanted application
C:\Users\theun\Downloads\adwarecleanerdemo.msi a variant of Win32/Adware.DisableSpyware application
fastrack23 is offline  
Old 12-10-2016, 07:27 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,112
OS: XP/Win7/Win10



Hello again, fastrack23. Unfortunately, it's been so long I need to see fresh logs.

I can't tell from the logs you posted when you ran MBAM and ESET, though they aren't showing anything malicious.

It appears you problems may be beyond malware.

Please run AdwCleaner again and post the AdwCleaner[C#].txt log.

Please run FRST64.exe again and post/attach the FRST.txt/Addition.txt logs as before. Thanks.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-11-2016, 02:06 PM   #12
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



Please find AdwCleaner below and attached is other file. I am not sure what the issue is Chrome browsers keep freezing and similar issues in Firefox. I am wondering if it is Windows 10 issue which will be disappointing if it is unless there is solution.

# AdwCleaner v6.040 - Logfile created 11/12/2016 at 14:30:54
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-11.2 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : theun - DAVID-OFFICE
# Running from : C:\Users\theun\Downloads\adwcleaner_6.040.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}


***** [ Web browsers ] *****

[-] [C:\Users\theun\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: uk.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11674 Bytes] - [25/11/2016 03:42:44]
C:\AdwCleaner\AdwCleaner[C2].txt - [2029 Bytes] - [26/11/2016 00:50:27]
C:\AdwCleaner\AdwCleaner[C3].txt - [1136 Bytes] - [11/12/2016 14:30:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [10711 Bytes] - [25/11/2016 03:35:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [2125 Bytes] - [26/11/2016 00:47:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [1444 Bytes] - [26/11/2016 00:59:46]
C:\AdwCleaner\AdwCleaner[S3].txt - [1646 Bytes] - [11/12/2016 14:30:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1502 Bytes] ##########
Attached Files
File Type: txt FRST.txt (75.0 KB, 3 views)
File Type: txt Addition.txt (53.1 KB, 3 views)
fastrack23 is offline  
Old 12-12-2016, 02:30 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,112
OS: XP/Win7/Win10



Hello again, fastrack23. Unfortunately, I see no sign of infection in your logs.

See if this helps:

https://www.techwalla.com/articles/h...oogle-websites

https://support.mozilla.org/en-US/kb...ponsive-script

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-24-2016, 09:52 AM   #14
Registered Member
 
Join Date: Nov 2016
Posts: 11
OS: Windows 10



After one of the big windows updates last week the freezing issues seemed to have stopped. I am guessing that fixed that issue as well as you resolved the previous issues. Thank you and Merry Christmas.
fastrack23 is offline  
Old 12-24-2016, 09:41 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,112
OS: XP/Win7/Win10



Hello again, fastrack23. Glad to hear it. You're very welcome, and Merry Christmas.

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /a/f/q "C:\Users\David\Downloads\TubeDimmerRemovalTool.exe"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c del /a/f/q "C:\Users\theun\Downloads\adwarecleanerdemo.msi"

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

http://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-08-2017, 03:32 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,112
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
POP UP AD PROBLEM FIREFOX CHROME AND EDGE PROBABLY
I have a problem with pop up ads where when a pop up sometimes occurs it redirects to unwanted ads not where it supposed to pop up to. I know this came from a free download I did and even though I realized fairly quickly what it was it got on my system and infected it. It has installed something...
fastrack23 Windows 10 Support 2 11-26-2016 07:52 PM
Possible Virus?....
Hello, I originally went to download a program called iExplorer (load music to Iphone without ITunes) and afterwards whenever I opened Firefox, the screen that I attached appears (and not my home page). I hope that you're able to help me fix this :smile: Below is the DDS.txt file...and...
hbkvcu Resolved HJT Threads 20 09-26-2016 11:41 AM
MicrosoftÔÇÖs Edge browser more secure than Firefox
Security analyst: Microsoft's Edge browser more secure than Firefox - Myce.com
JMH3143 Computer Security News 2 08-01-2015 12:55 AM
Mozilla bakes Facebook features into Firefox 17
Mozilla Tuesday released Firefox 17, which debuts technology that lets developers integrate social networks -- for now, Facebook -- with the browser. The company also patched 29 security vulnerabilities, two-thirds of them marked "critical," Mozilla's highest threat ranking. The main thrust...
Glaswegian Computer Security News 1 11-25-2012 07:49 PM
PC Safety and Security - What Do I Need?
Version Control - v2.6 - dated October 2016 - general updates, review of links and removal of obsolete references Version Control - v2.5 - dated March 2014 ľ general updates, links and additions for Windows 8 Version Control - v2.4 - dated February 2013 - fixed free AV review link Version...
Glaswegian General Computer Security 0 11-02-2010 03:51 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 07:37 AM.


vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Copyright 2001 - 2015, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts

 

Partially Powered By Products Found At Lampwrights.com